Oras-project Oras-go
2 CVEs affecting Oras-project Oras-go. Latest disclosed: 2026-07-17. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-50151 | High | 7.5 | 2026-07-17 | oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-… |
CVE-2026-50163 | High | 7.1 | 2026-07-17 | oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the… |