renovate

9 known vulnerabilities · 0 critical · 0 high

GHSA-5vjq-5jmg-39xq

Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance

Published Apr 16, 2026

GHSA-xjr7-3c3g-m763

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

Published Jan 13, 2026

GHSA-xv56-3wq5-9997

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Published Jan 13, 2026

GHSA-8wc6-vgrq-x6cf

Child processes spawned by Renovate incorrectly have full access to environment variables

Published Feb 13, 2026

GHSA-36j9-mx87-2cff

Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies

Published Jan 13, 2026

GHSA-3f44-xw83-3pmg

Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file

Published Jan 13, 2026

GHSA-fr4j-65pv-gjjj

Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration

Published Jan 13, 2026

GHSA-pfq2-hh62-7m96

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Published Jan 13, 2026

MAL-2026-2830

Malicious code in renovate-config-doctolib (npm)

Published Apr 17, 2026

Check your entire dependency tree at onceRun dependency scan →