buildah vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the buildah package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Reachable Assertion	<2:1.41.8-1.0.1.el9_7
H CVE-2025-58183	<2:1.41.6-1.0.1.el9_7
H Symlink Following	<2:1.41.6-1.0.1.el9_7
M CVE-2025-22871	<2:1.39.4-2.0.1.el9_6
M Allocation of Resources Without Limits or Throttling	<2:1.39.4-1.0.1.el9_6
H Improper Privilege Management	<2:1.37.6-1.0.1.el9_5
H Directory Traversal	<2:1.37.5-1.0.1.el9_5
H Improper Input Validation	<2:1.37.5-1.0.1.el9_5
M Improper Validation of Integrity Check Value	<2:1.37.2-1.0.1.el9
M CVE-2024-24791	<2:1.37.2-1.0.1.el9
H Directory Traversal	<2:1.37.5-1.0.1.el9_5
H Link Following	<2:1.37.5-1.0.1.el9_5
H CVE-2024-34158	<2:1.37.5-1.0.1.el9_5
H CVE-2024-34156	<2:1.37.5-1.0.1.el9_5
H CVE-2024-34155	<2:1.37.5-1.0.1.el9_5
M CVE-2024-24783	<2:1.33.7-4.0.1.el9_4
H Memory Leak	<2:1.33.7-3.0.1.el9_4
M CVE-2024-28176	<2:1.33.7-2.0.1.el9_4
M CVE-2023-45290	<2:1.33.7-2.0.1.el9_4
M CVE-2024-28180	<2:1.33.7-2.0.1.el9_4
M CVE-2024-24786	<2:1.33.7-1.0.1.el9_4
M CVE-2023-39326	<2:1.33.6-2.0.1.el9
M Information Exposure	<2:1.33.6-2.0.1.el9
H Link Following	<1:1.31.5-1.0.1.el9_3
M Improper Validation of Integrity Check Value	<1:1.31.4-1.0.1.el9_3
M Cross-site Scripting (XSS)	<1:1.31.3-2.0.1.el9_3
M Allocation of Resources Without Limits or Throttling	<1:1.31.3-2.0.1.el9_3
M CVE-2023-39321	<1:1.31.3-2.0.1.el9_3
M Cross-site Scripting (XSS)	<1:1.31.3-2.0.1.el9_3
M Resource Exhaustion	<1:1.31.3-2.0.1.el9_3
M Allocation of Resources Without Limits or Throttling	<1:1.31.3-1.0.1.el9
M Resource Exhaustion	<1:1.31.3-1.0.1.el9
M Incorrect Authorization	<1:1.31.3-1.0.1.el9
M Arbitrary Code Injection	<1:1.31.3-1.0.1.el9
M Arbitrary Code Injection	<1:1.31.3-1.0.1.el9
M CVE-2022-41723	<1:1.31.3-1.0.1.el9
M Interpretation Conflict	<1:1.31.3-1.0.1.el9
M CVE-2023-24540	<1:1.31.3-1.0.1.el9
M Arbitrary Code Injection	<1:1.31.3-1.0.1.el9
M Resource Exhaustion	<1:1.31.3-1.0.1.el9
M Allocation of Resources Without Limits or Throttling	<1:1.31.3-1.0.1.el9
M Allocation of Resources Without Limits or Throttling	<1:1.29.1-1.0.1.el9
M CVE-2021-33198	<1:1.27.0-2.0.1.el9
M Placement of User into Incorrect Group	<1:1.27.0-2.0.1.el9
M Placement of User into Incorrect Group	<1:1.27.0-2.0.1.el9
M CVE-2022-27191	<1:1.27.0-2.0.1.el9
M Use of Insufficiently Random Values	<1:1.29.1-1.0.1.el9
M Arbitrary Code Injection	<1:1.27.0-2.0.1.el9
M Missing Authorization	<1:1.27.0-2.0.1.el9
M Improper Locking	<1:1.27.0-2.0.1.el9

Vulnerability

Vulnerable Version

Reachable Assertion

<2:1.41.8-1.0.1.el9_7