Sylabs Singularity Image Format
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sylabs Singularity Image Format.
By the Year
In 2026 there have been 0 vulnerabilities in Sylabs Singularity Image Format. Singularity Image Format did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 9.80 |
| 2021 | 1 | 7.50 |
It may take a day or so for new Singularity Image Format vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sylabs Singularity Image Format Security Vulnerabilities
Insecure Hash Algorithm in syslabs/sif SIF ref impl (pre-2.8.1)
CVE-2022-39237
9.8 - Critical
- October 06, 2022
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.
Use of a Broken or Risky Cryptographic Algorithm
SIF is an open source implementation of the Singularity Container Image Format
CVE-2021-29499
7.5 - High
- May 07, 2021
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure the `ID` field is generated using a version of `github.com/satori/go.uuid` that is not vulnerable to this issue.
Use of Insufficiently Random Values
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sylabs Singularity Image Format or by Sylabs? Click the Watch button to subscribe.
