- How many CVEs does Docker have?
- Docker has 146 published CVE records since 2014, including 30 in the last two years.
- How many Docker CVEs are in CISA KEV?
- Yes — 1 of Docker's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Docker products have the most CVEs?
- The Docker products with the most published CVEs are docker, Docker Desktop, github.com/docker/docker, desktop, engine.
- What are the most common weakness types in Docker CVEs?
- Docker's CVEs most often map to these CWE weakness types: CWE-532 (Insertion of Sensitive Information into Log File), CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints), CWE-59 (Improper Link Resolution Before File Access ('Link Following')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- Are there public exploits for Docker vulnerabilities?
- Yes — 10 of Docker's CVEs have a known public exploit.
- How many critical Docker vulnerabilities are there?
- Docker has 23 critical and 68 high-severity CVEs.
- What is the average severity of Docker CVEs?
- The average CVSS base score across Docker's scored CVEs is 7.3.