github.com/containers/podman
Go12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/containers/podmanpage 1 of 1
- CVE-2018-10856MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.6.12018-07-03
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
- CVE-2019-10152HIGHCVSS 7.2EG 7.2✓ Fixed in 1.4.02019-07-30
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to b…
- CVE-2019-18466MEDIUMCVSS 5.5EG 5.52019-10-28
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container im…
- CVE-2020-1726MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.0.62020-02-11
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious i…
- CVE-2021-4024MEDIUMCVSS 6.5EG 6.52021-12-23
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP …
- CVE-2022-27649HIGHCVSS 7.5EG 7.52022-04-04
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process…
- CVE-2022-4122MEDIUMCVSS 5.3EG 5.32022-12-08
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
- CVE-2024-3056HIGHCVSS 7.7EG 4.82024-08-02
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The…
- CVE-2024-9407MEDIUMCVSS 4.7EG 4.72024-10-01
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. T…
- CVE-2025-4953HIGHCVSS 7.4EG 7.42025-09-16
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build con…
- CVE-2025-6032HIGHCVSS 8.3EG 8.32025-06-24
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- CVE-2025-9566HIGHCVSS 8.1EG 8.12025-09-05
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a…
Check whether github.com/containers/podman is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/containers/podman CVEs against the assets you own.
Start Free Scan →