Skip to content

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)

Trivy Image Scan

  • Image: docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)
  • Scan date: 2026-04-01

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04) (ubuntu)

Package Vulnerability ID Severity Installed Version Fixed Version Links
binutils CVE-2025-1180 MEDIUM 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
binutils CVE-2017-13716 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils CVE-2019-1010204 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils CVE-2022-27943 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils CVE-2022-48064 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils CVE-2025-1152 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
binutils-common CVE-2025-1180 MEDIUM 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
binutils-common CVE-2017-13716 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-common CVE-2019-1010204 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-common CVE-2022-27943 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-common CVE-2022-48064 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-common CVE-2025-1152 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2025-1180 MEDIUM 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
binutils-x86-64-linux-gnu CVE-2017-13716 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-x86-64-linux-gnu CVE-2019-1010204 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-x86-64-linux-gnu CVE-2022-27943 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-x86-64-linux-gnu CVE-2022-48064 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-x86-64-linux-gnu CVE-2025-1152 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
cpp-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
cpp-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
cpp-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
g++-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
g++-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
g++-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11-base CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11-base CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11-base CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-12-base CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
git CVE-2024-52005 MEDIUM 1:2.34.1-1ubuntu1.17 no fix available https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005 https://errata.almalinux.org/9/ALSA-2025-7409.html https://errata.rockylinux.org/RLSA-2025:7409 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
git-man CVE-2024-52005 MEDIUM 1:2.34.1-1ubuntu1.17 no fix available https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005 https://errata.almalinux.org/9/ALSA-2025-7409.html https://errata.rockylinux.org/RLSA-2025:7409 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
gpgv CVE-2025-68972 MEDIUM 2.2.27-3ubuntu2.5 no fix available https://access.redhat.com/security/cve/CVE-2025-68972 https://gpg.fail/formfeed https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i https://news.ycombinator.com/item?id=46404339 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://www.cve.org/CVERecord?id=CVE-2025-68972
gpgv CVE-2022-3219 LOW 2.2.27-3ubuntu2.5 no fix available https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/D556 https://dev.gnupg.org/T5993 https://marc.info/?l=oss-security&m=165696590211434&w=4 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://security.netapp.com/advisory/ntap-20230324-0001/ https://www.cve.org/CVERecord?id=CVE-2022-3219
libasan6 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
libasan6 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
libasan6 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libatomic1 CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libbinutils CVE-2025-1180 MEDIUM 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
libbinutils CVE-2017-13716 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
libbinutils CVE-2019-1010204 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
libbinutils CVE-2022-27943 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libbinutils CVE-2022-48064 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
libbinutils CVE-2025-1152 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://www.gnu.org/
libcc1-0 CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04.3 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libctf-nobfd0 CVE-2025-1180 MEDIUM 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2025-1180 https://nvd.nist.gov/vuln/detail/CVE-2025-1180 https://sourceware.org/bugzilla/attachment.cgi?id=15917 https://sourceware.org/bugzilla/show_bug.cgi?id=32642 https://vuldb.com/?ctiid.295083 https://vuldb.com/?id.295083 https://vuldb.com/?submit.495381 https://www.cve.org/CVERecord?id=CVE-2025-1180 https://www.gnu.org/
libctf-nobfd0 CVE-2017-13716 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
libctf-nobfd0 CVE-2019-1010204 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
libctf-nobfd0 CVE-2022-27943 LOW 2.38-4ubuntu2.12 no fix available https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
1619 other vulnerabilities found...
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.9.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.9.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.17.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.17.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/6.2.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/6.2.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.6.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.6.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundle-install/0.8.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1 https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/anchore/syft CVE-2026-33481 MEDIUM v0.80.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2025-8556 LOW v1.3.7 1.6.1 https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://news.ycombinator.com/item?id=45669593 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/cloudflare/circl CVE-2026-1229 LOW v1.3.7 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://ubuntu.com/security/notices/USN-7983-1 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2024-40635 MEDIUM v1.7.25 1.7.27, 1.6.38 https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://ubuntu.com/security/notices/USN-7983-1 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/docker/cli CVE-2025-15558 HIGH v25.0.3+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker CVE-2026-34040 HIGH v26.1.4+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v26.1.4+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/docker/docker CVE-2025-54410 LOW v26.1.4+incompatible 25.0.13, 28.0.0 https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.13.0 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.13.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.13.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH v3.5.1 no fix available https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.11 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-22869 HIGH v0.31.0 0.35.0 https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://bugzilla.redhat.com/show_bug.cgi?id=2348367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869 https://errata.almalinux.org/9/ALSA-2025-3833.html https://errata.rockylinux.org/RLSA-2025:7416 https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.31.0 0.45.0 https://access.redhat.com/security/cve/CVE-2025-47914 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135 https://www.cve.org/CVERecord?id=CVE-2025-47914
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.31.0 0.45.0 https://access.redhat.com/security/cve/CVE-2025-58181 https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c https://github.com/golang/go/issues/76363 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1 https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134 https://ubuntu.com/security/notices/USN-7956-1 https://www.cve.org/CVERecord?id=CVE-2025-58181
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.62.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2025-68121 CRITICAL v1.23.4 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.4 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.4 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.4 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.4 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/issues/70530 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.4 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.4 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.4 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.4 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.4 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.4 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
3 other vulnerabilities found...
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundler/0.8.48/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1 https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/anchore/syft CVE-2026-33481 MEDIUM v0.80.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2025-8556 LOW v1.3.9 1.6.1 https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://news.ycombinator.com/item?id=45669593 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/cloudflare/circl CVE-2026-1229 LOW v1.3.9 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.27 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://ubuntu.com/security/notices/USN-7983-1 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.27 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://ubuntu.com/security/notices/USN-7983-1 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/docker/cli CVE-2025-15558 HIGH v27.0.2+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker CVE-2026-34040 HIGH v26.1.4+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v26.1.4+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/docker/docker CVE-2025-54410 LOW v26.1.4+incompatible 25.0.13, 28.0.0 https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.13.0 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.13.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.13.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH v3.5.1 no fix available https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.36.0 0.45.0 https://access.redhat.com/security/cve/CVE-2025-47914 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135 https://www.cve.org/CVERecord?id=CVE-2025-47914
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.36.0 0.45.0 https://access.redhat.com/security/cve/CVE-2025-58181 https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c https://github.com/golang/go/issues/76363 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1 https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134 https://ubuntu.com/security/notices/USN-7956-1 https://www.cve.org/CVERecord?id=CVE-2025-58181
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.64.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2025-68121 CRITICAL v1.24.3 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-22874 HIGH v1.24.3 1.24.4 https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib CVE-2025-47907 HIGH v1.24.3 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.24.3 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.24.3 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.24.3 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.24.3 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-0913 MEDIUM v1.24.3 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-4673 MEDIUM v1.24.3 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.24.3 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.24.3 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.3 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.3 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.24.3 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.24.3 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.24.3 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.11.1/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.25.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2026-25679 HIGH v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.11.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.25.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2026-25679 HIGH v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.12.0/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.12.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.12.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.12.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_clojure-tools/2.17.4/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_conda-env-update/0.8.15/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.18.16/bin/env (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.18.16/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.18.17/bin/env (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.18.17/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/6.8.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/6.8.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dist-zip/5.12.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-aspnet-runtime/1.6.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-sdk/1.6.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.2.15/bin/port-chooser (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.2.15/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-publish/1.2.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.11.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.11.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.10.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.25.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2026-25679 HIGH v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.11.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.11.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_executable-jar/6.15.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_git/1.1.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.24.6 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.24.6 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.24.6 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-build/2.4.13/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.37.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/cli CVE-2025-15558 HIGH v29.1.5+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.38.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.76.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2025-68121 CRITICAL v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.24.6 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.24.6 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.24.6 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-dist/2.9.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.36.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/cli CVE-2025-15558 HIGH v29.1.2+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.16.3 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.3 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.3 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.38.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.76.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.25.7 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.7 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.7 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-mod-vendor/1.1.15/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.36.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.38.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.76.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2025-68121 CRITICAL v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.24.6 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.24.6 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.24.6 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/10.2.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/10.2.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_gradle/8.4.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_httpd/1.0.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.37.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/cli CVE-2025-15558 HIGH v29.0.0+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.16.3 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.3 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.3 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.38.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.74.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2025-68121 CRITICAL v1.25.5 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-61726 HIGH v1.25.5 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.25.5 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2026-25679 HIGH v1.25.5 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-61730 MEDIUM v1.25.5 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.25.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_icu/0.9.16/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.11.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.25.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2026-25679 HIGH v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.12.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.12.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_jattach/1.12.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.10.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.10.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_leiningen/4.15.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/6.1.2/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/6.1.2/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_maven/6.22.3/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_miniconda/0.11.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_mri/0.19.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.37.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.38.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.76.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2025-68121 CRITICAL v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-58183 HIGH v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.24.6 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.24.6 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-47912 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.24.6 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.24.6 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.24.6 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.24.6 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.24.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_native-image/5.18.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/1.0.17/bin/configure (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/1.0.17/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.37.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.76.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/8.0.5/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/8.0.5/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/8.0.5/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.38.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/cli CVE-2025-15558 HIGH v29.1.2+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.74.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/8.0.6/bin/inspector (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/8.0.6/bin/optimize-memory (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/8.0.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.38.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.5 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.74.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.3.26/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-start/2.6.8/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.3.9/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-start/2.4.9/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_passenger/0.14.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1 https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/anchore/syft CVE-2026-33481 MEDIUM v0.80.0 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2025-8556 LOW v1.3.9 1.6.1 https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://news.ycombinator.com/item?id=45669593 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/cloudflare/circl CVE-2026-1229 LOW v1.3.9 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/containerd/containerd CVE-2024-25621 HIGH v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2024-25621 https://github.com/containerd/containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w https://nvd.nist.gov/vuln/detail/CVE-2024-25621 https://ubuntu.com/security/notices/USN-7983-1 https://www.cve.org/CVERecord?id=CVE-2024-25621
github.com/containerd/containerd CVE-2024-40635 MEDIUM v1.7.25 1.7.27, 1.6.38 https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/containerd/containerd CVE-2025-64329 MEDIUM v1.7.25 1.7.29 https://access.redhat.com/security/cve/CVE-2025-64329 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2 https://nvd.nist.gov/vuln/detail/CVE-2025-64329 https://ubuntu.com/security/notices/USN-7983-1 https://www.cve.org/CVERecord?id=CVE-2025-64329
github.com/docker/cli CVE-2025-15558 HIGH v27.0.2+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker CVE-2026-34040 HIGH v26.1.4+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v26.1.4+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/docker/docker CVE-2025-54410 LOW v26.1.4+incompatible 25.0.13, 28.0.0 https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0 https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0 https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.12.0 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.12.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.12.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH v3.5.1 no fix available https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/nwaples/rardecode CVE-2025-11579 MEDIUM v1.1.3 no fix available https://access.redhat.com/security/cve/CVE-2025-11579 https://github.com/nwaples/rardecode https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://nvd.nist.gov/vuln/detail/CVE-2025-11579 https://pkg.go.dev/vuln/GO-2025-4020 https://www.cve.org/CVERecord?id=CVE-2025-11579
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto CVE-2025-22869 HIGH v0.31.0 0.35.0 https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://bugzilla.redhat.com/show_bug.cgi?id=2348367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869 https://errata.almalinux.org/9/ALSA-2025-3833.html https://errata.rockylinux.org/RLSA-2025:7416 https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/crypto CVE-2025-47914 MEDIUM v0.31.0 0.45.0 https://access.redhat.com/security/cve/CVE-2025-47914 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://pkg.go.dev/vuln/GO-2025-4135 https://www.cve.org/CVERecord?id=CVE-2025-47914
golang.org/x/crypto CVE-2025-58181 MEDIUM v0.31.0 0.45.0 https://access.redhat.com/security/cve/CVE-2025-58181 https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c https://github.com/golang/go/issues/76363 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1 https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://pkg.go.dev/vuln/GO-2025-4134 https://ubuntu.com/security/notices/USN-7956-1 https://www.cve.org/CVERecord?id=CVE-2025-58181
golang.org/x/net CVE-2025-22870 MEDIUM v0.26.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.26.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.64.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
google.golang.org/grpc GHSA-xr7q-jx4m-x55m LOW v1.64.0 1.64.1 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
stdlib CVE-2025-68121 CRITICAL v1.23.4 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.4 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.4 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.4 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.4 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/issues/70530 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.4 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.4 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.4 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.4 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.4 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.4 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.4 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
6 other vulnerabilities found...
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip-install/0.7.20/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip/0.26.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv-install/0.7.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv/1.24.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-install/0.6.24/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-run/0.5.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry/0.16.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.12.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.25.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2026-25679 HIGH v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.13.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.13.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_puma/0.4.60/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-68121 CRITICAL v1.23.5 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.5 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.5 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.5 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.23.5 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_python-start/0.15.16/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rackup/0.4.52/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.26.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.26.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-68121 CRITICAL v1.23.1 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.1 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.1 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.1 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.1 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/issues/70530 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.1 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.1 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.1 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.1 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.1 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.1 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.23.1 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.23.1 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.23.1 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rails-assets/0.10.25/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.28.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.28.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-68121 CRITICAL v1.23.1 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.1 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.1 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.1 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.1 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/issues/70530 https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2 https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.almalinux.org/8/ALSA-2025-3772.html https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4 https://github.com/golang/go/issues/71156 https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib CVE-2025-0913 MEDIUM v1.23.1 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.1 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.1 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.1 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.1 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.1 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.1 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.1 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.23.1 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.23.1 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.23.1 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rake/0.4.61/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.28.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.28.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-68121 CRITICAL v1.23.5 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.5 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.5 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.5 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.23.5 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_sbt/6.22.3/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_source-removal/1.0.17/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.36.1/bin/helper (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.36.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_syft/2.31.2/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_thin/0.5.56/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-68121 CRITICAL v1.23.5 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.5 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.5 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.5 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.23.5 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_unicorn/0.4.59/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/ulikunitz/xz CVE-2025-58058 MEDIUM v0.5.12 0.5.15 https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net CVE-2025-22870 MEDIUM v0.33.0 0.36.0 http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net CVE-2025-22872 MEDIUM v0.33.0 0.38.0 https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib CVE-2025-68121 CRITICAL v1.23.5 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2025-47907 HIGH v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:20909 https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/2387083 https://bugzilla.redhat.com/2393152 https://errata.almalinux.org/9/ALSA-2025-20909.html https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47907.html https://linux.oracle.com/errata/ELSA-2025-20983.html https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib CVE-2025-58183 HIGH v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/errata/RHSA-2026:1381 https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/2407258 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183 https://errata.almalinux.org/9/ALSA-2026-1381.html https://errata.rockylinux.org/RLSA-2025:23326 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://linux.oracle.com/cve/CVE-2025-58183.html https://linux.oracle.com/errata/ELSA-2026-50076.html https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://pkg.go.dev/vuln/GO-2025-4014 https://www.cve.org/CVERecord?id=CVE-2025-58183
stdlib CVE-2025-61726 HIGH v1.23.5 1.24.12, 1.25.6 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-61726 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61726.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61726 https://pkg.go.dev/vuln/GO-2026-4341 https://www.cve.org/CVERecord?id=CVE-2025-61726
stdlib CVE-2025-61728 HIGH v1.23.5 1.24.12, 1.25.6 http://www.openwall.com/lists/oss-security/2026/01/15/4 https://access.redhat.com/errata/RHSA-2026:3753 https://access.redhat.com/security/cve/CVE-2025-61728 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434431 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434431 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3753.html https://errata.rockylinux.org/RLSA-2026:3337 https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://linux.oracle.com/cve/CVE-2025-61728.html https://linux.oracle.com/errata/ELSA-2026-4672.html https://nvd.nist.gov/vuln/detail/CVE-2025-61728 https://pkg.go.dev/vuln/GO-2026-4342 https://www.cve.org/CVERecord?id=CVE-2025-61728
stdlib CVE-2025-61729 HIGH v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/errata/RHSA-2026:3928 https://access.redhat.com/security/cve/CVE-2025-61729 https://bugzilla.redhat.com/2418462 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2418462 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-3928.html https://errata.rockylinux.org/RLSA-2026:3928 https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://linux.oracle.com/cve/CVE-2025-61729.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-61729 https://pkg.go.dev/vuln/GO-2025-4155 https://www.cve.org/CVERecord?id=CVE-2025-61729
stdlib CVE-2026-25679 HIGH v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2025-0913 MEDIUM v1.23.5 1.23.10, 1.24.4 https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866 https://errata.rockylinux.org/RLSA-2025:3773 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib CVE-2025-22871 MEDIUM v1.23.5 1.23.8, 1.24.2 http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9635 https://github.com/roadrunner-server/roadrunner https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa https://github.com/roadrunner-server/roadrunner/issues/2166 https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib CVE-2025-22873 MEDIUM v1.23.5 1.23.9, 1.24.3 http://www.openwall.com/lists/oss-security/2025/05/06/2 https://access.redhat.com/security/cve/CVE-2025-22873 https://go.dev/cl/670036 https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22873 https://pkg.go.dev/vuln/GO-2026-4403 https://www.cve.org/CVERecord?id=CVE-2025-22873
stdlib CVE-2025-4673 MEDIUM v1.23.5 1.23.10, 1.24.4 https://access.redhat.com/errata/RHSA-2025:15887 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673 https://errata.almalinux.org/9/ALSA-2025-15887.html https://errata.rockylinux.org/RLSA-2025:15887 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
stdlib CVE-2025-47906 MEDIUM v1.23.5 1.23.12, 1.24.6 http://www.openwall.com/lists/oss-security/2025/08/06/1 https://access.redhat.com/errata/RHSA-2025:22005 https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/2396546 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906 https://errata.almalinux.org/9/ALSA-2025-22005.html https://errata.rockylinux.org/RLSA-2025:22005 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://linux.oracle.com/cve/CVE-2025-47906.html https://linux.oracle.com/errata/ELSA-2025-22668.html https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://pkg.go.dev/vuln/GO-2025-3956 https://www.cve.org/CVERecord?id=CVE-2025-47906
stdlib CVE-2025-47912 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://pkg.go.dev/vuln/GO-2025-4010 https://www.cve.org/CVERecord?id=CVE-2025-47912
stdlib CVE-2025-58185 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://pkg.go.dev/vuln/GO-2025-4011 https://www.cve.org/CVERecord?id=CVE-2025-58185
stdlib CVE-2025-58186 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58186 https://go.dev/cl/709855 https://go.dev/issue/75672 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58186 https://pkg.go.dev/vuln/GO-2025-4012 https://www.cve.org/CVERecord?id=CVE-2025-58186
stdlib CVE-2025-58187 MEDIUM v1.23.5 1.24.9, 1.25.3 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58187 https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 https://go.dev/cl/709854 https://go.dev/issue/75681 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58187 https://pkg.go.dev/vuln/GO-2025-4007 https://www.cve.org/CVERecord?id=CVE-2025-58187
stdlib CVE-2025-58188 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58188 https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9 https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58188 https://pkg.go.dev/vuln/GO-2025-4013 https://www.cve.org/CVERecord?id=CVE-2025-58188
stdlib CVE-2025-58189 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://pkg.go.dev/vuln/GO-2025-4008 https://www.cve.org/CVERecord?id=CVE-2025-58189
stdlib CVE-2025-61723 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://pkg.go.dev/vuln/GO-2025-4009 https://www.cve.org/CVERecord?id=CVE-2025-61723
stdlib CVE-2025-61724 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://pkg.go.dev/vuln/GO-2025-4015 https://www.cve.org/CVERecord?id=CVE-2025-61724
stdlib CVE-2025-61725 MEDIUM v1.23.5 1.24.8, 1.25.2 http://www.openwall.com/lists/oss-security/2025/10/08/1 https://access.redhat.com/security/cve/CVE-2025-61725 https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://nvd.nist.gov/vuln/detail/CVE-2025-61725 https://pkg.go.dev/vuln/GO-2025-4006 https://www.cve.org/CVERecord?id=CVE-2025-61725
stdlib CVE-2025-61727 MEDIUM v1.23.5 1.24.11, 1.25.5 https://access.redhat.com/security/cve/CVE-2025-61727 https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://nvd.nist.gov/vuln/detail/CVE-2025-61727 https://pkg.go.dev/vuln/GO-2025-4175 https://www.cve.org/CVERecord?id=CVE-2025-61727
stdlib CVE-2025-61730 MEDIUM v1.23.5 1.24.12, 1.25.6 https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://nvd.nist.gov/vuln/detail/CVE-2025-61730 https://pkg.go.dev/vuln/GO-2026-4340
stdlib CVE-2026-27142 MEDIUM v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.23.5 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_upx/4.1.2/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_vsdbg/0.6.16/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.6.2/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-68121 CRITICAL v1.25.6 1.24.13, 1.25.7, 1.26.0-rc.3 https://access.redhat.com/errata/RHSA-2026:4177 https://access.redhat.com/security/cve/CVE-2025-68121 https://bugzilla.redhat.com/2434432 https://bugzilla.redhat.com/2437111 https://bugzilla.redhat.com/show_bug.cgi?id=2434432 https://bugzilla.redhat.com/show_bug.cgi?id=2437111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 https://errata.almalinux.org/9/ALSA-2026-4177.html https://errata.rockylinux.org/RLSA-2026:4177 https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://linux.oracle.com/cve/CVE-2025-68121.html https://linux.oracle.com/errata/ELSA-2026-5146.html https://nvd.nist.gov/vuln/detail/CVE-2025-68121 https://pkg.go.dev/vuln/GO-2026-4337 https://www.cve.org/CVERecord?id=CVE-2025-68121
stdlib CVE-2026-25679 HIGH v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27142 MEDIUM v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27139 LOW v1.25.6 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.9.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.9.1/bin/main (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.7.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.1 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.1 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.7.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.42.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.17.0 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.79.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found
No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-start/2.5.9/bin/run (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.2.24/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.38.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/cli CVE-2025-15558 HIGH v29.1.2+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.16.4 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.4 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.4 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.39.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.74.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:5942 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2434433 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/9/ALSA-2026-5942.html https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-5942.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27137 https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.2.25/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/syft CVE-2026-33481 MEDIUM v1.38.2 1.42.3 https://github.com/anchore/stereoscope/pull/537 https://github.com/anchore/syft https://github.com/anchore/syft/pull/4629 https://github.com/anchore/syft/pull/4668 https://github.com/anchore/syft/security/advisories/GHSA-rjcw-vg7j-m9rc https://nvd.nist.gov/vuln/detail/CVE-2026-33481
github.com/cloudflare/circl CVE-2026-1229 LOW v1.6.1 1.6.3 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/pull/583 https://github.com/cloudflare/circl/releases/tag/v1.6.3 https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x https://nvd.nist.gov/vuln/detail/CVE-2026-1229
github.com/docker/cli CVE-2025-15558 HIGH v29.1.2+incompatible 29.2.0 https://access.redhat.com/security/cve/CVE-2025-15558 https://docs.docker.com/desktop/release-notes https://docs.docker.com/desktop/release-notes/ https://github.com/docker/cli https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa https://github.com/docker/cli/pull/6713 https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p https://github.com/docker/compose/pull/12300 https://nvd.nist.gov/vuln/detail/CVE-2025-15558 https://www.cve.org/CVERecord?id=CVE-2025-15558 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304 https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/go-git/go-git/v5 CVE-2026-25934 MEDIUM v5.16.4 5.16.5 https://access.redhat.com/security/cve/CVE-2026-25934 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3 https://nvd.nist.gov/vuln/detail/CVE-2026-25934 https://ubuntu.com/security/notices/USN-8088-1 https://www.cve.org/CVERecord?id=CVE-2026-25934
github.com/go-git/go-git/v5 CVE-2026-34165 MEDIUM v5.16.4 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp https://nvd.nist.gov/vuln/detail/CVE-2026-34165
github.com/go-git/go-git/v5 CVE-2026-33762 LOW v5.16.4 5.17.1 https://github.com/go-git/go-git https://github.com/go-git/go-git/releases/tag/v5.17.1 https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 https://nvd.nist.gov/vuln/detail/CVE-2026-33762
go.opentelemetry.io/otel/sdk CVE-2026-24051 HIGH v1.39.0 1.40.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.74.2 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

cnb/lifecycle/launcher (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/launcher.sbom.cdx.json (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/launcher.sbom.spdx.json (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/lifecycle (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/moby/buildkit CVE-2026-33747 HIGH v0.28.0 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33747 https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj https://nvd.nist.gov/vuln/detail/CVE-2026-33747 https://www.cve.org/CVERecord?id=CVE-2026-33747
github.com/moby/buildkit CVE-2026-33748 HIGH v0.28.0 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33748 https://docs.docker.com/build/concepts/context/#url-fragments https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg https://nvd.nist.gov/vuln/detail/CVE-2026-33748 https://www.cve.org/CVERecord?id=CVE-2026-33748
No Misconfigurations found

cnb/lifecycle/lifecycle.sbom.cdx.json (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/moby/buildkit CVE-2026-33747 HIGH v0.28.0 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33747 https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj https://nvd.nist.gov/vuln/detail/CVE-2026-33747 https://www.cve.org/CVERecord?id=CVE-2026-33747
github.com/moby/buildkit CVE-2026-33748 HIGH v0.28.0 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33748 https://docs.docker.com/build/concepts/context/#url-fragments https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg https://nvd.nist.gov/vuln/detail/CVE-2026-33748 https://www.cve.org/CVERecord?id=CVE-2026-33748
No Misconfigurations found

cnb/lifecycle/lifecycle.sbom.spdx.json (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/docker/docker CVE-2026-34040 HIGH v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040
github.com/docker/docker CVE-2026-33997 MEDIUM v28.5.2+incompatible 29.3.1 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997
github.com/moby/buildkit CVE-2026-33747 HIGH v0.28.0 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33747 https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj https://nvd.nist.gov/vuln/detail/CVE-2026-33747 https://www.cve.org/CVERecord?id=CVE-2026-33747
github.com/moby/buildkit CVE-2026-33748 HIGH v0.28.0 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33748 https://docs.docker.com/build/concepts/context/#url-fragments https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg https://nvd.nist.gov/vuln/detail/CVE-2026-33748 https://www.cve.org/CVERecord?id=CVE-2026-33748
No Misconfigurations found