Red hat quay

This hub aggregates every CVE we track for Red hat quay, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat quay.

• CVE-2026-40192Pillow is vulnerable to a FITS GZIP decompression bomb7.5Apr 15, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2Apr 8, 2026
• CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template6.1Apr 8, 2026
• CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5Mar 27, 2026
• CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root8.4Mar 27, 2026
• CVE-2026-25645Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function4.4Mar 25, 2026
• CVE-2026-33056tar-rs: unpack_in can chmod arbitrary directories by following symlinks6.5Mar 20, 2026
• CVE-2026-28490Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle6.5Mar 16, 2026
• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2026-27628pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams7.5Feb 25, 2026
• CVE-2026-25727time affected by a stack exhaustion denial of service attack6.5Feb 6, 2026