Skip to content

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)

Trivy Image Scan

  • Image: docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)
  • Scan date: 2025-12-14

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04) (ubuntu)

Package Vulnerability ID Severity Installed Version Fixed Version Links
binutils CVE-2025-11412 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/attachment.cgi?id=16378 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327348 https://vuldb.com/?id.327348 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://www.gnu.org/
binutils CVE-2025-11413 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/attachment.cgi?id=16362 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327349 https://vuldb.com/?id.327349 https://vuldb.com/?submit.665587 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://www.gnu.org/
binutils CVE-2025-11414 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/attachment.cgi?id=16361 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327350 https://vuldb.com/?id.327350 https://vuldb.com/?submit.665591 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://www.gnu.org/
binutils CVE-2025-11494 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://www.gnu.org/
binutils CVE-2025-1180 MEDIUM 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
binutils CVE-2017-13716 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils CVE-2019-1010204 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils CVE-2022-27943 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils CVE-2022-48064 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils CVE-2025-1152 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
binutils-common CVE-2025-11412 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/attachment.cgi?id=16378 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327348 https://vuldb.com/?id.327348 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://www.gnu.org/
binutils-common CVE-2025-11413 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/attachment.cgi?id=16362 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327349 https://vuldb.com/?id.327349 https://vuldb.com/?submit.665587 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://www.gnu.org/
binutils-common CVE-2025-11414 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/attachment.cgi?id=16361 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327350 https://vuldb.com/?id.327350 https://vuldb.com/?submit.665591 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://www.gnu.org/
binutils-common CVE-2025-11494 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://www.gnu.org/
binutils-common CVE-2025-1180 MEDIUM 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
binutils-common CVE-2017-13716 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-common CVE-2019-1010204 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-common CVE-2022-27943 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-common CVE-2022-48064 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-common CVE-2025-1152 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2025-11412 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/attachment.cgi?id=16378 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327348 https://vuldb.com/?id.327348 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2025-11413 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/attachment.cgi?id=16362 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327349 https://vuldb.com/?id.327349 https://vuldb.com/?submit.665587 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2025-11414 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/attachment.cgi?id=16361 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327350 https://vuldb.com/?id.327350 https://vuldb.com/?submit.665591 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2025-11494 MEDIUM 2.38-4ubuntu2.11 2.38-4ubuntu2.12 https://access.redhat.com/security/cve/CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://ubuntu.com/security/notices/USN-7919-1 https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2025-1180 MEDIUM 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2017-13716 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-x86-64-linux-gnu CVE-2019-1010204 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-x86-64-linux-gnu CVE-2022-27943 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-x86-64-linux-gnu CVE-2022-48064 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-x86-64-linux-gnu CVE-2025-1152 LOW 2.38-4ubuntu2.11 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
coreutils CVE-2016-2781 LOW 8.32-4.1ubuntu1.2 no fix available http://seclists.org/oss-sec/2016/q1/452 http://www.openwall.com/lists/oss-security/2016/02/28/2 http://www.openwall.com/lists/oss-security/2016/02/28/3 https://access.redhat.com/security/cve/CVE-2016-2781 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lore.kernel.org/patchwork/patch/793178/ https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes https://nvd.nist.gov/vuln/detail/CVE-2016-2781 https://www.cve.org/CVERecord?id=CVE-2016-2781
cpp-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
cpp-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
cpp-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
curl CVE-2025-0167 LOW 7.81.0-1ubuntu1.21 no fix available https://curl.se/docs/CVE-2025-0167.html https://curl.se/docs/CVE-2025-0167.json https://hackerone.com/reports/2917232 https://nvd.nist.gov/vuln/detail/CVE-2025-0167 https://security.netapp.com/advisory/ntap-20250306-0008/ https://www.cve.org/CVERecord?id=CVE-2025-0167
curl CVE-2025-9086 LOW 7.81.0-1ubuntu1.21 no fix available http://www.openwall.com/lists/oss-security/2025/09/10/1 https://access.redhat.com/security/cve/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://www.cve.org/CVERecord?id=CVE-2025-9086
g++-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
g++-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
g++-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11-base CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11-base CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11-base CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-12-base CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
git CVE-2024-52005 MEDIUM 1:2.34.1-1ubuntu1.15 no fix available https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005 https://errata.almalinux.org/9/ALSA-2025-7409.html https://errata.rockylinux.org/RLSA-2025:7482 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
git-man CVE-2024-52005 MEDIUM 1:2.34.1-1ubuntu1.15 no fix available https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005 https://errata.almalinux.org/9/ALSA-2025-7409.html https://errata.rockylinux.org/RLSA-2025:7482 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
gpgv CVE-2022-3219 LOW 2.2.27-3ubuntu2.4 no fix available https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/D556 https://dev.gnupg.org/T5993 https://marc.info/?l=oss-security&m=165696590211434&w=4 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://security.netapp.com/advisory/ntap-20230324-0001/ https://www.cve.org/CVERecord?id=CVE-2022-3219
libasan6 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.2 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
1489 other vulnerabilities found...
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.8.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.8.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.16.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.16.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/6.1.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/6.1.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.5.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.5.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundle-install/0.8.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1 https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl CVE-2025-8556 LOW v1.3.7 1.6.1 https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://news.ycombinator.com/item?id=45669593 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2024-40635 MEDIUM v1.7.25 1.7.27, 1.6.38 https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker CVE-2025-54410 LOW v26.1.4+incompatible 28.0.0 https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH v3.5.1 no fix available https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.11 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-22869 HIGH v0.31.0 0.35.0 https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://bugzilla.redhat.com/show_bug.cgi?id=2348367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869 https://errata.almalinux.org/9/ALSA-2025-3833.html https://errata.rockylinux.org/RLSA-2025:7484 https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.31.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.31.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.4 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2362345 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3931 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7592 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7466 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.4 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.4 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.4 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundler/0.8.48/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1 https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl CVE-2025-8556 LOW v1.3.9 1.6.1 https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://news.ycombinator.com/item?id=45669593 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.27 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.27 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker CVE-2025-54410 LOW v26.1.4+incompatible 28.0.0 https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH v3.5.1 no fix available https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.36.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.36.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-22874 HIGH v1.24.3 1.24.4 https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib CVE-2025-47907 HIGH v1.24.3 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.3 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-0913 MEDIUM v1.24.3 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-4673 MEDIUM v1.24.3 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.24.3 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.4/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.4/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.5/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.24.9 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.24.9 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.5/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.24.9 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.24.9 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.11.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.11.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_clojure-tools/2.16.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_conda-env-update/0.8.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/nwaples/rardecode/v2 CVE-2025-11579 MEDIUM v2.1.1 2.2.0 https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.14 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.41.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.41.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.18.4/bin/env (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.18.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/6.3.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/6.3.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dist-zip/5.11.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-aspnet-runtime/1.6.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-sdk/1.6.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.2.4/bin/port-chooser (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.2.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-publish/1.2.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.10.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.10.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.10.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.9.3/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.9.4/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.24.9 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.24.9 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_executable-jar/6.14.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_git/1.1.12/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-build/2.4.7/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-dist/2.9.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-mod-vendor/1.1.9/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/10.1.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/10.1.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_gradle/8.1.3/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_httpd/1.0.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_icu/0.9.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.10.2/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.10.3/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.24.9 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.24.9 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.11.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_jattach/1.11.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.9.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.9.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_leiningen/4.14.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.2.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.2.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_maven/6.21.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_miniconda/0.11.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/nwaples/rardecode/v2 CVE-2025-11579 MEDIUM v2.1.0 2.2.0 https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.11.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_mri/0.19.0/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_native-image/5.17.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/1.0.6/bin/configure (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/1.0.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.10.0/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.10.0/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.10.0/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.12.2/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.12.2/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.12.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.12.3/bin/inspector (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.12.3/bin/optimize-memory (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.12.3/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.3.12/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.3.13/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-start/2.5.12/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.2.5/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.2.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-start/2.3.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_passenger/0.14.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1 https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl CVE-2025-8556 LOW v1.3.9 1.6.1 https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://news.ycombinator.com/item?id=45669593 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2024-40635 MEDIUM v1.7.25 1.7.27, 1.6.38 https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker CVE-2025-54410 LOW v26.1.4+incompatible 28.0.0 https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0 https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0 https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH v3.5.1 no fix available https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-22869 HIGH v0.31.0 0.35.0 https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://bugzilla.redhat.com/show_bug.cgi?id=2348367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869 https://errata.almalinux.org/9/ALSA-2025-3833.html https://errata.rockylinux.org/RLSA-2025:7484 https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.31.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.31.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
golang.org/x/net CVE-2025-22870 MEDIUM v0.26.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.26.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc GHSA-xr7q-jx4m-x55m LOW v1.64.0 1.64.1 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
stdlib CVE-2025-47907 HIGH v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.4 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2362345 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3931 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7592 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7466 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.4 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.4 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.4 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip-install/0.7.9/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip/0.24.8/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv-install/0.7.7/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv/1.23.9/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-install/0.6.12/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-run/0.5.8/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry/0.14.5/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.11.3/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.11.4/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.24.9 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.24.9 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.12.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_puma/0.4.60/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_python-start/0.15.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.14 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rackup/0.4.52/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.26.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.26.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.1 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.1 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2362345 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3931 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7592 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7466 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.1 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.1 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.1 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.1 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rails-assets/0.10.25/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.28.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.28.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.1 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.1 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2362345 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3931 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7592 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:7466 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.1 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.1 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.1 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.1 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rake/0.4.61/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.28.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.28.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_sbt/6.20.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_source-removal/1.0.4/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.34.0/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.34.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_syft/2.26.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_thin/0.5.56/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_unicorn/0.4.59/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:7466 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9317 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:16432 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_upx/3.9.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_vsdbg/0.6.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.5.5/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.24.9 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.24.9 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.6.0/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.6.12/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.6.13/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found
No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.6.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-58183 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.7 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.7 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.7 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.7 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-start/2.4.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.2.12/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.2.13/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.4 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.2.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.28 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/opencontainers/selinux CVE-2025-52881 HIGH v1.12.0 1.13.0 http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-52881 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2404715 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:22012 https://github.com/opencontainers/runc https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557 https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58 https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6 https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544 https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28 https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165 https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64 https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51 https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480 https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r https://github.com/opencontainers/selinux/pull/237 https://github.com/opencontainers/selinux/releases/tag/v1.13.0 https://linux.oracle.com/cve/CVE-2025-52881.html https://linux.oracle.com/errata/ELSA-2025-22012.html https://nvd.nist.gov/vuln/detail/CVE-2025-52881 https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs https://ubuntu.com/security/notices/USN-7851-1 https://www.cve.org/CVERecord?id=CVE-2025-52881 https://youtu.be/tGseJW_uBB8 https://youtu.be/y1PaBzxwRWQ
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.43.0 0.45.0 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2025:22011 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2404715 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2025-22011.html https://errata.rockylinux.org/RLSA-2025:23088 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2025-23088.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-58186 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012
stdlib CVE-2025-58187 HIGH v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/lifecycle/launcher (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/lifecycle/launcher.sbom.cdx.json (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH 1.25.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM 1.25.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/lifecycle/launcher.sbom.spdx.json (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH 1.25.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM 1.25.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/lifecycle/lifecycle (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH v1.25.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM v1.25.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/lifecycle/lifecycle.sbom.cdx.json (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH 1.25.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM 1.25.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found

cnb/lifecycle/lifecycle.sbom.spdx.json (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-61729 HIGH 1.25.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61729 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2025-61727 MEDIUM 1.25.3 1.24.11, 1.25.5 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175
No Misconfigurations found