docker-compose

Direct Vulnerabilities

Known vulnerabilities in the docker-compose package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2026-42505

<5.3.1-r1
  • L
CVE-2026-39822

<5.3.1-r1
  • L
CVE-2026-49834

<5.2.0-r0
  • L
Uncontrolled Memory Allocation

<5.2.0-r0
  • H
Symlink Following

*
  • L
Uncontrolled Search Path Element

*
  • L
CVE-2026-47262

<5.2.0-r0
  • L
CVE-2026-50195

<5.2.0-r0
  • L
Symlink Following

<5.2.0-r0
  • L
Improper Input Validation

<5.2.0-r0
  • L
Improper Input Validation

<5.2.0-r0
  • L
Improper Privilege Management

<5.2.0-r0
  • L
Cross-site Scripting (XSS)

*
  • L
GHSA-pmwq-pjrm-6p5r

<5.2.0-r0
  • L
Integer Overflow or Wraparound

<5.1.4-r1
  • L
Cross-site Scripting (XSS)

<5.1.4-r1
  • L
Out-of-Bounds

<5.1.4-r1
  • L
Incorrect Type Conversion or Cast

<5.1.4-r1
  • L
CVE-2026-39821

<5.1.4-r1
  • L
Resource Exhaustion

<5.1.4-r1
  • L
Deserialization of Untrusted Data

<5.1.4-r1
  • L
Improper Restriction of Rendered UI Layers or Frames

<5.1.4-r1
  • L
Improper Certificate Validation

<5.1.4-r1
  • L
Improper Restriction of Rendered UI Layers or Frames

<5.1.4-r1
  • L
CVE-2026-42504

<5.1.4-r1
  • L
CVE-2026-46598

<5.1.4-r1
  • L
Improper Certificate Validation

<5.1.4-r1
  • L
Improper Enforcement of Message Integrity During Transmission in a Communication Channel

<5.1.4-r1
  • L
CVE-2026-27145

<5.1.4-r1
  • L
CVE-2026-46595

<5.1.4-r1
  • L
CVE-2026-42507

<5.1.4-r1
  • H
Off-by-one Error

*
  • L
Improper Restriction of Rendered UI Layers or Frames

<5.1.4-r1
  • L
CVE-2026-39824

<5.1.4-r0
  • L
Improper Verification of Cryptographic Signature

<5.1.4-r1
  • L
Improper Certificate Validation

<5.1.4-r1
  • L
Missing Authorization

<5.1.4-r1
  • L
Missing Authorization

<5.1.4-r1
  • L
Uncontrolled Memory Allocation

<5.1.2-r1
  • L
CVE-2026-42501

<5.1.3-r1
  • L
Improper Encoding or Escaping of Output

<5.1.3-r1
  • L
CVE-2026-39825

<5.1.3-r1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<5.1.3-r1
  • H
Double Free

<5.1.3-r1
  • L
CVE-2026-42499

<5.1.3-r1
  • M
Out-of-bounds Write

<5.1.3-r1
  • L
Cross-site Scripting (XSS)

<5.1.3-r1
  • M
Link Following

<5.1.3-r1
  • H
Allocation of Resources Without Limits or Throttling

<5.1.3-r1
  • H
NULL Pointer Dereference

<5.1.3-r1
  • H
Authentication Bypass

*
  • L
Allocation of Resources Without Limits or Throttling

<5.1.2-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<5.1.2-r0
  • C
CVE-2026-27143

<5.1.2-r0
  • H
Improper Certificate Validation

<5.1.2-r0
  • M
Link Following

<5.1.2-r0
  • M
Allocation of Resources Without Limits or Throttling

<5.1.2-r0
  • L
CVE-2026-32280

<5.1.2-r0
  • H
Allocation of Resources Without Limits or Throttling

<5.1.2-r0
  • H
Incorrect Authorization

<5.1.2-r0
  • H
Improper Certificate Validation

<5.1.2-r0
  • M
Cross-site Scripting (XSS)

<5.1.2-r0
  • H
Untrusted Search Path

<5.1.2-r1
  • C
Directory Traversal

<5.1.1-r2
  • H
Directory Traversal

<5.1.1-r2
  • L
Untrusted Search Path

<5.1.1-r1
  • L
Directory Traversal

<5.1.1-r1
  • L
Improper Authorization

<5.1.1-r1