pkg:Go/github.com/opencontainers/runc
31 total CVEsHIGH16MEDIUM11LOW4
✅ Check your installed version
All known vulnerabilities
- >= 1.0.0-rc93, < 1.1.12
- >= 1.0.0-rc93, < 1.1.12
- HIGH7.8CVE-2025-31133Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runcfrom 0, < 1.2.8
- HIGH7.8CVE-2025-31133Container escape via "masked path" abuse due to mount race conditions in github.com/opencontainers/runcfrom 0, < 1.2.8, >= 1.3.0-rc.1, < 1.3.3, >= 1.4.0-rc.1, < 1.4.0-rc.3
- from 0, < 0.1.0
- from 0, < 0.1.0
- HIGH7.6CVE-2021-30465Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runcfrom 0, < 1.0.0-rc95
- HIGH7.6CVE-2021-30465Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runcfrom 0, < 1.0.0-rc95
- HIGH7.5CVE-2025-52881Container escape and DDoS due to arbitrary write gadgets and procfs write redirects in github.com/opencontainers/runcfrom 0, < 1.2.8, >= 1.3.0-rc.1, < 1.3.3, >= 1.4.0-rc.1, < 1.4.0-rc.3
- HIGH7.5CVE-2025-52881Container escape and DDoS due to arbitrary write gadgets and procfs write redirects in github.com/opencontainers/runcfrom 0, < 1.2.8
- HIGH7.5CVE-2025-52565Container escape with malicious config due to /dev/console mount and related races in github.com/opencontainers/runc>= 1.0.0-rc3, < 1.2.8
- HIGH7.5CVE-2025-52565Container escape with malicious config due to /dev/console mount and related races in github.com/opencontainers/runc>= 1.0.0-rc3, < 1.2.8, >= 1.3.0-rc.1, < 1.3.3, >= 1.4.0-rc.1, < 1.4.0-rc.3
- from 0, < 1.0.0-rc8.0.20190930145003-cad42f6e0932
- from 0, < 1.0.0-rc8.0.20190930145003-cad42f6e0932
- HIGH7.0CVE-2023-27561Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc>= 1.0.0-rc95, < 1.1.5
- HIGH7.0CVE-2023-27561Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc>= 1.0.0-rc95, < 1.1.5
- from 0, < 1.0.0-rc3
- from 0, < 1.0.0-rc3
- from 0, < 1.1.5
- from 0, < 1.1.5
- MEDIUM6.0CVE-2021-43784Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunCfrom 0, < 1.0.3
- MEDIUM6.0CVE-2021-43784Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC>= 1.0.1-0.20211012131345-9c444070ec7b, < 1.1.0
- MEDIUM5.9CVE-2025-27612Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66from 0
- MEDIUM5.9CVE-2022-29162Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runcfrom 0, < 1.1.2
- MEDIUM5.9CVE-2022-29162Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runcfrom 0, < 1.1.2
- from 0, < 1.0.0-rc9.0.20200122160610-2fc03cc11c77
- from 0, < 1.0.0-rc9.0.20200122160610-2fc03cc11c77
- LOW3.6CVE-2024-45310Can be confused to create empty files/directories on the host in github.com/opencontainers/runcfrom 0, < 1.1.14
- LOW3.6CVE-2024-45310Can be confused to create empty files/directories on the host in github.com/opencontainers/runcfrom 0, < 1.1.14, >= 1.2.0-rc.1, < 1.2.0-rc.3
- LOW2.5CVE-2023-25809Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runcfrom 0, < 1.1.5
- LOW2.5CVE-2023-25809Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runcfrom 0, < 1.1.5