github.com/sylabs/singularity
Go10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/sylabs/singularitypage 1 of 1
- CVE-2018-19295HIGHCVSS 7.8EG 7.8✓ Fixed in 2.6.12018-12-17
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
- CVE-2019-11328HIGHCVSS 8.8EG 8.8✓ Fixed in 3.2.02019-05-14
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/sin…
- CVE-2019-19724HIGHCVSS 7.5EG 7.5✓ Fixed in 3.5.22019-12-18
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud…
- CVE-2020-13845HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.02020-07-14
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descripto…
- CVE-2020-13846HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.02020-07-14
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
- CVE-2020-15229HIGHCVSS 8.2EG 8.2✓ Fixed in 3.6.42020-10-14
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any …
- CVE-2020-25039HIGHCVSS 8.1EG 8.1✓ Fixed in 3.6.32020-09-16
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
- CVE-2020-25040HIGHCVSS 8.8EG 8.8✓ Fixed in 3.6.32020-09-16
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
- CVE-2021-32635MEDIUMCVSS 6.3EG 6.3✓ Fixed in 3.7.42021-05-28
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt t…
- CVE-2025-64750MEDIUMCVSS 4.5EG 4.52025-12-02
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances,…
Check whether github.com/sylabs/singularity is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/sylabs/singularity CVEs against the assets you own.
Start Free Scan →