Vulnerabilities in chainguard-dev
19 resultsCVE-2024-36127HIGHapko Exposure of HTTP basic auth credentials in log outputEPSS 0.4%CVE-2026-25121HIGHapko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside baseEPSS 0.4%CVE-2026-25140HIGHapko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streamsEPSS 0.4%CVE-2026-42574HIGHapko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build rootEPSS 0.4%CVE-2026-24845MEDIUMmalcontent's OCI image scanning could expose registry credentialsEPSS 0.3%CVE-2026-42576MEDIUMapko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discoveryEPSS 0.3%CVE-2026-28407MEDIUMmalcontent's nested archive extraction failure can drop content from scan inputsEPSS 0.2%CVE-2026-29049MEDIUMmelange: unbounded HTTP download in `melange update-cache` can exhaust disk in CIEPSS 0.2%CVE-2026-24844HIGHmelange pipeline working-directory could allow command injectionEPSS 0.2%CVE-2026-25143HIGHmelange affected by potential host command execution via license-check YAML mode patch pipelineEPSS 0.2%CVE-2026-29051MEDIUMmelange has Path Traversal via .PKGINFO in --persist-lint-resultsEPSS 0.2%CVE-2026-25145MEDIUMmelange has a path traversal in license-path which allows reading files outside workspaceEPSS 0.2%CVE-2026-24843HIGHmelange QEMU runner could write files outside workspace directoryEPSS 0.2%CVE-2026-24846MEDIUMmalcontent's archive extraction could write outside extraction directoryEPSS 0.2%CVE-2026-42575HIGHapko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)EPSS 0.2%CVE-2026-29050MEDIUMmelange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].usesEPSS 0.1%CVE-2025-54059MEDIUMmelange creates SBOM files in APKs with world-writable permissionsEPSS 0.1%CVE-2025-53945HIGHapko has incorrect permission (0666) in /etc/ld.so.cache and other filesEPSS 0.1%CVE-2026-25122MEDIUMapko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streamsEPSS 0.1%