Every CVE whose affected-product data names Redhat Quay, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2021-3762 — CVSS 9.8 (critical): A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted…
CVE-2020-27832 — CVSS 9.0 (critical): A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's…
CVE-2022-1227 — CVSS 8.8 (high): A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this…
CVE-2019-3864 — CVSS 8.8 (high): A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific…
CVE-2019-9515 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2019-9517 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The…
CVE-2019-9518 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a…
CVE-2020-10735 — CVSS 7.5 (high): A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could…
CVE-2019-9511 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a…
CVE-2019-9513 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple…
CVE-2019-9514 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of…
CVE-2026-32589 — CVSS 7.4 (high): A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry…
CVE-2026-32590 — CVSS 7.1 (high): A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the…
CVE-2022-2447 — CVSS 6.6 (medium): A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token…
CVE-2023-4959 — CVSS 6.5 (medium): A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the…
CVE-2026-2377 — CVSS 6.5 (medium): A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an…
CVE-2023-4956 — CVSS 6.5 (medium): A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a…
CVE-2025-4374 — CVSS 6.5 (medium): A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet…
CVE-2019-9516 — CVSS 6.5 (medium): Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2019-10205 — CVSS 6.3 (medium): A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red…
CVE-2019-3865 — CVSS 6.1 (medium): A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able…
CVE-2023-3384 — CVSS 5.4 (medium): A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by…
CVE-2026-6848 — CVSS 5.4 (medium): A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or…
CVE-2026-32591 — CVSS 5.2 (medium): A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry…
CVE-2026-2376 — CVSS 4.9 (medium): A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted…
CVE-2024-9683 — CVSS 4.8 (medium): A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw…
CVE-2020-14313 — CVSS 4.3 (medium): An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a…
CVE-2020-27831 — CVSS 4.3 (medium): A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for…
CVE-2024-5891 — CVSS 4.2 (medium): A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate…
CVE-2019-3867 — CVSS 4.1 (medium): A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access…