Podman

This hub aggregates every CVE we track for Podman, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Podman.

• CVE-2026-33414PowerShell Command Injection in Podman HyperV Machine7.8Apr 14, 2026
• CVE-2025-9566Podman: podman kube play command may overwrite host files8.1Sep 5, 2025
• CVE-2025-6032Podman: podman missing tls verification8.3Jun 24, 2025
• CVE-2024-11218Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile8.6Jan 22, 2025
• CVE-2024-9676Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)6.5Oct 15, 2024
• CVE-2024-9407Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction4.7Oct 1, 2024
• CVE-2024-3056Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack7.7Aug 2, 2024
• CVE-2024-1753Buildah: full container escape at build time8.6Mar 18, 2024
• CVE-2023-0778A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for acc...6.8Mar 27, 2023
• CVE-2022-4123A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.3.3Dec 8, 2022
• CVE-2022-4122A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.5.3Dec 8, 2022
• CVE-2022-2989An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to...7.1Sep 13, 2022
• CVE-2022-2739The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously ...5.3Sep 1, 2022
• CVE-2022-2738The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously f...7.5Sep 1, 2022
• CVE-2019-25067Podman/Varlink API Privilege Escalation6.3Jun 9, 2022