CVE-2026-55092

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

CVE-2026-55092

Trivy before 0.71.1 vulnerable to path traversal when downloading OCI artifacts: the org.opencontainers.image.title annotation from the artifact manifest is used as the destination filename without validation, allowing writing layer content to arbitrary locations on the host filesystem. Impact is...

zot 安全漏洞

Zot is an open-source OCI image registry developed by The Zot Project. Versions 1.3.0 to 2.1.14 of Zot contain security vulnerabilities. These vulnerabilities stem from the improper operation inference of the dist-spec authorization middleware when handling PUT /v2/name/manifests/reference...

DEBIAN-CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...