Github.Com Apptainer Apptainer vulnerabilities
4 known vulnerabilities affecting github.com/apptainer_apptainer.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-30549P3MEDIUMCVSS 5.5≥ 0, < 1.1.82023-04-25
CVE-2023-30549 [MEDIUM] CWE-416 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
### Impact
There is an ext4 use-after-free flaw described in CVE-2022-1184 that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unle
ghsaosv
CVE-2025-65105P4MEDIUM≥ 0, < 1.4.52025-12-02
CVE-2025-65105 [MEDIUM] CWE-61 Apptainer ineffectively applies selinux and apparmor --security options
Apptainer ineffectively applies selinux and apparmor --security options
### Impact
In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used `--security` option, in particular the forms `--security=apparmor:` and `--security=selinux:` which otherwise put restrictions on operations that containers can do. The `--security` option has always been mentioned
ghsaosv
CVE-2023-38496P4MEDIUM≥ 1.2.0, < 1.2.12023-07-25
CVE-2023-38496 [MEDIUM] CWE-269 Ineffective privileges drop when requesting container network
Ineffective privileges drop when requesting container network
### Impact
Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an attacker could possibly craft a starter c
ghsaosv
CVE-2026-48785MEDIUM≥ 0, < 1.5.12026-06-26
CVE-2026-48785 [MEDIUM] CWE-22 Apptainer has incorrect path matching for 'limit container paths' directive
Apptainer has incorrect path matching for 'limit container paths' directive
### Impact
The `limit container paths directive` in `apptainer.conf` is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed.
For example, the conf
ghsa