pkg:Go/github.com/moby/moby

27 total CVEsCRITICAL2HIGH6MEDIUM17LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2024-41110docker.io - security update
    >= 20.10.0+incompatible, < 25.0.6+incompatible, >= 26.0.0+incompatible, < 26.1.5+incompatible, >= 27.0.0+incompatible, < 27.1.1+incompatible
  • CRITICAL9.8CVE-2019-14271Moby Docker cp broken with debian containers in github.com/docker/docker
    from 0, < 20.10.0-beta1+incompatible
  • HIGH8.8CVE-2026-34040Moby has AuthZ plugin bypass when provided oversized request bodies
    from 0
  • HIGH8.8CVE-2026-34040Moby has AuthZ plugin bypass when provided oversized request bodies
    from 0, < 29.3.1
  • HIGH8.1CVE-2024-36623Moby Race Condition vulnerability
    from 0, < 26.0.0+incompatible
  • HIGH8.1CVE-2024-36623Moby Race Condition vulnerability
    from 0, < 25.0.4
  • HIGH7.2CVE-2026-42306Docker: Race condition in docker cp allows bind mount redirection to host path
    from 0, <= 28.5.2
  • HIGH7.2CVE-2026-41567Docker: `PUT /containers/{id}/archive` executes container binary on the host
    from 0, <= 28.5.2
  • MEDIUM6.9CVE-2024-24557Classic builder cache poisoning in github.com/docker/docker
    from 0, < 24.0.9+incompatible, >= 25.0.0+incompatible, < 25.0.2+incompatible
  • MEDIUM6.9CVE-2024-24557Classic builder cache poisoning in github.com/docker/docker
    from 0, < 24.0.9
  • MEDIUM6.8CVE-2026-33997Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
    from 0
  • MEDIUM6.8CVE-2026-33997Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
    from 0
  • MEDIUM6.8CVE-2021-21284moby Access to remapped root allows privilege escalation to real root
    from 0, < 19.3.15
  • MEDIUM6.5CVE-2024-36620NULL Pointer Dereference on moby image history
    >= 25.0.0, < 26.1.0
  • MEDIUM6.5CVE-2024-36621Moby Race Condition vulnerability
    from 0, < 26.0.0
  • MEDIUM6.5CVE-2024-36620NULL Pointer Dereference on moby image history
    >= 25.0.0+incompatible, < 26.1.0+incompatible
  • MEDIUM6.5CVE-2024-36621Moby Race Condition vulnerability
    from 0, < 26.0.0+incompatible
  • MEDIUM6.5CVE-2021-21285moby docker daemon crash during image pull of malicious image
    from 0, < 19.3.15
  • MEDIUM6.1CVE-2026-41568Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
    from 0, <= 28.5.2
  • MEDIUM5.9CVE-2022-24769Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
    from 0, < 20.10.14+incompatible
  • MEDIUM5.9CVE-2022-24769Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
    from 0, < 20.10.14
  • MEDIUM5.9CVE-2021-41091Moby (Docker Engine) Insufficiently restricted permissions on data directory
    from 0, < 20.10.9+incompatible
  • MEDIUM5.9CVE-2021-41091Moby (Docker Engine) Insufficiently restricted permissions on data directory
    from 0, < 20.10.9
  • MEDIUM5.9CVE-2017-16539Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)
    from 0, < 17.12.0-ce
  • MEDIUM5.3CVE-2020-27534Path Traversal in Moby builder
    from 0, < 19.03.9
  • LOW3.0CVE-2021-41190Clarify Content-Type handling
    from 0, < 20.10.11+incompatible
  • LOW2.8CVE-2021-41089Unexpected chmod of host files via 'docker cp' in Moby Docker Engine in github.com/docker/docker
    from 0, < 20.10.9+incompatible