Chainguard-dev Apko
8 CVEs affecting Chainguard-dev Apko. Latest disclosed: 2026-05-09. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42575 | High | 7.5 | 2026-05-09 | apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but… |
CVE-2026-42574 | High | 7.5 | 2026-05-09 | apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install… |
CVE-2026-25140 | High | 7.5 | 2026-02-04 | apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromis… |
CVE-2026-25121 | High | 7.5 | 2026-02-04 | apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was di… |
CVE-2024-36127 | High | 7.5 | 2024-06-03 | apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed… |
CVE-2025-53945 | High | 7.0 | 2025-07-18 | apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files wer… |
CVE-2026-42576 | Medium | 6.5 | 2026-05-09 | apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unco… |
CVE-2026-25122 | Medium | 5.5 | 2026-02-04 | apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip… |