Security

Report a vulnerability

SECURITY.md

Security Policy

Please follow the security policy to report a security vulnerability or concern.

Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation
GHSA-xm96-gfjx-jcrc published May 13, 2026 by jonesbusy

High

Learn more about advisories related to oras-project/oras-java in the GitHub Advisory Database