Known Vulnerabilities for products from Dokku
Listed below are 5 of the newest known vulnerabilities associated with the vendor "Dokku".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54636 json | Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-45408 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metachara... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-45407 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, ... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-45406 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includ... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-45405 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip ar... | Not Provided | 2026-06-26 | 2026-06-26 |