github.com/sylabs/singularity (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/sylabs/singularity, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2019-11328 — CVSS 8.8 (high): An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could…
CVE-2020-25040 — CVSS 8.8 (high): Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build…
CVE-2020-15229 — CVSS 8.2 (high): Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path…
CVE-2020-25039 — CVSS 8.1 (high): Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container…
CVE-2018-19295 — CVSS 7.8 (high): Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
CVE-2020-13845 — CVSS 7.5 (high): Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy…
CVE-2019-19724 — CVSS 7.5 (high): Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could…
CVE-2021-32635 — CVSS 6.3 (medium): Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action…
CVE-2025-64750 — CVSS 4.5 (medium): SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if…