Browse all 4 CVE security advisories affecting project-zot. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-31801 | zot create-only policy allows overwrite attempts of existing latest tag (update permission not required) — zotCWE-863 | 7.7 | High | 2026-03-10 |
| CVE-2025-48374 | zot logs secrets — zotCWE-532 | 6.5AI | MediumAI | 2025-05-22 |
| CVE-2025-23208 | IdP group membership revocation ignored in zot — zotCWE-269 | 7.3 | High | 2025-01-17 |
| CVE-2024-39897 | Cache driver GetBlob() allows read access to any blob without access control check — zotCWE-639 | 4.3 | Medium | 2024-07-09 |
This page lists every published CVE security advisory associated with project-zot. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.