Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chainguard-dev — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting chainguard-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by chainguard-dev:melangeapkomalcontent
CVE IDTitleCVSSSeverityPublished
CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results — melangeCWE-22 4.4 Medium2026-04-24
CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses — melangeCWE-22 6.1 Medium2026-04-23
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI — melangeCWE-400 4.3 Medium2026-03-06
CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs — malcontentCWE-703 8.2 -2026-02-27
CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace — melangeCWE-22 5.5 Medium2026-02-04
CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline — melangeCWE-78 7.8 High2026-02-04
CVE-2026-24844 melange pipeline working-directory could allow command injection — melangeCWE-78 7.8 High2026-02-04
CVE-2026-24843 melange QEMU runner could write files outside workspace directory — melangeCWE-22 8.2 High2026-02-04
CVE-2026-25140 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams — apkoCWE-400 7.5 High2026-02-04
CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base — apkoCWE-23 7.5 High2026-02-04
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams — apkoCWE-400 5.5 Medium2026-02-04
CVE-2026-24846 malcontent's archive extraction could write outside extraction directory — malcontentCWE-22 5.5 Medium2026-01-29
CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials — malcontentCWE-522 6.5 Medium2026-01-29
CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions — melangeCWE-276 4.4 Medium2025-07-18
CVE-2025-53945 apko has incorrect permission (0666) in /etc/ld.so.cache and other files — apkoCWE-276 7.0 High2025-07-18
CVE-2024-36127 apko Exposure of HTTP basic auth credentials in log output — apkoCWE-522 7.5 High2024-06-03

This page lists every published CVE security advisory associated with chainguard-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.