Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

containerd — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting containerd. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Containerd serves as an industry-standard container runtime for managing container lifecycle, widely adopted in Kubernetes environments. Historically, vulnerabilities have included remote code execution, privilege escalation, and denial-of-service flaws, often stemming from improper input validation or insecure default configurations. The project maintains a security-first approach with regular audits and a vulnerability disclosure program. While no major incidents have been widely reported, the 17 documented CVEs highlight potential risks in areas like image handling and runtime process isolation. Organizations should implement strict access controls and keep components updated to mitigate risks, as containerd's position in critical infrastructure makes it a potential target for attacks seeking to compromise containerized environments.

Top products by containerd: containerd imgcrypt
CVE IDTitleCVSSSeverityPublished
CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak — containerdCWE-401 7.7 -2025-11-07
CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory — containerdCWE-279 7.3 High2025-11-06
CVE-2025-47291 containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. — containerdCWE-266 7.7AIHighAI2025-05-21
CVE-2025-47290 Containerd vulnerable to host filesystem access during image unpack — containerdCWE-367 6.3AIMediumAI2025-05-20
CVE-2024-40635 containerd has an integer overflow in User ID handling — containerdCWE-190 4.6 Medium2025-03-17
CVE-2023-25173 containerd supplementary groups are not set up properly — containerdCWE-863 5.3 Medium2023-02-16
CVE-2023-25153 containerd OCI image importer memory exhaustion — containerdCWE-770 6.2 Medium2023-02-16
CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak — containerdCWE-400 5.7 Medium2022-12-07
CVE-2022-31030 containerd CRI plugin: Host memory exhaustion through ExecSync — containerdCWE-400 5.5 Medium2022-06-06
CVE-2022-24778 Incorrect Authorization in imgcrypt — imgcryptCWE-863 7.5 High2022-03-25
CVE-2022-23648 Insecure handling of image volumes in containerd CRI plugin — containerdCWE-200 7.5 High2022-03-03
CVE-2021-43816 Improper Preservation of Permissions in containerd — containerdCWE-281 8.0 High2022-01-05
CVE-2021-41103 Insufficiently restricted permissions on plugin directories — containerdCWE-22 7.8 -2021-10-04
CVE-2021-32760 Archive package allows chmod of file outside of unpack target directory — containerdCWE-668 5.0 Medium2021-07-19
CVE-2021-21334 environment variable leak — containerdCWE-668 6.3 Medium2021-03-10
CVE-2020-15257 containerd-shim API Exposed to Host Network Containers — containerdCWE-669 5.2 Medium2020-12-01
CVE-2020-15157 containerd can be coerced into leaking credentials during image pull — containerdCWE-522 6.1 Medium2020-10-16

This page lists every published CVE security advisory associated with containerd. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.