You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Search queries for all Generic-specific package types
Search by file path:
generic_filepath:path/to/file.txt
Search by directory:
generic_directory:path/to
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Generic,
Go,
Helm,
Hex,
HuggingFace,
LuaRocks,
Maven,
MCP,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
VSX,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
Debian
Helm
NuGet
RedHat
eventstore
(Kurrent)
/
kurrent-latest
kurrentdb-operator-catalog
1.6.0
One-liner (summary)
Description
| Status | Completed |
|---|---|
| Checksum (MD5) | a1fdbad5251956296508f1da1e93a55e |
| Checksum (SHA-1) | b0db7e51b198046913a68238fd00cfe6be9356de |
| Checksum (SHA-256) | 2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df |
| Checksum (SHA-512) | ab15fbc6725a1900e94ceae35b6c98b0a6ffd6451a44d95985bd74611265401b4c… |
| GPG Signature | |
| GPG Fingerprint | 02a89004460aa252035d6b7d094442d90ad50bcd |
| Storage Region | Dublin, Ireland |
| Type | Binary (contains binaries and binary artifacts) |
| Uploaded At | 1 week, 5 days ago |
| Uploaded By |
|
| Slug Id | kurrentdb-operator-catalog-89b1 |
| Unique Id | 8Yy5AOmILwnt |
| Version (Raw) | 1.6.0 |
| Version (Parsed) |
|
| Orig Version (Raw) | 2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df |
| Orig Version (Parsed) |
|
| docker-specific metadata | |
| Image Digest | sha256:2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df |
| Config Digest | sha256:31d5e9dd502688e828101ee12006b6fb9664248ad947023e1ff54e595b5e8012 |
| V1 OCI Index Digest | sha256:5fed86d64ba02ac5dd55dbfab466a730a9741cbea06500eabd3959bc38a8c4eb |
| V1 Distribution (Signed) Digest | sha256:f7a4c684f753d3ed690c4f1c89a57ec63f1589eff2291ed682fa666c9db4cef3 |
| V1 OCI Digest | sha256:27ced6e24494341ec1d85b9a83d033418e993d5332f8892de87ff7946759cd71 |
| V2 Distribution List Digest | sha256:d21a7f7a255bb2a007faa158558885672abe9e8dd7c6830b334f7ea7d29f2d2e |
| V1 Distribution Digest | sha256:b61afc79c4edf73ee937cce42730b32f9131b86b440f55cec8a3cbbe8f256067 |
| V2 Distribution Digest | sha256:2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df |
| extended metadata | |
| Manifest Type | V2 Distribution |
| Architecture | amd64 |
| Config | |
| Created | 2026-06-05 17:50:59 UTC |
| Os | linux |
This package was uploaded with the following V2 Distribution manifest:
{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","size":5105,"digest":"sha256:72fca568f3e69950b7bee67d1223664650de1c631be1f04431e8837e4766de6e"},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":89197,"digest":"sha256:c65b8028e68eafa41e54c0e87d1fd216fff09a99abe112ab3eb64c561de1bbf0"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":12963,"digest":"sha256:7750c1a1cd8e356f717610d15552bd8a4af1801b72b5855c9e8494cc07636e77"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":303058,"digest":"sha256:b7478fa057ac0dd1ec9334a9774a20c82d72ccbca4f9be16ec6f7b0727cbf413"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":271166,"digest":"sha256:69b1945d59851d4f7fe090a347f3dc0f70b193ee1ac3b817df22dd46f39f42f0"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":32972,"digest":"sha256:87f7855f95203a0c96dc5ab2833c849c6b50bea79b98901e898c9917a95ec839"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":75,"digest":"sha256:02c91f6b395a6b06d17b8985a2db90aef7b09feedff77eff1f7c269161263a9b"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":197,"digest":"sha256:ffdf8cfdbafeabe2762d2dde33e36f1b87dfa967ae34811ff5342ebe8233eb4b"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":132,"digest":"sha256:818beb2a6ac52d3cfb90a96d84cff5123ade753aac5adc2dd8f43347f6fa74eb"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":168,"digest":"sha256:a0ce62815afcb344f5e245b1fe8026bef515df1fa3446ecc272057ba74be8bed"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":91,"digest":"sha256:83717d7c33ed99f82afbd90b8a13fe29f05c433b7c55c2d7e1f2c2df18dfd5d5"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":361,"digest":"sha256:88d89c9f554ae39742eb60ef19cc0198899514f6c95ebf216d7fc3249973e680"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":318,"digest":"sha256:7f53453a06ce9b3dccd47b64b7573be15e40c8f1307713500732d75e2f52a3dc"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":138229,"digest":"sha256:6c8de33401027c96222ef77668d83e0862b9aad713897474710b9382e598fe5e"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":783824,"digest":"sha256:18ec62a1bfb28f0ccc69d4e721a9c267f1a1a12b5e0bb92db1d6962f0b40634e"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":5315555,"digest":"sha256:6cb2bfb248af8577cd39570d8c6e849aa5b078dd5ea5751200840aa40d4fb757"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":165,"digest":"sha256:f1afcca96299b8a9206c9c5a6f091f0ac3d1edebe1bf2a0ddca6f4883baa2116"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":23990827,"digest":"sha256:15b5db902a9b8349ca21b6f91f95fef476feb324fa612de4fb35230a7ee85df6"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":166927,"digest":"sha256:f6511808353909980bfc3d5a51f3681fb768c983b64bd2626e81fabfe33373ed"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":92962,"digest":"sha256:57f65bbc685f20d14824a6cb34c767ba0bbdd47e4753e44b03d8cf853223a47b"}]}Last scanned
1 week, 5 days ago
Scan result
Vulnerable
Vulnerability count
13
Max. severity
High| Target: | usr/bin/opm | |
| HIGH |
CVE-2026-44973: Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ...Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This results in scenarios where applications relying on go-billy for some level of isolation may inadvertently expose access to unintended filesystem locations. This vulnerability is fixed in 5.9.0.Package Name: github.com/go-git/go-billy/v5 Installed Version: v5.7.0 Fixed Version: 5.9.0 References: github.com github.com github.com github.com |
|
| HIGH |
CVE-2026-45022: go-git is an extensible git implementation library written in pure Go. ...go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally, go-git’s commit signing and verification logic operates over commit data reconstructed from go-git’s parsed representation rather than the original raw object bytes. As a result, go-git may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository. This can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed. This vulnerability is fixed in 5.19.0 and 6.0.0-alpha.3.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.19.0 References: github.com github.com |
|
| HIGH |
CVE-2026-42504: Decoding a maliciously-crafted MIME header containing many invalid enc ...Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.Package Name: stdlib Installed Version: v1.26.3 Fixed Version: 1.25.11, 1.26.4 References: go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev |
|
| MEDIUM |
CVE-2026-44740: Billy is an interface filesystem abstraction for Go. Prior to versions ...Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.Package Name: github.com/go-git/go-billy/v5 Installed Version: v5.7.0 Fixed Version: 5.9.0 References: github.com github.com github.com github.com |
|
| MEDIUM |
CVE-2026-25934: go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index filesgo-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.16.5 References: access.redhat.com github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2026-34165: github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx filego-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.17.1 References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-41506: golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirectsgo-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.18.0 References: access.redhat.com github.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-45571: go-git is an extensible git implementation library written in pure Go. ...go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.19.1 References: github.com github.com |
|
| MEDIUM |
GHSA-w5pp-99ch-qj29: go-git: Malformed Git object data may cause panics or resource exhaustion### Impact Several denial-of-service issues were identified in `go-git` when parsing maliciously crafted Git repository data. An attacker may craft a malicious `.pack`, `.idx` or loose objects that causes an application using an affected version of `go-git` to panic or consume excessive resources. This can lead to denial of service in applications that use `go-git` to clone, fetch, open, or otherwise process untrusted repositories or Git object data. Exploitation requires the ability to alter read-only files such as `.pack` or `.idx` from the local repository's `.git/objects/pack/` directory. Alternatively, the user would need to be interacting with a malicious remote server, which is not recommended and exposes users to a broader class of security risks beyond this issue. ### Patches Users should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-git` version. ### Credits go-git thanks @kodareef5, @AyushParkara and @N0zoM1z0 for reporting this in four separate reports. 🙇Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.19.1 References: github.com github.com |
|
| MEDIUM |
CVE-2026-27145: *x509.Certificate).VerifyHostname previously called matchHostnames in ...(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.Package Name: stdlib Installed Version: v1.26.3 Fixed Version: 1.25.11, 1.26.4 References: go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev |
|
| MEDIUM |
CVE-2026-42507: When returning errors, functions in the net/textproto package would in ...When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.Package Name: stdlib Installed Version: v1.26.3 Fixed Version: 1.25.11, 1.26.4 References: go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev |
|
| LOW |
CVE-2026-33762: github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index filego-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This issue only affects Git index format version 4. Earlier formats (go-git supports only v2 and v3) are not vulnerable to this issue. This issue has been patched in version 5.17.1.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.17.1 References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2026-45570: go-git is an extensible git implementation library written in pure Go. ...go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containing a single quote can therefore break out of the quoted region in the exec command and be appended as additional shell tokens. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.Package Name: github.com/go-git/go-git/v5 Installed Version: v5.16.4 Fixed Version: 5.19.1 References: github.com github.com |
|
Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.
You can embed a badge in another website that shows this or the latest version of this package.
To embed the badge for this specific package version, use the following:
[](https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df/a=amd64;xpo=linux/)|This version of 'kurrentdb-operator-catalog' @ Cloudsmith|
.. |This version of 'kurrentdb-operator-catalog' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-operator-catalog/1.6.0/a=amd64;xpo=linux/?render=true
:target: https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df/a=amd64;xpo=linux/image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-operator-catalog/1.6.0/a=amd64;xpo=linux/?render=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df/a=amd64;xpo=linux/",title="This version of 'kurrentdb-operator-catalog' @ Cloudsmith"]<a href="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/2e319024ff1704e14599db3c0b312b303373a0ccea86ad68b4824658489b05df/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-operator-catalog/1.6.0/a=amd64;xpo=linux/?render=true" alt="This version of 'kurrentdb-operator-catalog' @ Cloudsmith" /></a>rendered as:
To embed the badge for the latest package version, use the following:
[](https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/)|Latest version of 'kurrentdb-operator-catalog' @ Cloudsmith|
.. |Latest version of 'kurrentdb-operator-catalog' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/?render=true&show_latest=true
:target: https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/?render=true&show_latest=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/",title="Latest version of 'kurrentdb-operator-catalog' @ Cloudsmith"]<a href="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-operator-catalog/latest/a=amd64;xpo=linux/?render=true&show_latest=true" alt="Latest version of 'kurrentdb-operator-catalog' @ Cloudsmith" /></a>rendered as:
These instructions assume you have setup the repository first (or read it).
To pull kurrentdb-operator-catalog @ reference/tag 1.6.0:
docker pull docker.eventstore.com/kurrent-latest/kurrentdb-operator-catalog:1.6.0You can also pull the latest version of this image (if it exists):
docker pull docker.eventstore.com/kurrent-latest/kurrentdb-operator-catalog:latestTo refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.eventstore.com/kurrent-latest/kurrentdb-operator-catalog:1.6.0