kubernetes · rexagod · Aug 28, 2025 · rexagod · Aug 28, 2025 · mrueg
diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md
@@ -0,0 +1,32 @@
+---
+name: CVE report
+about: Report a CVE detected in kube-state-metrics main branch
+title: ''
+labels: kind/cve
+assignees: ''
+
+---
+
+<!-- Please use this template while reporting a CVE and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!
+
+If the matter is proven to be security related, please disclose it privately see https://github.com/kubernetes/kube-state-metrics/blob/main/SECURITY.md
+
+NOTE: Only the CVEs that are in the Golang vulnerability database and actively affect code paths in KSM will be considered.
+-->
+
+<!-- `govulncheck` data should include the command ran and should clearly mention the CVE in question in the logs -->
+
-
+[ ] I am aware that output from other scanners is high likely a false positive and the issue will be marked as spam. 
+[ ] I have verified that govulncheck reports the vulnerability in the latest main
-
+[ ] I am aware that output from other scanners is high likely a false positive and the issue will be marked as spam. 
+[ ] I have verified that govulncheck reports the vulnerability in the latest main
+### `govulncheck` output
+
+```console
+
+```
+
+### Anything else we need to know?
+
+### Environment
+
+* kube-state-metrics version:
+* Kubernetes version (use `kubectl version`):
+* Cloud provider or hardware configuration:
+* Other info: