builder-jammy-base:latest (ubuntu 22.04)¶

Trivy Image Scan

Image: docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)
Scan date: 2025-06-30

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04) (ubuntu)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
binutils	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-common	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-common	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-common	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-common	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-x86-64-linux-gnu	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-x86-64-linux-gnu	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-x86-64-linux-gnu	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-x86-64-linux-gnu	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
coreutils	CVE-2016-2781	LOW	8.32-4.1ubuntu1.2	no fix available	http://seclists.org/oss-sec/2016/q1/452 http://www.openwall.com/lists/oss-security/2016/02/28/2 http://www.openwall.com/lists/oss-security/2016/02/28/3 https://access.redhat.com/security/cve/CVE-2016-2781 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lore.kernel.org/patchwork/patch/793178/ https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes https://nvd.nist.gov/vuln/detail/CVE-2016-2781 https://www.cve.org/CVERecord?id=CVE-2016-2781
cpp-11	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
cpp-11	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
cpp-11	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
cpp-11	CVE-2023-4039	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
curl	CVE-2025-0167	LOW	7.81.0-1ubuntu1.20	no fix available	https://curl.se/docs/CVE-2025-0167.html https://curl.se/docs/CVE-2025-0167.json https://hackerone.com/reports/2917232 https://nvd.nist.gov/vuln/detail/CVE-2025-0167 https://security.netapp.com/advisory/ntap-20250306-0008/ https://www.cve.org/CVERecord?id=CVE-2025-0167
g++-11	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
g++-11	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
g++-11	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
g++-11	CVE-2023-4039	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
gcc-11	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11	CVE-2023-4039	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
gcc-11-base	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11-base	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11-base	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11-base	CVE-2023-4039	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
gcc-12-base	CVE-2022-27943	LOW	12.3.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-12-base	CVE-2023-4039	LOW	12.3.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
git	CVE-2024-52005	MEDIUM	1:2.34.1-1ubuntu1.12	no fix available	https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://errata.almalinux.org/9/ALSA-2025-7409.html https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
git-man	CVE-2024-52005	MEDIUM	1:2.34.1-1ubuntu1.12	no fix available	https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://errata.almalinux.org/9/ALSA-2025-7409.html https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
gpgv	CVE-2022-3219	LOW	2.2.27-3ubuntu2.3	no fix available	https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/D556 https://dev.gnupg.org/T5993 https://marc.info/?l=oss-security&m=165696590211434&w=4 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://security.netapp.com/advisory/ntap-20230324-0001/ https://www.cve.org/CVERecord?id=CVE-2022-3219
jq	CVE-2025-48060	MEDIUM	1.6-2.1ubuntu3	no fix available	https://access.redhat.com/security/cve/CVE-2025-48060 https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w https://nvd.nist.gov/vuln/detail/CVE-2025-48060 https://www.cve.org/CVERecord?id=CVE-2025-48060
libasan6	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
libasan6	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
libasan6	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libasan6	CVE-2023-4039	LOW	11.4.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
libatomic1	CVE-2022-27943	LOW	12.3.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libatomic1	CVE-2023-4039	LOW	12.3.0-1ubuntu1~22.04	no fix available	https://access.redhat.com/security/cve/CVE-2023-4039 https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt https://gcc.gnu.org/pipermail/gcc-patches/2023-October/634066.html https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf https://inbox.sourceware.org/gcc-patches/46cfa37b-56eb-344d-0745-e0d35393392d@gotplt.org https://linux.oracle.com/cve/CVE-2023-4039.html https://linux.oracle.com/errata/ELSA-2023-28766.html https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html https://www.cve.org/CVERecord?id=CVE-2023-4039
libbinutils	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
libbinutils	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
libbinutils	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libbinutils	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
libc-bin	CVE-2016-20013	LOW	2.35-0ubuntu3.10	no fix available	https://akkadia.org/drepper/SHA-crypt.txt https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ https://twitter.com/solardiz/status/795601240151457793 https://www.cve.org/CVERecord?id=CVE-2016-20013
libc-dev-bin	CVE-2016-20013	LOW	2.35-0ubuntu3.10	no fix available	https://akkadia.org/drepper/SHA-crypt.txt https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ https://twitter.com/solardiz/status/795601240151457793 https://www.cve.org/CVERecord?id=CVE-2016-20013
libc6	CVE-2016-20013	LOW	2.35-0ubuntu3.10	no fix available	https://akkadia.org/drepper/SHA-crypt.txt https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ https://twitter.com/solardiz/status/795601240151457793 https://www.cve.org/CVERecord?id=CVE-2016-20013
libc6-dev	CVE-2016-20013	LOW	2.35-0ubuntu3.10	no fix available	https://akkadia.org/drepper/SHA-crypt.txt https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ https://twitter.com/solardiz/status/795601240151457793 https://www.cve.org/CVERecord?id=CVE-2016-20013
1033 other vulnerabilities found...
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.5.6/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.5.6/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.12.1/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.12.1/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/5.26.1/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/5.26.1/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.2.4/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.2.4/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundle-install/0.8.14/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.22.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.22.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.23.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.23.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundler/0.8.25/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.1/bin/helper (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.2	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.2	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.2	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.1/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.2	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.2	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.2	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.3/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.8.5/bin/helper (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.8.5/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_clojure-tools/2.15.1/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_conda-env-update/0.7.14/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	HIGH	v1.3.6	1.3.7	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch https://kyberslash.cr.yp.to
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.6	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.10	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/containerd/containerd	GHSA-7ww5-4wqc-m92c	MEDIUM	v1.7.10	1.6.26, 1.7.11	https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/67d356cb3095f3e8f8ad7d36f9a733fea1e7e28c https://github.com/containerd/containerd/commit/746b910f05855c8bfdb4415a1c0f958b234910e5 https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c
github.com/docker/docker	CVE-2024-41110	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2024-24557	MEDIUM	v24.0.7+incompatible	24.0.9, 25.0.2	https://access.redhat.com/security/cve/CVE-2024-24557 https://github.com/moby/moby https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc https://nvd.nist.gov/vuln/detail/CVE-2024-24557 https://www.cve.org/CVERecord?id=CVE-2024-24557
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.16.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.16.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/crypto	CVE-2023-48795	MEDIUM	v0.16.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/errata/RHSA-2024:1150 https://access.redhat.com/security/cve/CVE-2023-48795 https://access.redhat.com/security/cve/cve-2023-48795 https://access.redhat.com/solutions/7071748 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/2254210 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 https://errata.almalinux.org/9/ALSA-2024-1150.html https://errata.rockylinux.org/RLSA-2024:0628 https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8 https://gitlab.com/libssh/libssh-mirror/-/tags https://go.dev/cl/550715 https://go.dev/issue/64784 https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5 https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795 https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://linux.oracle.com/cve/CVE-2023-48795.html https://linux.oracle.com/errata/ELSA-2024-2988.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://oryx-embedded.com/download/#changelog https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 https://security.netapp.com/advisory/ntap-20240105-0004 https://security.netapp.com/advisory/ntap-20240105-0004/ https://support.apple.com/kb/HT214084 https://terrapin-attack.com/ https://thorntech.com/cve-2023-48795-and-sftp-gateway https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://ubuntu.com/security/notices/USN-6560-1 https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6561-1 https://ubuntu.com/security/notices/USN-6585-1 https://ubuntu.com/security/notices/USN-6589-1 https://ubuntu.com/security/notices/USN-6598-1 https://ubuntu.com/security/notices/USN-6738-1 https://ubuntu.com/security/notices/USN-7051-1 https://ubuntu.com/security/notices/USN-7292-1 https://ubuntu.com/security/notices/USN-7297-1 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.debian.org/security/2023/dsa-5586 https://www.debian.org/security/2023/dsa-5588 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795 https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
golang.org/x/net	CVE-2023-45288	MEDIUM	v0.19.0	0.23.0	http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://access.redhat.com/errata/RHSA-2024:2724 https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268018 https://bugzilla.redhat.com/2268019 https://bugzilla.redhat.com/2268273 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783 https://errata.almalinux.org/9/ALSA-2024-2724.html https://errata.rockylinux.org/RLSA-2024:3346 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://kb.cert.org/vuls/id/421644 https://linux.oracle.com/cve/CVE-2023-45288.html https://linux.oracle.com/errata/ELSA-2024-3346.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://nowotarski.info/http2-continuation-flood-technical-details https://nowotarski.info/http2-continuation-flood/ https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://security.netapp.com/advisory/ntap-20240419-0009/ https://ubuntu.com/security/notices/USN-6886-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://www.kb.cert.org/vuls/id/421644
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.19.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.19.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/protobuf	CVE-2024-24786	MEDIUM	v1.31.0	1.33.0	http://www.openwall.com/lists/oss-security/2024/03/08/4 https://access.redhat.com/errata/RHSA-2024:2550 https://access.redhat.com/security/cve/CVE-2024-24786 https://bugzilla.redhat.com/2268046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786 https://errata.almalinux.org/9/ALSA-2024-2550.html https://errata.rockylinux.org/RLSA-2024:2550 https://github.com/protocolbuffers/protobuf-go https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023 https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0 https://go-review.googlesource.com/c/protobuf/+/569356 https://go.dev/cl/569356 https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/ https://linux.oracle.com/cve/CVE-2024-24786.html https://linux.oracle.com/errata/ELSA-2024-4246.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ https://nvd.nist.gov/vuln/detail/CVE-2024-24786 https://pkg.go.dev/vuln/GO-2024-2611 https://security.netapp.com/advisory/ntap-20240517-0002 https://security.netapp.com/advisory/ntap-20240517-0002/ https://ubuntu.com/security/notices/USN-6746-1 https://ubuntu.com/security/notices/USN-6746-2 https://www.cve.org/CVERecord?id=CVE-2024-24786
stdlib	CVE-2024-34156	HIGH	v1.22.4	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-24791	MEDIUM	v1.22.4	1.21.12, 1.22.5	https://access.redhat.com/errata/RHSA-2024:9135 https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/2268017 https://bugzilla.redhat.com/2268022 https://bugzilla.redhat.com/2279814 https://bugzilla.redhat.com/2295310 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791 https://errata.almalinux.org/9/ALSA-2024-9135.html https://errata.rockylinux.org/RLSA-2024:7349 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://linux.oracle.com/cve/CVE-2024-24791.html https://linux.oracle.com/errata/ELSA-2025-7256.html https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://pkg.go.dev/vuln/GO-2024-2963 https://security.netapp.com/advisory/ntap-20241004-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-24791
stdlib	CVE-2024-34155	MEDIUM	v1.22.4	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.4	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.4	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.4	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.4	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.4	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.4	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.4	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.15.2/bin/env (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.3	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.15.2/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
stdlib	CVE-2025-22874	HIGH	v1.24.3	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/5.35.0/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/5.35.0/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dist-zip/5.10.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-aspnet-runtime/1.0.21/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.31.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.33.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.33.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	LOW	v1.64.0	1.64.1	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-sdk/1.0.19/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.0.15/bin/port-chooser (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.0.15/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-publish/1.0.11/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.9.2/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.9.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.7.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.9.0/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.1	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22871	MEDIUM	v1.24.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.9.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_executable-jar/6.13.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_git/1.0.49/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.3	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-build/2.2.34/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
stdlib	CVE-2025-22874	HIGH	v1.24.3	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-dist/2.7.5/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
stdlib	CVE-2025-22874	HIGH	v1.24.3	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-mod-vendor/1.0.62/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
stdlib	CVE-2025-22874	HIGH	v1.24.3	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.3	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/9.4.2/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/9.4.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_gradle/7.19.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_httpd/0.7.55/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/go-viper/mapstructure/v2	GHSA-fv92-fjc5-jj9h	MEDIUM	v2.2.1	2.3.0	https://github.com/go-viper/mapstructure https://github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_icu/0.7.46/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.18	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.10.1/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.7.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.9.0/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.1	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22871	MEDIUM	v1.24.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_jattach/1.10.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.8.2/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.8.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_leiningen/4.12.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.1.4/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.1.4/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_maven/6.20.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_miniconda/0.10.4/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.18	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.23.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.23.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.25.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.25.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-34156	HIGH	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.5	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.5	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_mri/0.17.15/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_native-image/5.16.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/0.17.32/bin/configure (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/0.17.32/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/inspector (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/optimize-memory (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.26.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.26.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/6.0.0/bin/inspector (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/6.0.0/bin/optimize-memory (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/6.0.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/6.1.0/bin/inspector (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/6.1.0/bin/optimize-memory (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/6.1.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.1.7/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.1.8/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-start/2.2.8/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.0.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.0.0/bin/setup-symlinks (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.0.1/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.0.1/bin/setup-symlinks (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-start/2.1.21/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_passenger/0.14.11/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	LOW	v1.64.0	1.64.1	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip-install/0.6.6/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2023-49569	CRITICAL	v5.10.1	5.11.0	https://access.redhat.com/security/cve/CVE-2023-49569 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 https://nvd.nist.gov/vuln/detail/CVE-2023-49569 https://www.cve.org/CVERecord?id=CVE-2023-49569
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.10.1	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2023-49568	HIGH	v5.10.1	5.11.0	https://access.redhat.com/security/cve/CVE-2023-49568 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r https://nvd.nist.gov/vuln/detail/CVE-2023-49568 https://www.cve.org/CVERecord?id=CVE-2023-49568
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.10.1	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.23.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.23.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.25.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.25.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-34156	HIGH	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.5	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.5	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip/0.22.1/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	HIGH	v1.3.6	1.3.7	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch https://kyberslash.cr.yp.to
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.6	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.18	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v24.0.9+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.22.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.22.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.24.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.24.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-34156	HIGH	v1.23.0	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.23.0	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.23.0	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.23.0	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.0	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.0	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.0	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.0	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.0	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv-install/0.6.24/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	HIGH	v1.3.6	1.3.7	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch https://kyberslash.cr.yp.to
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.6	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.22.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.22.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.23.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.23.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv/1.21.6/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.18	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v24.0.9+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.22.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.22.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.24.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.24.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-34156	HIGH	v1.23.0	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.23.0	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.23.0	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.23.0	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.0	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.0	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.0	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.0	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.0	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-install/0.3.23/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.18	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2024-24557	MEDIUM	v24.0.7+incompatible	24.0.9, 25.0.2	https://access.redhat.com/security/cve/CVE-2024-24557 https://github.com/moby/moby https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc https://nvd.nist.gov/vuln/detail/CVE-2024-24557 https://www.cve.org/CVERecord?id=CVE-2024-24557
github.com/go-git/go-git/v5	CVE-2023-49569	CRITICAL	v5.10.1	5.11.0	https://access.redhat.com/security/cve/CVE-2023-49569 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 https://nvd.nist.gov/vuln/detail/CVE-2023-49569 https://www.cve.org/CVERecord?id=CVE-2023-49569
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.10.1	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2023-49568	HIGH	v5.10.1	5.11.0	https://access.redhat.com/security/cve/CVE-2023-49568 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r https://nvd.nist.gov/vuln/detail/CVE-2023-49568 https://www.cve.org/CVERecord?id=CVE-2023-49568
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.10.1	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.21.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.21.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.23.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.23.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-34156	HIGH	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.5	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.5	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-run/0.4.36/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.4	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.4	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.4	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.4	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.4	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.4	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry/0.10.0/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.7	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.19	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.23.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.23.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.25.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.25.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-22874	HIGH	v1.24.2	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.2	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-4673	MEDIUM	v1.24.2	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.11.0/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.1	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22871	MEDIUM	v1.24.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.11.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.9.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_puma/0.4.56/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_python-start/0.14.19/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.23.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.23.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-34156	HIGH	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:7262 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2024-34155	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.5	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.5	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.5	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.5	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.5	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rackup/0.4.51/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rails-assets/0.10.24/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rake/0.4.56/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_sbt/6.19.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_source-removal/0.2.49/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.33.3/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.33.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_syft/2.16.1/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_thin/0.5.51/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_unicorn/0.4.54/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_upx/3.8.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_vsdbg/0.3.52/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.31.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.33.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.33.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	LOW	v1.64.0	1.64.1	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.5.0/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-22874	HIGH	v1.24.1	1.24.4	https://access.redhat.com/security/cve/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://pkg.go.dev/vuln/GO-2025-3749 https://www.cve.org/CVERecord?id=CVE-2025-22874
stdlib	CVE-2025-0913	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22871	MEDIUM	v1.24.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.24.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.5.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.0.9/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.26.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.26.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.0.9/bin/setup-symlinks (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.2.5/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.2.5/bin/setup-symlinks (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.2.6/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.2.6/bin/setup-symlinks (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-start/2.1.7/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/1.3.15/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	GHSA-2x5j-vhc8-9cwm	LOW	v1.3.9	1.6.1	https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.26.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.26.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7416.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/security/cve/CVE-2025-22866 https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9150 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://errata.almalinux.org/9/ALSA-2025-9150.html https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/security/cve/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.0.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.0.1/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/launcher (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/launcher.sbom.spdx.json (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/lifecycle (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/lifecycle.sbom.spdx.json (gobinary)¶

No Vulnerabilities found
No Misconfigurations found