zotregistry.dev/zot (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package zotregistry.dev/zot, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-31801 — CVSS 7.7 (high): zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s…
CVE-2025-23208 — CVSS 7.3 (high): zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an…
CVE-2025-48374: zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3…
CVE-2024-39897 — CVSS 4.3 (medium): zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If…