github.com/containers/podman/v3
Go13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/containers/podman/v3page 1 of 1
- CVE-2018-10856MEDIUMCVSS 5.3EG 5.32018-07-03
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
- CVE-2019-18466MEDIUMCVSS 5.5EG 5.52019-10-28
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container im…
- CVE-2021-20199MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.0.02021-02-02
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require…
- CVE-2021-4024MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.4.32021-12-23
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP …
- CVE-2022-1227HIGHCVSS 8.8EG 8.8✓ Fixed in 3.42022-04-29
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'pod…
- CVE-2022-27649HIGHCVSS 7.5EG 7.52022-04-04
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process…
- CVE-2022-2989HIGHCVSS 7.1EG 7.1✓ Fixed in 3.0.12022-09-13
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementar…
- CVE-2022-4122MEDIUMCVSS 5.3EG 5.32022-12-08
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
- CVE-2024-3056HIGHCVSS 7.7EG 4.82024-08-02
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The…
- CVE-2024-9407MEDIUMCVSS 4.7EG 4.72024-10-01
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. T…
- CVE-2025-4953HIGHCVSS 7.4EG 7.42025-09-16
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build con…
- CVE-2025-6032HIGHCVSS 8.3EG 8.32025-06-24
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- CVE-2025-9566HIGHCVSS 8.1EG 8.12025-09-05
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a…
Check whether github.com/containers/podman/v3 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/containers/podman/v3 CVEs against the assets you own.
Start Free Scan →