Red hat quay 3

This hub aggregates every CVE we track for Red hat quay 3, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat quay 3.

• CVE-2026-11569Quay: quay: stored xss via filedrop svg upload5.4Jun 8, 2026
• CVE-2026-10517Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance5.8Jun 1, 2026
• CVE-2026-10078Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring2.7May 29, 2026
• CVE-2026-10052Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints4.1May 29, 2026
• CVE-2026-6848Quay: red hat quay: authentication bypass allows privileged actions without valid credentials5.4Apr 22, 2026
• CVE-2026-32591Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration5.2Apr 8, 2026
• CVE-2026-2376Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface4.9Mar 12, 2026
• CVE-2025-4374Quay: incorrect privilege assignment6.5May 6, 2025
• CVE-2024-11831Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript5.4Feb 10, 2025
• CVE-2024-9683Quay: quay allows successful authentication with trucated version of the password4.8Oct 17, 2024
• CVE-2024-9676Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)6.5Oct 15, 2024
• CVE-2024-9675Buildah: buildah allows arbitrary directory mount7.8Oct 9, 2024
• CVE-2024-5891Quay: unauthorized user may authenticate via oauth application token4.2Jun 12, 2024
• CVE-2024-3727Containers/image: digest type does not guarantee valid type8.3May 9, 2024
• CVE-2023-4956Quay: clickjacking on config-editor page severity6.5Nov 7, 2023