An open index of dependabot pull requests across open source projects.

github.com/moby/moby

Ecosystem:
go
Package URL:
pkg:golang/github.com/moby/moby
Total PRs:
166 Dependabot PRs
Latest PR:
about 1 month ago
Unique Repositories:
39 repositories
Unique Repos (30 days):
1 repository
Security Advisories
moby docker daemon crash during image pull of malicious image
GHSA-6fj5-m822-rqx8 CVE-2021-21285 MODERATE published about 2 years ago • updated 4 days ago
### Impact Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon. ### Patches Versions 20.10.3 and 19.03.15 cont...
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
GHSA-2mm7-x5h6-5pvq CVE-2022-24769 MODERATE published almost 2 years ago • updated 1 day ago
### Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities...
Moby (Docker Engine) Insufficiently restricted permissions on data directory
GHSA-3fwx-pjgw-3558 CVE-2021-41091 MODERATE published about 2 years ago • updated 6 days ago
## Impact A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficien...
Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)
GHSA-vfjc-2qcw-j95j CVE-2017-16539 MODERATE published almost 4 years ago • updated 5 days ago
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to t...
Moby Race Condition vulnerability
GHSA-2mj3-vfvx-fc43 CVE-2024-36621 HIGH published about 1 year ago • updated 3 days ago
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurr...
Recent PRs
Bump the docker group across 1 directory with 5 updates

dependabot/cli #555

28.5.1+incompatible → 28.5.2+incompatible Patch PR
Open about 1 month ago 2 comments
dependabot
build(deps): bump the project-dependency group with 14 updates

runfinch/finch-daemon #379

28.3.3+incompatible → 28.5.2+incompatible Minor PR
Closed about 2 months ago 1 comment
runfinch
Bump the docker group across 1 directory with 4 updates

dependabot/cli #553

28.5.1+incompatible → 28.5.2+incompatible Patch PR
Closed about 2 months ago 1 comment
dependabot
go: bump the docker group across 1 directory with 4 updates

eiffel-fl/inspektor-gadget #351

28.2.2+incompatible → 28.5.2+incompatible Minor PR
Closed 3 months ago 1 comment
eiffel-fl
go: bump the docker group across 1 directory with 4 updates

eiffel-fl/inspektor-gadget #350

28.2.2+incompatible → 28.5.2+incompatible Minor PR
Closed 3 months ago 1 comment
eiffel-fl
go: bump the docker group across 1 directory with 4 updates

eiffel-fl/inspektor-gadget #349

28.2.2+incompatible → 28.5.2+incompatible Minor PR
Closed 3 months ago 1 comment
eiffel-fl
Bump the docker group with 4 updates

dependabot/cli #521

28.4.0+incompatible → 28.5.0+incompatible Minor PR
Open 5 months ago
dependabot
chore(deps): bump the dependencies group with 17 updates

Scalingo/sand #307

28.3.3+incompatible → 28.4.0+incompatible Minor PR
Open 5 months ago
Scalingo
build(deps): bump the docker group with 6 updates

SherfeyInv/brew #136

27.3.1+incompatible → 28.4.0+incompatible Major PR
Open 5 months ago 2 comments
SherfeyInv
Bump the docker group with 4 updates

dsp-testing/dpabot-cli #10

28.2.2+incompatible → 28.4.0+incompatible Minor PR
Closed 5 months ago 1 comment
dsp-testing
Bump the docker group with 4 updates

dsp-testing/dpabot-cli-4 #7

28.2.2+incompatible → 28.4.0+incompatible Minor PR
Open 5 months ago
dsp-testing
Bump the docker group with 4 updates

robaiken/dpabot-cli-2 #1

28.2.2+incompatible → 28.4.0+incompatible Minor PR
Closed 5 months ago 1 comment
robaiken
Bump the all group across 1 directory with 17 updates

dependabot/cli #512

28.3.3+incompatible → 28.4.0+incompatible Minor PR
Merged 5 months ago
dependabot
Bump the docker group with 3 updates

dependabot/cli #510

28.3.3+incompatible → 28.4.0+incompatible Minor PR
Closed 5 months ago 1 comment
dependabot
Bump the all group across 1 directory with 19 updates

dsp-testing/dpabot-cli #8

28.2.2+incompatible → 28.4.0+incompatible Minor PR
Open 5 months ago 1 comment
dsp-testing
Bump the all group across 1 directory with 19 updates

dsp-testing/dpabot-cli-2 #8

28.2.2+incompatible → 28.4.0+incompatible Minor PR
Closed 5 months ago 1 comment
dsp-testing
Bump the all group across 1 directory with 15 updates

dependabot/cli #509

28.3.3+incompatible → 28.4.0+incompatible Minor PR
Open 5 months ago
dependabot
build(deps): bump the gomod group with 8 updates

chainguard-dev/melange #2126

28.3.2+incompatible → 28.3.3+incompatible Patch PR
Merged 6 months ago 1 comment
chainguard-dev
Package Details
Name: github.com/moby/moby
Ecosystem: go
PURL Type: golang
Package URL: pkg:golang/github.com/moby/moby
JSON API: View JSON
Security Advisories

9

Active advisories
HIGH 2
MODERATE 7
View All golang Advisories
Package Information
Description:

Repository: https://github.com/moby/moby
Homepage: https://github.com/moby/moby
Latest Release: v27.3.1+incompatible
over 1 year ago
Dependent Repos: 1,657
Dependent Packages: 461
Ranking: Top 0.1951% by dependent repos Top 0.1978% by dependent pkgs
PR Status
Open 75 (45.2%)
Merged 20 (12.0%)
Closed 65 (39.2%)
PR Types
Major 54 (32.5%)
Patch 32 (19.3%)
Minor 74 (44.6%)