140 CVEs

1 in CISA KEV

docker Vulnerabilities

CVE security advisories and vulnerability history for docker.

140

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

10

Public exploits

With known exploit

6.6

Avg CVSS

2014–2026

Overview

docker has 140 published CVE records since 2014, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 10 have a known public exploit. The average CVSS base score across scored CVEs is 6.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting docker products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of docker's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical4

High31

Medium37

Low6

62 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of docker's CVEs is confirmed exploited in the wild.

Public exploits

10

10 of docker's CVEs have a known public exploit available.

Most affected products

The docker products with the most published CVEs.

docker53 CVEs
Docker Desktop35 CVEs
github.com/docker/docker30 CVEs
moby20 CVEs
desktop14 CVEs
Security Verify Access Docker14 CVEs
security verify access14 CVEs
github.com/moby/moby12 CVEs

Common weakness types

The CWE weakness categories most often found in docker CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish docker CVE records.

Disclosure activity by year

How many docker CVEs were published each year.

2019

12

2020

22

2021

21

2022

9

2023

19

2024

9

2025

14

2026

10

Latest docker CVEs

The most recently disclosed vulnerabilities affecting docker.

Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM
CWE-674
High · CVSS 8.2
2026-06-02
Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading
CWE-829
High · CVSS 8.8
EPSS 0.0%2026-05-22
Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends
CWE-829
High · CVSS 8.8
EPSS 0.0%2026-05-22
Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
CWE-863
High · CVSS 8.8
EPSS 0.0%2026-05-22
Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)
CWE-918
High · CVSS 7.0
EPSS 0.0%2026-04-01
Moby: Off-by-one error in plugin privilege validation
CWE-193
Medium · CVSS 6.8
EPSS 0.0%2026-03-31
Moby: AuthZ plugin bypass with oversized request body
CWE-288
High · CVSS 8.8
EPSS 0.0%2026-03-31
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CWE-427
High · CVSS 7.0
EPSS 0.0%2026-03-04
Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
CWE-749
High · CVSS 7.6
EPSS 0.0%2026-02-27
Out of bounds read vulnerability in grpcfuse kernel module
CWE-125
Medium · CVSS 6.8
EPSS 0.0%2026-02-24
Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
CWE-532
Low · CVSS 2.4
EPSS 0.0%2025-12-09
DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode
CWE-749
High · CVSS 7.3
EPSS 0.0%2025-12-03

Track new docker CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor docker CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about docker vulnerabilities.

How many CVEs does docker have?

docker has 140 published CVE records since 2014, including 24 in the last two years.

How many docker CVEs are in CISA KEV?

Yes — 1 of docker's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which docker products have the most CVEs?

The docker products with the most published CVEs are docker, Docker Desktop, github.com/docker/docker, moby, desktop.

What are the most common weakness types in docker CVEs?

docker's CVEs most often map to these CWE weakness types: CWE-532 (Insertion of Sensitive Information into Log File), CWE-863 (Incorrect Authorization), CWE-59 (Improper Link Resolution Before File Access ('Link Following')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

Are there public exploits for docker vulnerabilities?

Yes — 10 of docker's CVEs have a known public exploit.

How many critical docker vulnerabilities are there?

docker has 4 critical and 31 high-severity CVEs.

What is the average severity of docker CVEs?

The average CVSS base score across docker's scored CVEs is 6.6.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track docker vulnerabilities

Monitor new docker vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing