Docker

This hub aggregates every CVE we track for Docker, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Docker.

• CVE-2024-41110Moby authz zero length regression9.9Jul 24, 2024
• CVE-2023-0629Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers7.1Mar 13, 2023
• CVE-2023-0628Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL6.1Mar 13, 2023
• CVE-2022-25365Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.7.8Feb 19, 2022
• CVE-2021-41089`docker cp` allows unexpected chmod of host files2.8Oct 4, 2021
• CVE-2021-41091Insufficiently restricted permissions on data directory in Docker Engine6.3Oct 4, 2021
• CVE-2021-41092Docker CLI leaks private registry credentials to registry-1.docker.io5.4Oct 4, 2021
• CVE-2021-33183Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read ...7.9Jun 1, 2021
• CVE-2021-21284privilege escalation in Moby6.8Feb 2, 2021
• CVE-2021-21285Docker daemon crash during image pull of malicious image6.5Feb 2, 2021
• CVE-2021-3162Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.7.8Jan 15, 2021
• CVE-2020-27534util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil...5.3Dec 30, 2020
• CVE-2020-14300The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incor...8.8Jul 13, 2020
• CVE-2020-14298The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fix...8.8Jul 13, 2020
• CVE-2020-13401An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hos...6.0Jun 2, 2020