VYPR

Compose

by Docker

Source repositories

CVEs (2)

  • CVE-2025-62725HigOct 27, 2025
    risk 0.52cvss epss 0.14

    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile…

  • CVE-2025-15558Mar 4, 2026
    risk 0.00cvss epss 0.00

    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that…