VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/distribution/distribution

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-35172 high 7.5 7.5 2mo ago Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation debiansusegolang
CVE-2026-41888 medium 6.5 6.5 14d ago Distribution's tag deletion bypasses `storage.delete.enabled` configuration debiansusegolang
CVE-2026-33540 unknown 2mo ago Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm debiansusegolang
CVE-2025-24976 unknown 1y ago Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution debiansusegolang
CVE-2023-2253 unknown 3y ago Memory exhaustion in github.com/distribution/distribution debiansusegolang