SUSE CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

RHCOS 4 : OpenShift Container Platform 4.2.22 skopeo (RHSA-2020:0689)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0689 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Note that Nessus has not tested for this issue...

GHSA-5F53-522J-J454 Flowise Missing Authentication on NVIDIA NIM Endpoints

Missing Authentication on NVIDIA NIM Endpoints Summary The NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Vulnerability Details | Field | Value |...

GO-2026-4392 malcontent OCI image pull credential exfiltration via malicious registry token realm in github.com/chainguard-dev/malcontent

malcontent OCI image pull credential exfiltration via malicious registry token realm in github.com/chainguard-dev/malcontent...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the OCI image pull process. An attacker can obtain sensitive authentication credentials by crafting a malicious registry that returns a WWW-Authenticate header redirecting token authentication to...

MiracleLinux 7 : buildah-1.11.6-8.el7 (AXSA:2020-4680:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4680:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : skopeo-0.1.40-7.0.1.el7.AXS7 (AXSA:2020-072:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-072:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly fr...

EUVD-2024-41257

Malicious code in bioql PyPI...

EUVD-2025-15953

Malicious code in bioql PyPI...

EUVD-2023-1010

Malicious code in bioql PyPI...

Containerd 2.1.x < 2.1.1 TOCTOU

The version of Containerd on the remote host is 2.1.x prior to 2.1.1. It is, therefore, affected by a vulnerability. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could...

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

containerd allows host filesystem access on pull

Impact A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 T...

GHSA-CM76-QM8V-3J95 containerd allows host filesystem access on pull

Impact A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 T...

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

CVE-2025-47290 Containerd vulnerable to host filesystem access during image unpack

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

PT-2025-22285 · Unknown +1 · Kubernetes Containerd

Name of the Vulnerable Software and Affected Versions: containerd version 2.1.0 Description: A time-of-check to time-of-use TOCTOU vulnerability was found in containerd. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system...

PT-2025-19956 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay where an organization acting as a proxy cache grants "Admin" permissions on a newly created repository when a user or robot pulls an image that hasn't been mirrored ye...