--- title: Official CVE Feed linkTitle: CVE feed weight: 25 outputs: - json - html - rss layout: cve-feed --- {{< feature-state for_k8s_version="v1.27" state="beta" >}} This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See [Kubernetes Security and Disclosure Information](/docs/reference/issues-security/security/) for more details. The Kubernetes project publishes a programmatically accessible feed of published security issues in [JSON feed](/docs/reference/issues-security/official-cve-feed/index.json) and [RSS feed](/docs/reference/issues-security/official-cve-feed/feed.xml) formats. You can access it by executing the following commands: {{< tabs name="CVE feeds" >}} {{% tab name="JSON feed" %}} [Link to JSON format](/docs/reference/issues-security/official-cve-feed/index.json) ```shell curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json ``` {{% /tab %}} {{% tab name="RSS feed" %}} [Link to RSS format](/docs/reference/issues-security/official-cve-feed/feed.xml) ```shell curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/feed.xml ``` {{% /tab %}} {{< /tabs >}} {{< cve-feed >}} This feed is auto-refreshing with a noticeable but small lag (minutes to hours) from the time a CVE is announced to the time it is accessible in this feed. The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and restricted label `official-cve-feed`. The raw data is stored in a Google Cloud Bucket which is writable only by a small number of trusted members of the Community.