pkg:Go/github.com/distribution/distribution

All known vulnerabilities

• HIGH7.5CVE-2026-35172Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation
  from 0, <= 2.8.3
• HIGH7.5CVE-2026-33540Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
  from 0, <= 2.8.3
• HIGH7.5CVE-2023-2253docker-registry - security update
  from 0, < 2.8.2-beta.1+incompatible
• MEDIUM6.5CVE-2026-41888Distribution's tag deletion bypasses `storage.delete.enabled` configuration
  from 0, <= 2.8.3
• —CVE-2025-24976Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution
  from 0