Github.com/moby/moby

This hub aggregates every CVE we track for Github.com/moby/moby, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Github.com/moby/moby.

• CVE-2024-36623moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application ...8.1Nov 29, 2024
• CVE-2024-36621moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resu...6.5Nov 29, 2024
• CVE-2024-36620moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.6.5Nov 29, 2024
• CVE-2024-24557Moby classic builder cache poisoning6.9Feb 1, 2024
• CVE-2022-24769Default inheritable capabilities for linux container should be empty5.9Mar 24, 2022
• CVE-2021-41091Insufficiently restricted permissions on data directory in Docker Engine6.3Oct 4, 2021
• CVE-2021-21284privilege escalation in Moby6.8Feb 2, 2021
• CVE-2021-21285Docker daemon crash during image pull of malicious image6.5Feb 2, 2021
• CVE-2020-27534util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil...5.3Dec 30, 2020
• CVE-2017-16539The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels...5.9Nov 4, 2017