Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

github.com/docker/distribution

Ecosystem:
go
Package URL:
pkg:golang/github.com/docker/distribution
Total PRs:
99 Dependabot PRs
Latest PR:
27 days ago
Unique Repositories:
79 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Docker Registry has Allocation of Resources Without Limits or Throttling
GHSA-h62f-wm92-2cmw CVE-2017-11468 HIGH published about 4 years ago • updated 2 months ago
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote atta...
distribution catalog API endpoint can lead to OOM via malicious user input
GHSA-hqxw-f8mx-cpmw CVE-2023-2253 HIGH published about 3 years ago • updated 2 months ago
### Impact Systems that run `distribution` built after a specific commit running on memory-restricted environments can suffer from denial of servi...
OCI Manifest Type Confusion Issue
GHSA-qq97-vm5h-rrhg LOW published over 4 years ago • updated about 2 months ago
### Impact Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. ### Patches Upgrade to at least `...
Recent PRs (filtered by: Merged )
RSS Feed Clear filter
Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible in /backend

h0lm0/pwnthemall #146

2.7.1+incompatible → 2.8.2+incompatible Minor PR
Merged 11 months ago
h0lm0
Bump the go_modules group across 1 directory with 10 updates

hopskipdrive/kube-fledged #1

2.8.1+incompatible → 2.8.3+incompatible Patch PR
Merged 12 months ago
hopskipdrive
Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in the go_modules group across 1 directory

LeBlueElephant/docker-oscal-cat #10

2.8.1+incompatible → 2.8.2+incompatible Patch PR
Merged about 1 year ago
LeBlueElephant
Bump the go_modules group across 6 directories with 9 updates

offsoc/Elkeid #4

2.8.1+incompatible → 2.8.2+incompatible Patch PR
Merged about 1 year ago
offsoc
Package Details
Name: github.com/docker/distribution
Ecosystem: go
PURL Type: golang
Package URL: pkg:golang/github.com/docker/distribution
JSON API: View JSON
Security Advisories

3

Active advisories
HIGH 2
LOW 1
View All golang Advisories
Package Information
Description:

Package distribution will define the interfaces for the components of docker distribution. The goal is to allow users to reliably package, ship and store content related to docker images. This is currently a work in progress. More details are available in the README.md.

Repository: https://github.com/docker/distribution
Homepage: https://github.com/docker/distribution
Latest Release: v2.8.3+incompatible
over 2 years ago
Dependent Repos: 33,614
Dependent Packages: 13,573
Ranking: Top 0.0323% by dependent repos Top 0.0188% by dependent pkgs
PR Status
Open 48 (48.5%)
Merged 4 (4.0%)
Closed 38 (38.4%)
PR Types
Major 1 (1.0%)
Minor 42 (42.4%)
Patch 47 (47.5%)