Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chainguard-dev — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting chainguard-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Chainguard-dev focuses on container security and software supply chain integrity, providing tools to detect and mitigate vulnerabilities in container images and dependencies. Historically, it has addressed common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and insecure deserialization. The platform emphasizes automated vulnerability scanning, SBOM generation, and policy enforcement to reduce exposure. While no major public security incidents have been reported, the 16 CVEs on record highlight ongoing challenges in maintaining secure container environments, particularly in dependency management and image hardening. Its approach prioritizes proactive security measures to address vulnerabilities before deployment.

Top products by chainguard-dev: apko melange malcontent
CVE IDTitleCVSSSeverityPublished
CVE-2026-42576 apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery — apkoCWE-704 6.5 Medium2026-05-09
CVE-2026-42575 apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) — apkoCWE-345 7.5 High2026-05-09
CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root — apkoCWE-22 7.5 High2026-05-09
CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results — melangeCWE-22 4.4 Medium2026-04-24
CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses — melangeCWE-22 6.1 Medium2026-04-23
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI — melangeCWE-400 4.3 Medium2026-03-06
CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs — malcontentCWE-703 8.2 -2026-02-27
CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace — melangeCWE-22 5.5 Medium2026-02-04
CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline — melangeCWE-78 7.8 High2026-02-04
CVE-2026-24844 melange pipeline working-directory could allow command injection — melangeCWE-78 7.8 High2026-02-04
CVE-2026-24843 melange QEMU runner could write files outside workspace directory — melangeCWE-22 8.2 High2026-02-04
CVE-2026-25140 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams — apkoCWE-400 7.5 High2026-02-04
CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base — apkoCWE-23 7.5 High2026-02-04
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams — apkoCWE-400 5.5 Medium2026-02-04
CVE-2026-24846 malcontent's archive extraction could write outside extraction directory — malcontentCWE-22 5.5 Medium2026-01-29
CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials — malcontentCWE-522 6.5 Medium2026-01-29
CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions — melangeCWE-276 4.4 Medium2025-07-18
CVE-2025-53945 apko has incorrect permission (0666) in /etc/ld.so.cache and other files — apkoCWE-276 7.0 High2025-07-18
CVE-2024-36127 apko Exposure of HTTP basic auth credentials in log output — apkoCWE-522 7.5 High2024-06-03

This page lists every published CVE security advisory associated with chainguard-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.