pkg:Go/github.com/distribution/distribution/v3

3 total CVEsHIGH2MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2026-35172Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation
    from 0, < 3.1.0
  • HIGH7.5CVE-2026-33540Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
    from 0, < 3.1.0
  • MEDIUM6.5CVE-2026-41888Distribution's tag deletion bypasses `storage.delete.enabled` configuration
    from 0, < 3.1.1