Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-44005	CRITICAL	10	Wolfi	step-certificates	No	Yes	Dec 03, 2025
CVE-2025-66506	HIGH	7.5	Podman	buildah	No	Yes	Dec 04, 2025
CVE-2025-65637	HIGH	7.5	cAdvisor	docker-credential-gcr	No	Yes	Dec 04, 2025
CVE-2025-61727	MEDIUM	6.5	cAdvisor	prometheus-redis-exporter-fips	No	Yes	Dec 03, 2025
CVE-2025-66406	MEDIUM	5	Wolfi	caddy	No	Yes	Dec 03, 2025

CVE-2021-37794:
Wolfi vulnerability analysis and mitigation

5.4

Related Wolfi vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2021-37794: Wolfi vulnerability analysis and mitigation