nova

PyPI53 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting novapage 2 of 2

CVE-2024-32498MEDIUMCVSS 6.5EG 6.5
2024-07-05
vulnerable: 15.1.5 ... 29.0.2 (115 versions)
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data fi…
CVE-2024-40767MEDIUMCVSS 6.5EG 6.5
2024-07-24
vulnerable: 29.0.0, 29.0.1, 29.0.2, 29.1.0
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user …
CVE-2026-24708HIGHCVSS 8.2EG 8.2
2026-02-18
vulnerable: 15.1.5 ... 30.2.1 (126 versions)
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to …

Check whether nova is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nova CVEs against the assets you own.

Start Free Scan →