VulnerableCode Package Details - pkg:golang/github.com/containers/podman/v5@5.5.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:golang/github.com/containers/podman/v5@5.5.2

purl	pkg:golang/github.com/containers/podman/v5@5.5.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-tuub-p4f4-nqer	Podman Improper Certificate Validation; machine missing TLS verification ### Impact The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry (which it does by default since 5.0.0) allowing a possible Man In The Middle attack. ### Patches https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 Fixed in v5.5.2 ### Workarounds Download the disk image manually via some other tool that verifies the TLS connection. Then pass the local image as file path (podman machine init --image ./somepath)	CVE-2025-6032 GHSA-65gg-3w2w-hr4h

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:56:51.324454+00:00	GithubOSV Importer	Fixing	VCID-tuub-p4f4-nqer	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-65gg-3w2w-hr4h/GHSA-65gg-3w2w-hr4h.json	38.0.0