github.com/moby/buildkit (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/moby/buildkit, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2024-23652 — CVSS 10.0 (critical): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit…
CVE-2024-23653 — CVSS 9.8 (critical): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to…
CVE-2024-23651 — CVSS 8.7 (high): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build…
CVE-2026-33747 — CVSS 8.4 (high): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version…
CVE-2026-33748 — CVSS 7.5 (high): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version…
CVE-2023-26054 — CVSS 6.5 (medium): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions…
CVE-2024-23650 — CVSS 5.3 (medium): BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit…