Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

github.com/moby/moby

Ecosystem:
go
Package URL:
pkg:golang/github.com/moby/moby
Total PRs:
157 Dependabot PRs
Latest PR:
19 days ago
Unique Repositories:
39 repositories
Unique Repos (30 days):
17 repositories
Security Advisories
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
GHSA-2mm7-x5h6-5pvq CVE-2022-24769 MODERATE published over 1 year ago • updated 3 months ago
### Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities...
Path Traversal in Moby builder
GHSA-6hwg-w5jg-9c6x CVE-2020-27534 MODERATE published almost 2 years ago • updated 3 months ago
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, con...
moby Access to remapped root allows privilege escalation to real root
GHSA-7452-xqpj-6rpc CVE-2021-21284 MODERATE published almost 2 years ago • updated 3 months ago
### Impact When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `...
moby docker daemon crash during image pull of malicious image
GHSA-6fj5-m822-rqx8 CVE-2021-21285 MODERATE published almost 2 years ago • updated 3 months ago
### Impact Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon. ### Patches Versions 20.10.3 and 19.03.15 cont...
Moby Race Condition vulnerability
GHSA-2mj3-vfvx-fc43 CVE-2024-36621 HIGH published 11 months ago • updated 2 months ago
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurr...
View all 10 advisories
Recent PRs (filtered by: Closed , Patch PRs )
RSS Feed Clear filter
Bump the docker group with 2 updates

dependabot/cli #488

28.3.2+incompatible → 28.3.3+incompatible Patch PR
Closed 3 months ago 1 comment
dependabot
go: bump github.com/moby/moby from 28.3.0+incompatible to 28.3.2+incompatible in the docker group across 1 directory

inspektor-gadget/ig-desktop #233

28.3.0+incompatible → 28.3.2+incompatible Patch PR
Closed 3 months ago 1 comment
inspektor-gadget
Bump the docker group with 3 updates

dependabot/cli #480

28.3.0+incompatible → 28.3.2+incompatible Patch PR
Closed 3 months ago 1 comment
dependabot
Bump the all group across 1 directory with 8 updates

dependabot/cli #477

28.3.0+incompatible → 28.3.1+incompatible Patch PR
Closed 4 months ago 1 comment
dependabot
Package Details
Name: github.com/moby/moby
Ecosystem: go
PURL Type: golang
Package URL: pkg:golang/github.com/moby/moby
JSON API: View JSON
Security Advisories

10

Active advisories
HIGH 2
MODERATE 8
View All golang Advisories
Package Information
Description:

Repository: https://github.com/moby/moby
Homepage: https://github.com/moby/moby
Latest Release: v27.3.1+incompatible
about 1 year ago
Dependent Repos: 1,657
Dependent Packages: 461
Ranking: Top 0.1951% by dependent repos Top 0.1978% by dependent pkgs
PR Status
Open 73 (46.5%)
Merged 20 (12.7%)
Closed 58 (36.9%)
PR Types
Major 52 (33.1%)
Patch 29 (18.5%)
Minor 70 (44.6%)