Is zotregistry.dev/zot safe to use?

zotregistry.dev/zot has 8 known vulnerabilities on the latest version (v1.4.3). DepScope rates its health at 26/100 (critical risk).

What is the latest version of zotregistry.dev/zot?

The latest version of zotregistry.dev/zot is v1.4.3, released 2022-11-30.

Yes. zotregistry.dev/zot has 8 known vulnerabilities. See depscope.dev/pkg/go/zotregistry.dev/zot for details.

No, zotregistry.dev/zot is actively maintained. Latest release: v1.4.3 (2022-11-30).

DepScope has no curated alternatives for zotregistry.dev/zot at this time.

License information for zotregistry.dev/zot is not declared in the registry metadata.

govv1.4.3

82 versions0 deps

/ 100

Health

update required

zotregistry.dev/[email protected] has vulnerabilities — update to latest

Update to >= 2.1.15 to fix known vulnerabilities

Health breakdown0 – 100

0/25

maintenance

0/20

popularity

11/25

security

15/15

maturity

0/15

community

Vulnerabilities

2 high2 medium

Advisories (8)

Severity	ID	Summary	Fixed in
medium	CVE-2024-39897	Cache driver GetBlob() allows read access to any blob without access control check	2.1.0
high	CVE-2026-31801	zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required)	2.1.15
medium	CVE-2025-48374	zot logs secrets	1.4.4-0.20250522160828-8a99a3ed231f

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/zotregistry.dev/zot

Last updated · 2022-11-30T07:35:06Z