Podman_project Podman
15 CVEs affecting Podman_project Podman. Latest disclosed: 2026-04-14. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-1227 | High | 8.8 | 2022-04-29 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded… |
CVE-2026-33414 | High | 7.8 | 2026-04-14 | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in… |
CVE-2024-3056 | High | 7.7 | 2024-08-02 | A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least… |
CVE-2022-2738 | High | 7.5 | 2022-09-01 | The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for… |
CVE-2022-27649 | High | 7.5 | 2022-04-04 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), wh… |
CVE-2022-2989 | High | 7.1 | 2022-09-13 | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modificati… |
CVE-2021-20188 | High | 7.0 | 2021-02-11 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abus… |
CVE-2023-0778 | Medium | 6.8 | 2023-03-27 | A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while… |
CVE-2021-4024 | Medium | 6.5 | 2021-12-23 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` pro… |
CVE-2019-25067 | Medium | 6.3 | 2022-06-09 | A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation l… |
CVE-2021-20199 | Medium | 5.9 | 2021-02-02 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applic… |
CVE-2022-4122 | Medium | 5.3 | 2022-12-08 | A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. |
CVE-2022-2739 | Medium | 5.3 | 2022-09-01 | The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for… |
CVE-2020-14370 | Medium | 5.3 | 2020-09-23 | An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible… |
CVE-2022-4123 | Low | 3.3 | 2022-12-08 | A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to co… |