Browse all 19 CVE security advisories affecting chainguard-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Chainguard-dev focuses on container security and software supply chain integrity, providing tools to detect and mitigate vulnerabilities in container images and dependencies. Historically, it has addressed common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and insecure deserialization. The platform emphasizes automated vulnerability scanning, SBOM generation, and policy enforcement to reduce exposure. While no major public security incidents have been reported, the 16 CVEs on record highlight ongoing challenges in maintaining secure container environments, particularly in dependency management and image hardening. Its approach prioritizes proactive security measures to address vulnerabilities before deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28407 | malcontent's nested archive extraction failure can drop content from scan inputs — malcontentCWE-703 | 8.2 | - | 2026-02-27 |
| CVE-2026-24846 | malcontent's archive extraction could write outside extraction directory — malcontentCWE-22 | 5.5 | Medium | 2026-01-29 |
| CVE-2026-24845 | malcontent's OCI image scanning could expose registry credentials — malcontentCWE-522 | 6.5 | Medium | 2026-01-29 |
This page lists every published CVE security advisory associated with chainguard-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.