71 Total CVEs
57 AI Analyzed
0 CISA KEV
39 Critical
All Vendors
Showing 1-71 of 71 CVEs
CVE-2026-7061
Analyzed
7.3
Docker chatgpt-mcp-server

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0

2026-04-27
CVE-2026-6406
Analyzed
8.8
Docker CLI

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop

2026-05-30
CVE-2026-58053
Analyzed
9.9
Docker act_runner

A container escape vulnerability in Gitea act_runner allows authenticated users to gain root access to the host machine by manipulating container opti...

2026-06-28
CVE-2026-57572
Analyzed
10
Docker Crawl4ai

Crawl4ai is vulnerable to command injection via the Docker API, allowing unauthenticated attackers to execute arbitrary commands on the host by inject...

2026-07-07
CVE-2026-56265
Analyzed
9.8
Docker Crawl4AI

Crawl4AI versions before 0.8.7 contain an authentication bypass vulnerability due to a hardcoded JWT signing key in the Docker API server.

2026-06-22
CVE-2026-53576
Analyzed
10
Docker Kestra

An authentication bypass vulnerability in Kestra allows unauthenticated attackers to execute arbitrary code as root by manipulating API requests.

2026-06-27
CVE-2026-53488
Analyzed
9.4
Docker containerd

Containerd fails to validate image configuration labels, potentially allowing attackers to execute arbitrary commands on the host system.

2026-07-01
CVE-2026-47208
Analyzed
10
Docker vm2

A sandbox breakout vulnerability in vm2 allows unauthenticated attackers to execute arbitrary commands on the host system via promise manipulation.

2026-06-13
CVE-2026-47125
Analyzed
8.8
Docker containers

Arcane is an interface for managing Docker containers, images, networks, and volumes

2026-05-30
CVE-2026-46386
Analyzed
9.9
Docker OpenProject

A default, insecure secret key configuration in the official OpenProject Docker image allows authenticated users to achieve remote code execution via...

2026-06-27
CVE-2026-45663
Analyzed
9.9
Docker PaaS

Dokploy contains a command injection vulnerability in its Docker file upload functionality that allows authenticated users to execute arbitrary OS com...

2026-05-30
CVE-2026-45662
Analyzed
8.8
Docker logout

Dokploy is a free, self-hostable Platform as a Service (PaaS)

2026-05-30
CVE-2026-45633
Analyzed
9.9
Docker PaaS

Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint that allows authenticated users to execute arbitra...

2026-05-30
CVE-2026-45298
Analyzed
8.6
Docker containers

Dozzle is a realtime log viewer for docker containers

2026-05-29
CVE-2026-44850
Analyzed
8.5
Docker API

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubern...

2026-05-29
CVE-2026-44849
Analyzed
8.8
Docker Portainer Community Edition / Swarm

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubern...

2026-06-02
CVE-2026-44848
Analyzed
8.8
Docker Portainer Community Edition

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubern...

2026-06-02
CVE-2026-44346
Analyzed
8.8
Docker build

BentoML is a Python library for building online serving systems optimized for AI apps and model inference

2026-05-28
CVE-2026-44345
Analyzed
8.8
Docker build which

BentoML is a Python library for building online serving systems optimized for AI apps and model inference

2026-05-28
CVE-2026-42869
Analyzed
10
Docker Compose setup

SOCFortress CoPilot uses a hardcoded JWT signing secret, allowing unauthenticated attackers to forge administrative tokens.

2026-05-12
CVE-2026-42596
Analyzed
9.4
Docker Gotenberg

A bypass of Gotenberg's URL deny-list allows an unauthenticated attacker to force the server to make outbound requests to internal-only targets.

2026-05-15
CVE-2026-42595
8.6
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-42591
8.2
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-42590
8.2
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-42589
Analyzed
9.8
Docker Gotenberg

A command injection vulnerability in the Gotenberg PDF API allows unauthenticated remote attackers to execute OS commands via malicious JSON metadata.

2026-05-15
CVE-2026-42454
Analyzed
9.9
Docker container management

Termix is vulnerable to OS command injection in its Docker management endpoints, leading to remote code execution.

2026-05-09
CVE-2026-42088
Analyzed
9.6
Docker database

A vulnerability in the OpenC3 COSMOS Script Runner widget allows authenticated users to bypass permissions and perform administrative actions on Redis...

2026-05-05
CVE-2026-41278
7.5
Docker validation revealed

Flowise is a drag & drop user interface to build a customized large language model flow

2026-04-25
CVE-2026-40893
8.2
Docker Multiple Products

Gotenberg is a Docker-powered stateless API for PDF files

2026-05-15
CVE-2026-40313
Analyzed
9.1
Docker Actions workflows

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known cred...

2026-04-14
CVE-2026-40281
Analyzed
10
Docker Gotenberg

Gotenberg contains a command injection vulnerability where unsanitized metadata values allow attackers to manipulate ExifTool arguments, leading to ar...

2026-05-07
CVE-2026-40242
7.2
Docker containers

Arcane is an interface for managing Docker containers, images, networks, and volumes

2026-04-12
CVE-2026-40089
Analyzed
9.9
Docker Compose stack

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side...

2026-04-10
CVE-2026-39386
8.8
Docker and uses

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3

2026-04-21
CVE-2026-35036
7.5
Docker bridge

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing

2026-04-07
CVE-2026-34612
Analyzed
9.9
Docker Kestra

A SQL Injection vulnerability in Kestra's flow search endpoint allows authenticated users to execute arbitrary OS commands on the host via PostgreSQL'...

2026-04-04
CVE-2026-34205
Analyzed
9.6
Docker Home Assistant (Supervisor)

Home Assistant Supervisor fails to restrict access to internal Docker endpoints when using host network mode on Linux, exposing unauthenticated manage...

2026-03-28
CVE-2026-34038
Analyzed
9.9
Docker Coolify

Coolify contains an authenticated remote command injection vulnerability in application deployment handling, allowing remote code execution and sensit...

2026-07-07
CVE-2026-33747
Analyzed
8.4
Docker BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner

2026-03-27
CVE-2026-33744
7.8
Docker build

BentoML is a Python library for building online serving systems optimized for AI apps and model inference

2026-03-28
CVE-2026-33588
8.1
Docker container via

Lack of user input validation in the file upload functionality of Open Notebook v1

2026-05-08
CVE-2026-33587
Analyzed
10
Docker container via

A Server-Side Template Injection (SSTI) vulnerability in Open Notebook v1.8.3 allows authenticated users to execute arbitrary Python code and OS comma...

2026-05-08
CVE-2026-33037
8.1
Docker deployment files

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-32038
Analyzed
9.8
Docker OpenClaw

OpenClaw versions before 2026.2.24 contain a sandbox network isolation bypass vulnerability allowing trusted operators to access other container netwo...

2026-03-20
CVE-2026-30929
Analyzed
7.7
Docker ImageMagick

ImageMagick is free and open-source software used for editing and manipulating digital images

2026-03-10
CVE-2026-28479
7.5
Docker and browser

OpenClaw versions prior to 2026

2026-03-07
CVE-2026-28406
Analyzed
8.2
Docker Kaniko

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster

2026-02-28
CVE-2026-28400
Analyzed
7.5
Docker Model Runner

Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker

2026-02-28
CVE-2026-27899
8.8
Docker images for

WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management

2026-02-26
CVE-2026-27208
Analyzed
9.2
Docker api-gateway-deploy

A critical attack chain involving OS command injection and privilege escalation in api-gateway-deploy allows for root-level execution and container es...

2026-02-25
CVE-2026-27002
Analyzed
9.8
Docker tool sandbox

OpenClaw's Docker tool sandbox is vulnerable to configuration injection, allowing dangerous Docker options that can lead to container escape and host...

2026-02-21
CVE-2026-26217
8.6
Docker API deployment

Crawl4AI versions prior to 0

2026-02-13
CVE-2026-26216
Analyzed
10
Docker API deployment

Crawl4AI versions prior to 0.8.0 allow unauthenticated remote code execution via the `/crawl` endpoint by exploiting the `hooks` parameter to import a...

2026-02-13
CVE-2026-25520
Analyzed
10
Docker SandboxJS

SandboxJS is vulnerable to a sandbox escape via unwrapped function return values. Attackers can access the host's Function constructor to execute arbi...

2026-02-07
CVE-2026-25142
Analyzed
10
Docker Multiple Products

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain protot...

2026-02-03
CVE-2026-24841
Analyzed
9.9
Docker Multiple Products

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokpl...

2026-01-28
CVE-2026-24129
Analyzed
8
Docker Multiple Products

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server

2026-01-23
CVE-2026-24118
Analyzed
9.8
Docker vm2

A sandbox breakout vulnerability in the Node.js vm2 library allows attackers to escape the sandbox and execute arbitrary commands on the host system.

2026-05-05
CVE-2026-23846
Analyzed
8.1
Docker Multiple Products

Tugtainer is a self-hosted app for automating updates of Docker containers

2026-01-20
CVE-2026-23520
Analyzed
9
Docker Multiple Products

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported l...

2026-01-16
CVE-2026-22709
Analyzed
9.8
Docker Multiple Products

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization...

2026-01-27
CVE-2026-20896
Analyzed
9.8
Docker Gitea Open Source Git Server

A default configuration error in Gitea Docker images allows unauthenticated attackers to spoof user identities via reverse-proxy authentication header...

2026-07-04
CVE-2026-0863
Analyzed
8.5
Docker Multiple Products

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted...

2026-01-19
CVE-2025-69222
Analyzed
9.1
Docker Multiple Products

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing...

2026-01-08
CVE-2025-66570
Analyzed
10
Docker Multiple Products

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP hea...

2025-12-06
CVE-2025-64419
Analyzed
9.6
Docker Multiple Products

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming...

2026-01-06
CVE-2025-53909
Analyzed
9.1
Docker Multiple Products

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions...

2025-07-17
CVE-2025-49655
Analyzed
9.8
Docker Multiple Products

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a mali...

2025-10-17
CVE-2025-14707
Analyzed
9.8
Docker Multiple Products

A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the co...

2025-12-15
CVE-2025-12970
Analyzed
8.8
Docker Multiple Products

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length

2025-11-25
CVE-2023-27573
Analyzed
9
Docker before

NetBox-docker versions before 2.5.0 contain a superuser account with default credentials and a static API token, potentially allowing unauthorized adm...

2026-03-11