Oras-project Oras-go

2 CVEs affecting Oras-project Oras-go. Latest disclosed: 2026-07-17. Critical: 0, High: 2.

Top CVEs affecting Oras-project Oras-go
CVESeverityScorePublishedSummary
CVE-2026-50151High7.52026-07-17oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-…
CVE-2026-50163High7.12026-07-17oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the…