chainguard.dev/apko vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-42575Highchainguard.dev/apko: apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution…CVE-2026-42574Highchainguard.dev/apko: apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the…CVE-2026-42576Mediumchainguard.dev/apko: apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discoveryCVE-2026-25140Highchainguard-dev/apko: apko affected by potential unbounded resource consumption in expandapk.ExpandApk on…CVE-2026-25122Mediumchainguard.dev/apko: apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk…CVE-2026-25121Highchainguard.dev/apko: apko has a path traversal in apko dirFS which allows filesystem writes outside baseCVE-2025-53945Highchainguard.dev/apko: apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other filesCVE-2024-36127Highchainguard.dev/apko: apko Exposure of HTTP basic auth credentials in log output

Stop the waste.
Protect your environment with Kodem.