Browse all 9 CVE security advisories affecting Anchore. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Anchore provides container image security analysis to detect vulnerabilities and compliance issues in container registries. The platform has historically been affected by remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and insecure default configurations. While no major public security incidents have been widely reported, the 9 CVEs on record highlight potential attack surfaces in its scanning engines and policy engines. Anchore's security model emphasizes integration with CI/CD pipelines to catch vulnerabilities early, though its own components require regular patching to maintain security posture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-24579 | Tar path traversal in stereoscope when processing OCI tar archives — stereoscopeCWE-22 | 5.3 | Medium | 2024-01-31 |
This page lists every published CVE security advisory associated with Anchore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.