Chainguard-dev Melange
8 CVEs affecting Chainguard-dev Melange. Latest disclosed: 2026-04-24. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24843 | High | 8.2 | 2026-02-04 | melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a… |
CVE-2026-25143 | High | 7.8 | 2026-02-04 | melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch… |
CVE-2026-24844 | High | 7.8 | 2026-02-04 | melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, bu… |
CVE-2026-29050 | Medium | 6.1 | 2026-04-23 | melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a… |
CVE-2026-25145 | Medium | 5.5 | 2026-02-04 | melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configura… |
CVE-2026-29051 | Medium | 4.4 | 2026-04-24 | melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-re… |
CVE-2025-54059 | Medium | 4.4 | 2025-07-18 | melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange… |
CVE-2026-29049 | Medium | 4.3 | 2026-03-06 | melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via… |