Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Docker — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting Docker. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Docker provides containerization software that enables developers to package applications and their dependencies into standardized units for consistent deployment across computing environments. Historically, vulnerabilities within the Docker ecosystem have frequently involved privilege escalation, allowing attackers to escape container isolation and gain root access on the host system. Other common flaw classes include remote code execution (RCE) and improper access controls within the daemon interface. With twenty-four CVEs currently on record, the platform has faced scrutiny regarding its default security configurations and the potential for lateral movement if a container is compromised. Notable incidents often stem from misconfigurations rather than inherent architectural failures, emphasizing the critical need for strict least-privilege principles and regular patching of the underlying engine to mitigate risks associated with shared kernel resources and exposed API endpoints.

Found 14 results / 24Clear Filters
Top products by Docker: Docker Desktop Docker Engine model-runner docker-credential-helpers cli buildx compose mcp-gateway Docker CLI
CVE IDTitleCVSSSeverityPublished
CVE-2026-2664 Out of bounds read vulnerability in grpcfuse kernel module — Docker DesktopCWE-125 7.1AIHighAI2026-02-24
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs — Docker DesktopCWE-532 7.5AIHighAI2025-12-09
CVE-2025-9164 Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows — Docker DesktopCWE-427 7.8AIHighAI2025-10-27
CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions — Docker DesktopCWE-269 7.2 -2025-09-26
CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers — Docker DesktopCWE-668 8.1AIHighAI2025-08-20
CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs — Docker DesktopCWE-532 6.5AIMediumAI2025-07-03
CVE-2025-3911 Exposure in Docker Desktop logs of environment variables configured for running containers — Docker DesktopCWE-532 5.5AIMediumAI2025-04-29
CVE-2025-4095 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile — Docker DesktopCWE-862 6.1AIMediumAI2025-04-29
CVE-2025-3224 Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion — Docker DesktopCWE-269 7.8AIHighAI2025-04-28
CVE-2025-1696 Exposure of Proxy Credentials in Docker Desktop Logs — Docker DesktopCWE-532 4.3 -2025-03-06
CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view — Docker DesktopCWE-20 9.8AICriticalAI2024-10-16
CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. — Docker DesktopCWE-79 8.8AIHighAI2024-09-12
CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. — Docker DesktopCWE-79 9.8AICriticalAI2024-09-12
CVE-2023-1802 In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed — Docker DesktopCWE-319 5.9 Medium2023-04-06

This page lists every published CVE security advisory associated with Docker. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.