Alpine Linux - 9 CVEs (Page 1/1)

About “Alpine Linux”

A curated feed of “Alpine Linux”-related CVEs appears below. We currently track 9 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.7 (all time), and 67% are rated High/Critical (all time). Top CWEs (all time): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-909 - Missing Initialization of Resource, CWE-312 - Cleartext Storage of Sensitive Information.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: alpine-linux

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
3.23	2025-12-04	3.23.4	2027-11-01
3.22	2025-05-30	3.22.4	2027-05-01
3.21	2024-12-05	3.21.7	2026-11-01 Soon
3.20	2024-05-22	3.20.10	2026-04-01 Expired
3.19	2023-12-07	3.19.9	2025-11-01 Expired
3.18	2023-05-09	3.18.12	2025-05-09 Expired
3.17	2022-11-22	3.17.10	2024-11-22 Expired
3.16	2022-05-23	3.16.9	2024-05-23 Expired
3.15	2021-11-24	3.15.11	2023-11-01 Expired
3.14	2021-06-15	3.14.10	2023-05-01 Expired
3.13	2021-01-14	3.13.12	2022-11-01 Expired
3.12	2020-05-29	3.12.12	2022-05-01 Expired
3.11	2019-12-19	3.11.13	2021-11-01 Expired
3.10	2019-06-19	3.10.9	2021-05-01 Expired
3.9	2019-01-29	3.9.6	2020-11-01 Expired
3.8	2018-06-26	3.8.5	2020-05-01 Expired
3.7	2017-11-30	3.7.3	2019-11-01 Expired
3.6	2017-05-24	3.6.5	2019-05-01 Expired
3.5	2016-12-22	3.5.3	2018-11-01 Expired
3.4	2016-05-31	3.4.6	2018-05-01 Expired
3.3	2015-12-19	3.3.3	2017-11-01 Expired
3.2	2015-05-26	3.2.3	2017-05-01 Expired
3.1	2014-12-10	3.1.4	2016-11-01 Expired
3.0	2014-06-04	3.0.6	2016-05-01 Expired
2.7	2011-01-06	2.7.9	2015-11-01 Expired
2.6	2010-12-15	2.6.8	2015-05-01 Expired
2.5	2010-08-12	2.5.4	2014-11-01 Expired
2.4	2010-07-07	2.4.11	2014-05-01 Expired
2.3	2010-05-19	2.3.6	2013-11-01 Expired
2.2	2010-05-04	2.2.5	2013-05-01 Expired
2.1	2009-12-30	2.1.6	2012-11-01 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Alpine Linux” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2022-01-06

Critical

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the c…

CVSS: 9.8 CWE: CWE-909 - Missing Initialization of Resource View on NVD

2021-07-05

Medium

CVE-2021-36158

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.

CVSS: 5.9 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD

2021-04-21

High

CVE-2021-30139

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

2021-03-24

Medium

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.

CVSS: 5.5 CWE: N/A View on NVD

2019-06-18

Medium

CVE-2019-12875

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD

2019-05-08

Critical

CVE-2019-5021

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 201…

CVSS: 9.8 CWE: CWE-258 - Empty Password in Configuration File View on NVD

2018-12-20

High

CVE-2018-1000849

Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This att…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD

2017-07-17

High

CVE-2017-9671

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax h…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

High

CVE-2017-9669

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD