Github.com/containers/buildah

This hub aggregates every CVE we track for Github.com/containers/buildah, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting Github.com/containers/buildah.

• CVE-2024-11218Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile8.6Jan 22, 2025
• CVE-2024-9675Buildah: buildah allows arbitrary directory mount7.8Oct 9, 2024
• CVE-2024-9407Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction4.7Oct 1, 2024
• CVE-2022-2990An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access t...7.1Sep 13, 2022
• CVE-2022-27651A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-...6.8Apr 4, 2022
• CVE-2021-3602An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment var...5.5Mar 3, 2022
• CVE-2020-10696A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then wri...8.8Mar 31, 2020