VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/distribution/distribution

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-35172 high 7.5 7.5 2mo ago Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation
CVE-2026-41888 medium 6.5 6.5 20d ago Distribution's tag deletion bypasses `storage.delete.enabled` configuration
CVE-2026-33540 unknown 2mo ago Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
CVE-2025-24976 unknown 1y ago Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution
CVE-2023-2253 unknown 3y ago Memory exhaustion in github.com/distribution/distribution