Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/04 9:27 p.m.5 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol in the getPackageImpl process. An attacker can introduce unauthorized packages into built images by substituting download responses from a compromised mirror, HTTP repository, or poisoned CDN...

8.7CVSS5.8AI score0.00159EPSS
Exploits0References3
Snyk
Snykadded 2026/05/04 9:26 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through the DirFS process. An attacker can gain unauthorized access to files outside the intended build root by crafting a malicious archive containing a symlink entry that points outside the build root, followed by...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References3
OSV
OSVadded 2026/02/05 3:20 a.m.2 views

GO-2026-4405 apko has a path traversal in apko dirFS which allows filesystem writes outside base in chainguard.dev/apko

apko has a path traversal in apko dirFS which allows filesystem writes outside base in chainguard.dev/apko...

7.5CVSS5.2AI score0.00369EPSS
Exploits0References3
Snyk
Snykadded 2026/02/04 12:7 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

7.5CVSS5.6AI score0.00366EPSS
Exploits0References2
Snyk
Snykadded 2026/02/03 11:58 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Snyk
Snykadded 2025/07/18 4:42 p.m.1 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...

7.1CVSS7.1AI score0.00113EPSS
Exploits0References2
Circl
Circladded 2024/06/03 1:18 p.m.3 views

CVE-2024-36127

creationtimestamp| type| source ---|---|--- 2024-06-03 13:18:53+00:00| published-proof-of-concept| https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp...

7.5CVSS7.1AI score0.00441EPSS
Exploits0References1
Rows per page
Query Builder