KEDA - 1 CVEs (Page 1/1)

About “KEDA”

A curated feed of “KEDA”-related CVEs appears below. We currently track 1 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 8.2 (all time; 8.2 over 365d), and 100% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a MODERATE impact class. Container and Kubernetes fixes usually require image rebuilds and control plane or node upgrades. Prioritize exposed surfaces, restart workloads on patched bases, and tighten RBAC and NetworkPolicies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: keda

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
2.19	2026-02-02	2.19.0	-
2.18	2025-10-08	2.18.3	-
2.17	2025-04-07	2.17.3	2026-02-02 Expired
2.16	2024-11-07	2.16.1	2025-10-08 Expired
2.15	2024-08-01	2.15.1	2025-04-07 Expired
2.14	2024-04-25	2.14.1	2024-11-07 Expired
2.13	2024-01-18	2.13.1	2024-08-01 Expired
2.12	2023-09-28	2.12.1	2024-04-25 Expired
2.11	2023-06-22	2.11.2	2024-01-18 Expired
2.10	2023-03-09	2.10.1	2023-09-28 Expired
2.9	2022-12-09	2.9.3	2023-06-22 Expired
2.8	2022-08-10	2.8.2	2023-03-09 Expired
2.7	2022-05-05	2.7.1	2022-12-09 Expired
2.6	2022-01-31	2.6.1	2022-08-10 Expired
2.5	2021-11-25	2.5.0	2022-05-05 Expired
2.4	2021-08-06	2.4.0	2022-01-31 Expired
2.3	2021-05-27	2.3.0	2021-11-25 Expired
2.2	2021-03-18	2.2.0	2021-08-06 Expired
2.1	2021-01-27	2.1.0	2021-05-27 Expired
2.0	2020-11-04	2.0.0	2021-03-18 Expired
1.5	2020-07-07	1.5.0	- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “KEDA” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-12-22

High

CVE-2025-68476

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA re…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD