Lucene search
+L

4 matches found

osv
osv
added 2026/06/25 4:26 p.m.4 views

CVE-2026-55092 Trivy: Path traversal via a crafted vulnerability database or other downloaded artifacts

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7CVSS6.1AI score0.00292EPSS
Exploits0References3
osv
osv
added 2025/10/30 3:2 p.m.5 views

GO-2025-4077 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose...

8.9CVSS7AI score0.13848EPSS
Exploits0References3
nvd
nvd
added 2023/06/06 7:15 p.m.13 views

CVE-2023-33959

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

8.8CVSS8.5AI score0.00354EPSS
Exploits0References1
cvelist
cvelist
added 2023/06/06 6:15 p.m.42 views

CVE-2023-33959 Verification bypass can cause users into verifying the wrong artifact

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

8.3CVSS8.7AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder