[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-23653":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":24,"downstream":25,"duplicates":60,"related":61,"reserved_at":9,"published_at":106,"modified_at":107,"state":108,"summary":109,"references_raw":118,"kevs":158,"epss":159,"epss_history":162,"metrics":418,"affected":427},"CVE-2024-23653","BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-863","Incorrect Authorization","The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.","weakness","Incomplete","Class","High",[],[],[22,23],"GHSA-wr6v-9f75-vh2g","GO-2024-2497",[],[26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58],{"_key":27},"UBUNTU-CVE-2024-23653",{"_key":29},"SUSE-SU-2024:0586-2",{"_key":31},"SUSE-SU-2024:0587-1",{"_key":33},"SUSE-SU-2024:1469-1",{"_key":35},"SUSE-SU-2025:03540-1",{"_key":37},"SUSE-SU-2025:1102-1",{"_key":39},"SUSE-RU-2024:4391-1",{"_key":41},"SUSE-SU-2024:0586-1",{"_key":43},"SUSE-SU-2024:3120-1",{"_key":45},"SUSE-SU-2025:0226-1",{"_key":47},"OPENSUSE-SU-2024:13688-1",{"_key":49},"OPENSUSE-SU-2024:13689-1",{"_key":51},"OPENSUSE-SU-2024:14059-1",{"_key":53},"OPENSUSE-SU-2024:14571-1",{"_key":55},"SUSE-SU-2025:20056-1",{"_key":57},"SUSE-SU-2025:20107-1",{"_key":59},"SUSE-SU-2025:03545-1",[],[62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,80,82,84,86,88,90,92,94,96,98,100,102,104],{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":79},"CGA-344H-5273-2QM3",{"_key":81},"CGA-3RX2-XC4V-W65P",{"_key":83},"CGA-5FX8-MRWP-MM4W",{"_key":85},"CGA-77RR-PW42-JR4H",{"_key":87},"CGA-9XCH-C66W-8P9W",{"_key":89},"CGA-C58J-F664-3RRR",{"_key":91},"CGA-C5VW-FJ32-5XV5",{"_key":93},"CGA-JG5C-JJ8Q-4J3C",{"_key":95},"CGA-JH96-52RX-R7GM",{"_key":97},"CGA-MP5R-39JJ-5VVR",{"_key":99},"CGA-QQGF-6WQM-GC4V",{"_key":101},"CGA-RJ7W-F98X-2F7X",{"_key":103},"CGA-V57Q-MVJQ-RMJP",{"_key":105},"CGA-C52M-5J7Q-7JXP","2024-01-31T22:03:56.667Z","2024-08-23T18:16:30.503Z","Modified",{"cisa_kev":110,"cisa_ransomware":110,"cisa_vendor":9,"epss_severity":111,"epss_score":112,"severity":113,"severity_score":114,"severity_version":115,"severity_source":116,"severity_vector":117,"severity_status":108},false,"medium",0.10301,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[119,128,135,140,145,149,153],{"url":120,"sources":121,"tags":124},"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g",[116,122,123],"nvd","osv_go",[125,126,127],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":129,"sources":130,"tags":131},"https://github.com/moby/buildkit/pull/4602",[116,122,123],[132,133,126,127,134],"X Refsource MISC","Patch","FIX",{"url":136,"sources":137,"tags":138},"https://github.com/moby/buildkit/releases/tag/v0.12.5",[116,122,123],[132,133,139,127],"Release Notes",{"url":141,"sources":142,"tags":143},"https://nvd.nist.gov/vuln/detail/CVE-2024-23653",[123],[144],"Advisory",{"url":146,"sources":147,"tags":148},"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e",[123],[127,134],{"url":150,"sources":151,"tags":152},"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e",[123],[127,134],{"url":154,"sources":155,"tags":156},"https://github.com/moby/buildkit",[123],[157],"PACKAGE",[],{"date":160,"score":112,"percentile":161},"2026-06-04",0.93312,[163,167,170,173,176,178,180,183,186,189,192,195,198,201,204,208,211,214,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,268,271,274,277,280,283,286,288,291,294,297,300,303,306,308,310,313,316,319,322,325,328,330,333,336,339,342,345,348,350,353,356,359,362,365,367,369,372,374,377,380,383,385,387,390,393,395,398,401,404,407,410,412,414,416],{"date":164,"score":165,"percentile":166},"2025-11-04",0.08854,0.9217,{"date":168,"score":165,"percentile":169},"2025-11-05",0.92171,{"date":171,"score":165,"percentile":172},"2025-11-06",0.92173,{"date":174,"score":165,"percentile":175},"2025-11-07",0.92176,{"date":177,"score":165,"percentile":172},"2025-11-08",{"date":179,"score":165,"percentile":169},"2025-11-09",{"date":181,"score":165,"percentile":182},"2025-11-10",0.92172,{"date":184,"score":165,"percentile":185},"2025-11-11",0.92178,{"date":187,"score":165,"percentile":188},"2025-11-12",0.92184,{"date":190,"score":165,"percentile":191},"2025-11-13",0.92186,{"date":193,"score":165,"percentile":194},"2025-11-14",0.92188,{"date":196,"score":165,"percentile":197},"2025-11-15",0.92185,{"date":199,"score":165,"percentile":200},"2025-11-16",0.92192,{"date":202,"score":165,"percentile":203},"2025-11-17",0.92191,{"date":205,"score":206,"percentile":207},"2025-11-18",0.04341,0.8782,{"date":209,"score":206,"percentile":210},"2025-11-19",0.87824,{"date":212,"score":206,"percentile":213},"2025-11-20",0.87829,{"date":215,"score":216,"percentile":217},"2025-11-21",0.09073,0.9231,{"date":219,"score":216,"percentile":220},"2025-11-22",0.92308,{"date":222,"score":216,"percentile":223},"2025-11-23",0.92314,{"date":225,"score":216,"percentile":226},"2025-11-24",0.92315,{"date":228,"score":216,"percentile":229},"2025-11-25",0.92317,{"date":231,"score":216,"percentile":232},"2025-11-26",0.92316,{"date":234,"score":216,"percentile":235},"2025-11-27",0.92312,{"date":237,"score":216,"percentile":238},"2025-11-28",0.92304,{"date":240,"score":216,"percentile":241},"2025-11-29",0.92321,{"date":243,"score":216,"percentile":244},"2025-11-30",0.92318,{"date":246,"score":216,"percentile":247},"2025-12-01",0.92364,{"date":249,"score":216,"percentile":250},"2025-12-02",0.92368,{"date":252,"score":165,"percentile":253},"2025-12-03",0.92266,{"date":255,"score":165,"percentile":256},"2025-12-04",0.92223,{"date":258,"score":165,"percentile":259},"2025-12-05",0.92226,{"date":261,"score":165,"percentile":262},"2025-12-06",0.9223,{"date":264,"score":165,"percentile":265},"2025-12-07",0.92229,{"date":267,"score":165,"percentile":262},"2025-12-08",{"date":269,"score":165,"percentile":270},"2025-12-09",0.92233,{"date":272,"score":165,"percentile":273},"2025-12-10",0.92241,{"date":275,"score":165,"percentile":276},"2025-12-11",0.92243,{"date":278,"score":165,"percentile":279},"2025-12-12",0.92248,{"date":281,"score":165,"percentile":282},"2025-12-13",0.9224,{"date":284,"score":165,"percentile":285},"2025-12-14",0.92237,{"date":287,"score":165,"percentile":282},"2025-12-15",{"date":289,"score":165,"percentile":290},"2025-12-16",0.92247,{"date":292,"score":165,"percentile":293},"2025-12-17",0.92252,{"date":295,"score":165,"percentile":296},"2025-12-18",0.92256,{"date":298,"score":165,"percentile":299},"2025-12-19",0.92259,{"date":301,"score":165,"percentile":302},"2025-12-20",0.9226,{"date":304,"score":165,"percentile":305},"2025-12-21",0.92261,{"date":307,"score":165,"percentile":299},"2025-12-22",{"date":309,"score":165,"percentile":305},"2025-12-23",{"date":311,"score":165,"percentile":312},"2025-12-24",0.92265,{"date":314,"score":165,"percentile":315},"2025-12-25",0.9227,{"date":317,"score":165,"percentile":318},"2025-12-26",0.92271,{"date":320,"score":165,"percentile":321},"2025-12-27",0.92299,{"date":323,"score":165,"percentile":324},"2025-12-28",0.92268,{"date":326,"score":165,"percentile":327},"2025-12-29",0.92264,{"date":329,"score":165,"percentile":324},"2025-12-30",{"date":331,"score":165,"percentile":332},"2025-12-31",0.92275,{"date":334,"score":165,"percentile":335},"2026-01-01",0.92331,{"date":337,"score":165,"percentile":338},"2026-01-02",0.92328,{"date":340,"score":165,"percentile":341},"2026-01-03",0.92326,{"date":343,"score":165,"percentile":344},"2026-01-04",0.92282,{"date":346,"score":165,"percentile":347},"2026-01-05",0.9228,{"date":349,"score":165,"percentile":344},"2026-01-06",{"date":351,"score":165,"percentile":352},"2026-01-07",0.92283,{"date":354,"score":165,"percentile":355},"2026-01-08",0.92286,{"date":357,"score":165,"percentile":358},"2026-01-09",0.92289,{"date":360,"score":165,"percentile":361},"2026-01-10",0.9229,{"date":363,"score":165,"percentile":364},"2026-01-11",0.92285,{"date":366,"score":165,"percentile":355},"2026-01-12",{"date":368,"score":165,"percentile":364},"2026-01-13",{"date":370,"score":165,"percentile":371},"2026-01-14",0.92296,{"date":373,"score":165,"percentile":371},"2026-01-15",{"date":375,"score":165,"percentile":376},"2026-01-16",0.92298,{"date":378,"score":165,"percentile":379},"2026-01-17",0.92301,{"date":381,"score":165,"percentile":382},"2026-01-18",0.92294,{"date":384,"score":165,"percentile":371},"2026-01-19",{"date":386,"score":165,"percentile":321},"2026-01-20",{"date":388,"score":165,"percentile":389},"2026-01-21",0.92303,{"date":391,"score":165,"percentile":392},"2026-01-22",0.92306,{"date":394,"score":165,"percentile":223},"2026-01-23",{"date":396,"score":165,"percentile":397},"2026-01-24",0.9232,{"date":399,"score":165,"percentile":400},"2026-01-25",0.92323,{"date":402,"score":165,"percentile":403},"2026-01-26",0.92325,{"date":405,"score":165,"percentile":406},"2026-01-27",0.92327,{"date":408,"score":165,"percentile":409},"2026-01-28",0.92329,{"date":411,"score":165,"percentile":409},"2026-01-29",{"date":413,"score":165,"percentile":338},"2026-01-30",{"date":415,"score":165,"percentile":338},"2026-01-31",{"date":417,"score":165,"percentile":250},"2026-02-01",[419,423,425],{"source":116,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":114,"baseSeverity":421,"vectorString":117,"impactScore":114,"exploitabilityScore":422},"CRITICAL",10,{"source":122,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":424,"cvss_v4_0":9},{"baseScore":114,"baseSeverity":421,"vectorString":117,"impactScore":114,"exploitabilityScore":422},{"source":123,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":426,"cvss_v4_0":9},{"baseScore":114,"baseSeverity":9,"vectorString":117,"impactScore":114,"exploitabilityScore":422},[428,441,447],{"ecosystem":429,"name":430,"vendor":431,"product":432,"cpe_part":9,"purl_type":433,"purl_namespace":431,"purl_name":432,"source":9,"versions":434},"Go","github.com/moby/buildkit","github.com/moby","buildkit","golang",[435],{"version":436,"is_range":437,"range_type":438,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt0_12_5",true,"semver","0.12.5","excluding",{"ecosystem":9,"name":432,"vendor":442,"product":432,"cpe_part":443,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":444},"moby","a",[445],{"version":446,"is_range":437,"range_type":116,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"\u003C 0.12.5",{"ecosystem":9,"name":432,"vendor":448,"product":432,"cpe_part":443,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"mobyproject",[450],{"version":451,"is_range":437,"range_type":452,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt0.12.5","cpe"]