{"package":"zotregistry.dev/zot","ecosystem":"go","latest_version":"v1.4.3","description":"","license":"","license_risk":"unknown","commercial_use_notes":"No license declared in registry metadata — verify manually before commercial use.","homepage":"https://pkg.go.dev/zotregistry.dev/zot","repository":"","downloads_weekly":0,"health":{"score":26,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":11,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":8,"critical":0,"high":2,"medium":2,"low":4,"details":[{"vuln_id":"CVE-2024-39897","severity":"medium","summary":"Cache driver GetBlob() allows read access to any blob without access control check","affected_versions":"<2.1.0|<2.1.0","fixed_version":"2.1.0","source":"osv","published_at":"2024-07-09T21:04:00Z","in_kev":false,"epss_prob":0.00361,"epss_percentile":0.5822,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31801","severity":"high","summary":"zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required)","affected_versions":"<2.1.15|>=1.3.0-20210831063041-c8779d9e87d9,<=1.4.4-20251014054906-73eef25681af","fixed_version":"2.1.15","source":"osv","published_at":"2026-03-10T23:44:25Z","in_kev":false,"epss_prob":0.00038,"epss_percentile":0.11144,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-48374","severity":"medium","summary":"zot logs secrets","affected_versions":"<1.4.4-0.20250522160828-8a99a3ed231f","fixed_version":"1.4.4-0.20250522160828-8a99a3ed231f","source":"osv","published_at":"2025-05-22T20:33:39Z","in_kev":false,"epss_prob":0.00128,"epss_percentile":0.31713,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-23208","severity":"high","summary":"Zot IdP group membership revocation ignored","affected_versions":"<2.1.2","fixed_version":"2.1.2","source":"osv","published_at":"2025-01-17T22:02:26Z","in_kev":false,"epss_prob":0.00107,"epss_percentile":0.28524,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-39897","severity":"unknown","summary":"Cache driver GetBlob() allows read access to any blob without access control check in zotregistry.dev/zot","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2024-07-10T17:05:50Z","in_kev":false,"epss_prob":0.00361,"epss_percentile":0.5822,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-23208","severity":"unknown","summary":"Zot IdP group membership revocation ignored in zotregistry.dev/zot","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2025-01-28T15:01:21Z","in_kev":false,"epss_prob":0.00107,"epss_percentile":0.28524,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-48374","severity":"unknown","summary":"zot logs secrets in zotregistry.dev/zot","affected_versions":"<1.4.4-0.20250522160828-8a99a3ed231f","fixed_version":"1.4.4-0.20250522160828-8a99a3ed231f","source":"osv","published_at":"2025-05-27T20:47:04Z","in_kev":false,"epss_prob":0.00128,"epss_percentile":0.31713,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31801","severity":"unknown","summary":"zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required) in zotregistry.dev/zot","affected_versions":"<2.1.15","fixed_version":"2.1.15","source":"osv","published_at":"2026-03-12T20:57:37Z","in_kev":false,"epss_prob":0.00038,"epss_percentile":0.11144,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.4.3","total_count":82,"recent":["v1.2.2","v1.4.1-rc6","v1.4.2-rc1","v1.1.9","v1.1.8","v0.2.9","v1.3.8-rc3","v1.3.5","v1.4.2-rc5","v1.1.13","v1.4.0-rc4","v1.3.8","v1.4.1-rc2","v1.1.14","v1.0.1","v1.1.0","v1.1.7","v0.2.7","v1.3.7","v0.3.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2022-11-30T07:35:06Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (26/100)","2 high severity vulnerabilities"],"use_version":"v1.4.3","version_hint":"Update to >= 2.1.15 to fix known vulnerabilities","summary":"zotregistry.dev/zot@v1.4.3 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":21,"first_release_age_days":null,"last_release_days_ago":1248,"avg_days_between_releases":null,"release_velocity":"stale"}}