podman project

Top products

The 15 most recently published vulnerabilities affecting podman project.

• CVE-2026-33414PowerShell Command Injection in Podman HyperV Machine7.8Apr 14, 2026
• CVE-2024-3056Podman: kernel: containers in shared ipc namespace are vulnerable to denial of service attack7.7Aug 2, 2024
• CVE-2023-0778A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for acc...6.8Mar 27, 2023
• CVE-2022-4123A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.3.3Dec 8, 2022
• CVE-2022-4122A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.5.3Dec 8, 2022
• CVE-2022-2989An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to...7.1Sep 13, 2022
• CVE-2022-2739The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously ...5.3Sep 1, 2022
• CVE-2022-2738The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously f...7.5Sep 1, 2022
• CVE-2019-25067Podman/Varlink API Privilege Escalation6.3Jun 9, 2022
• CVE-2022-1227A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerabili...8.8Apr 29, 2022
• CVE-2022-27649A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectl...7.5Apr 4, 2022
• CVE-2021-4024A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy`...6.5Dec 23, 2021
• CVE-2021-20188A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the...7.0Feb 11, 2021
• CVE-2021-20199Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01)...5.9Feb 2, 2021
• CVE-2020-14370An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are ...5.3Sep 23, 2020