| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35469 | SpdyStream: DOS on CRI | moby | spdystream | - | - | 2026-04-16 21:19:24 | Deep Dive |
| CVE-2026-33997 | Moby: Off-by-one error in plugin privilege validation | moby | moby | Medium | 6.8 | 2026-03-31 01:36:51 | Deep Dive |
| CVE-2026-34040 | Moby: AuthZ plugin bypass with oversized request body | moby | moby | High | 8.8 | 2026-03-31 01:36:48 | Deep Dive |
| CVE-2026-33748 | BuildKit Git URL subdir component can cause access to restricted files | moby | buildkit | 中危 | - | 2026-03-27 14:00:21 | Deep Dive |
| CVE-2026-33747 | BuildKit vulnerable to malicious frontend causing file escape outside of storage root | moby | buildkit | High | 8.4 | 2026-03-27 00:49:06 | Deep Dive |
| CVE-2025-54410 | Moby's Firewalld reload removes bridge network isolation | moby | moby | Low | 3.3 | 2025-07-30 13:24:51 | Deep Dive |
| CVE-2025-54388 | Moby's Firewalld reload makes published container ports accessible from remote hosts | moby | moby | 中危 | - | 2025-07-30 13:24:07 | Deep Dive |
| CVE-2024-41110 | Moby authz zero length regression | moby | moby | Critical | 9.9 | 2024-07-24 16:49:53 | Deep Dive |
| CVE-2024-32473 | Moby IPv6 enabled on IPv4-only network interfaces | moby | moby | Medium | 4.7 | 2024-04-18 21:55:50 | Deep Dive |
| CVE-2024-29018 | External DNS requests from 'internal' networks could lead to data exfiltration | moby | moby | Medium | 5.9 | 2024-03-20 20:27:00 | Deep Dive |
| CVE-2024-24557 | Moby classic builder cache poisoning | moby | moby | Medium | 6.9 | 2024-02-01 16:26:30 | Deep Dive |
| CVE-2024-23653 | BuildKit interactive containers API does not validate entitlements check | moby | buildkit | Critical | 9.8 | 2024-01-31 22:03:57 | Deep Dive |
| CVE-2024-23652 | BuildKit possible host system access from mount stub cleaner | moby | buildkit | Critical | 10.0 | 2024-01-31 21:57:43 | Deep Dive |
| CVE-2024-23651 | BuildKit possible race condition with accessing subpaths from cache mounts | moby | buildkit | High | 8.7 | 2024-01-31 21:49:18 | Deep Dive |
| CVE-2024-23650 | BuildKit possible panic when incorrect parameters sent from frontend | moby | buildkit | Medium | 5.3 | 2024-01-31 21:42:13 | Deep Dive |
| CVE-2023-28840 | moby/moby's dockerd daemon encrypted overlay network may be unauthenticated | moby | moby | High | 7.5 | 2023-04-04 21:13:03 | Deep Dive |
| CVE-2023-28841 | moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted | moby | moby | Medium | 6.8 | 2023-04-04 21:12:17 | Deep Dive |
| CVE-2023-28842 | moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated | moby | moby | Medium | 6.8 | 2023-04-04 21:07:28 | Deep Dive |
| CVE-2023-26054 | Credentials inlined to Git URLs could end up in provenance attestation in BuildKit | moby | buildkit | Medium | 6.5 | 2023-03-06 18:05:08 | Deep Dive |
| CVE-2021-32847 | Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx | moby | hyperkit | High | 7.1 | 2023-02-20 00:00:00 | Deep Dive |