zotregistry.dev/zot vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-31801Highzotregistry.dev/zot/v2: zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required)CVE-2025-48374Mediumzotregistry.dev/zot: zot logs secretsCVE-2025-23208Highzotregistry.dev/zot: Zot IdP group membership revocation ignoredCVE-2024-39897Mediumzotregistry.io/zot: Cache driver GetBlob() allows read access to any blob without access control check

Stop the waste.
Protect your environment with Kodem.