Only the latest patch version of each supported release line and the
respective next release candidate (RC) versions are scanned. Older patch
versions and no longer supported (EOL) versions are not scanned.
The CVE scans are executed daily with internal automation developed by the
K3s team. The CVE scanner used is Trivy with the latest version available.
These pages are updated and regenerated daily.
Our scans use SUSE Rancher's
VEX Hub reports to remove known false-positives. Please consult the README for more information on how to use the
reports.
Only critical and high severity CVEs are displayed (internally we track all
severities).
If you want to report an issue with these pages, please open an issue.