builder-jammy-base:latest (ubuntu 22.04)¶

Trivy Image Scan

Image: docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)
Scan date: 2025-09-13

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04) (ubuntu)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
binutils	CVE-2025-3198	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://www.gnu.org/
binutils	CVE-2025-5244	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-5244 https://nvd.nist.gov/vuln/detail/CVE-2025-5244 https://sourceware.org/bugzilla/attachment.cgi?id=16010 https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 https://vuldb.com/?ctiid.310346 https://vuldb.com/?id.310346 https://vuldb.com/?submit.584634 https://www.cve.org/CVERecord?id=CVE-2025-5244 https://www.gnu.org/
binutils	CVE-2025-7545	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://ubuntu.com/security/notices/USN-7718-1 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://www.gnu.org/
binutils	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-common	CVE-2025-3198	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://www.gnu.org/
binutils-common	CVE-2025-5244	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-5244 https://nvd.nist.gov/vuln/detail/CVE-2025-5244 https://sourceware.org/bugzilla/attachment.cgi?id=16010 https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 https://vuldb.com/?ctiid.310346 https://vuldb.com/?id.310346 https://vuldb.com/?submit.584634 https://www.cve.org/CVERecord?id=CVE-2025-5244 https://www.gnu.org/
binutils-common	CVE-2025-7545	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://ubuntu.com/security/notices/USN-7718-1 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://www.gnu.org/
binutils-common	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-common	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-common	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-common	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
binutils-x86-64-linux-gnu	CVE-2025-3198	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://www.gnu.org/
binutils-x86-64-linux-gnu	CVE-2025-5244	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-5244 https://nvd.nist.gov/vuln/detail/CVE-2025-5244 https://sourceware.org/bugzilla/attachment.cgi?id=16010 https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 https://vuldb.com/?ctiid.310346 https://vuldb.com/?id.310346 https://vuldb.com/?submit.584634 https://www.cve.org/CVERecord?id=CVE-2025-5244 https://www.gnu.org/
binutils-x86-64-linux-gnu	CVE-2025-7545	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://ubuntu.com/security/notices/USN-7718-1 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://www.gnu.org/
binutils-x86-64-linux-gnu	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
binutils-x86-64-linux-gnu	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
binutils-x86-64-linux-gnu	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
binutils-x86-64-linux-gnu	CVE-2022-48064	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://nvd.nist.gov/vuln/detail/CVE-2022-48064 https://security.netapp.com/advisory/ntap-20231006-0008/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931 https://www.cve.org/CVERecord?id=CVE-2022-48064
coreutils	CVE-2016-2781	LOW	8.32-4.1ubuntu1.2	no fix available	http://seclists.org/oss-sec/2016/q1/452 http://www.openwall.com/lists/oss-security/2016/02/28/2 http://www.openwall.com/lists/oss-security/2016/02/28/3 https://access.redhat.com/security/cve/CVE-2016-2781 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lore.kernel.org/patchwork/patch/793178/ https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes https://nvd.nist.gov/vuln/detail/CVE-2016-2781 https://www.cve.org/CVERecord?id=CVE-2016-2781
cpp-11	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
cpp-11	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
cpp-11	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
curl	CVE-2025-0167	LOW	7.81.0-1ubuntu1.20	no fix available	https://curl.se/docs/CVE-2025-0167.html https://curl.se/docs/CVE-2025-0167.json https://hackerone.com/reports/2917232 https://nvd.nist.gov/vuln/detail/CVE-2025-0167 https://security.netapp.com/advisory/ntap-20250306-0008/ https://www.cve.org/CVERecord?id=CVE-2025-0167
curl	CVE-2025-9086	LOW	7.81.0-1ubuntu1.20	no fix available	https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://hackerone.com/reports/3294999 https://www.cve.org/CVERecord?id=CVE-2025-9086
g++-11	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
g++-11	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
g++-11	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-11-base	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
gcc-11-base	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
gcc-11-base	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
gcc-12-base	CVE-2022-27943	LOW	12.3.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
git	CVE-2024-52005	MEDIUM	1:2.34.1-1ubuntu1.15	no fix available	https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005 https://errata.almalinux.org/9/ALSA-2025-7409.html https://errata.rockylinux.org/RLSA-2025:8414 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
git-man	CVE-2024-52005	MEDIUM	1:2.34.1-1ubuntu1.15	no fix available	https://access.redhat.com/errata/RHSA-2025:7409 https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/2338289 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52005 https://errata.almalinux.org/9/ALSA-2025-7409.html https://errata.rockylinux.org/RLSA-2025:8414 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://linux.oracle.com/cve/CVE-2024-52005.html https://linux.oracle.com/errata/ELSA-2025-8414.html https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://lore.kernel.org/git/8570a129-d66a-465a-905e-0a077c69c409@gmail.com/T/#t https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://www.cve.org/CVERecord?id=CVE-2024-52005
gpgv	CVE-2022-3219	LOW	2.2.27-3ubuntu2.4	no fix available	https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://dev.gnupg.org/D556 https://dev.gnupg.org/T5993 https://marc.info/?l=oss-security&m=165696590211434&w=4 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://security.netapp.com/advisory/ntap-20230324-0001/ https://www.cve.org/CVERecord?id=CVE-2022-3219
libasan6	CVE-2021-3826	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2023:6372 https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/2122627 https://errata.almalinux.org/9/ALSA-2023-6372.html https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://linux.oracle.com/cve/CVE-2021-3826.html https://linux.oracle.com/errata/ELSA-2023-6372.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://www.cve.org/CVERecord?id=CVE-2021-3826
libasan6	CVE-2021-46195	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/errata/RHSA-2022:8415 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/2046300 https://errata.almalinux.org/9/ALSA-2022-8415.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab https://linux.oracle.com/cve/CVE-2021-46195.html https://linux.oracle.com/errata/ELSA-2022-8415.html https://nvd.nist.gov/vuln/detail/CVE-2021-46195 https://www.cve.org/CVERecord?id=CVE-2021-46195
libasan6	CVE-2022-27943	LOW	11.4.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libatomic1	CVE-2022-27943	LOW	12.3.0-1ubuntu1~22.04.2	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
libbinutils	CVE-2025-3198	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://www.gnu.org/
libbinutils	CVE-2025-5244	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-5244 https://nvd.nist.gov/vuln/detail/CVE-2025-5244 https://sourceware.org/bugzilla/attachment.cgi?id=16010 https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 https://vuldb.com/?ctiid.310346 https://vuldb.com/?id.310346 https://vuldb.com/?submit.584634 https://www.cve.org/CVERecord?id=CVE-2025-5244 https://www.gnu.org/
libbinutils	CVE-2025-7545	MEDIUM	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://ubuntu.com/security/notices/USN-7718-1 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://www.gnu.org/
libbinutils	CVE-2017-13716	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2017-13716 https://nvd.nist.gov/vuln/detail/CVE-2017-13716 https://sourceware.org/bugzilla/show_bug.cgi?id=22009 https://www.cve.org/CVERecord?id=CVE-2017-13716
libbinutils	CVE-2019-1010204	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2019-1010204 https://linux.oracle.com/cve/CVE-2019-1010204.html https://linux.oracle.com/errata/ELSA-2020-1797.html https://nvd.nist.gov/vuln/detail/CVE-2019-1010204 https://security.netapp.com/advisory/ntap-20190822-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=23765 https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS https://ubuntu.com/security/notices/USN-5349-1 https://www.cve.org/CVERecord?id=CVE-2019-1010204
libbinutils	CVE-2022-27943	LOW	2.38-4ubuntu2.8	no fix available	https://access.redhat.com/security/cve/CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/ https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://www.cve.org/CVERecord?id=CVE-2022-27943
1235 other vulnerabilities found...
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.6.3/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.6.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.13.0/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.13.0/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/5.26.2/bin/helper (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/5.26.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.2.7/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.2.7/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundle-install/0.8.14/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.7	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.11.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.11	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.22.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.22.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.23.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.23.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundler/0.8.25/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.3/bin/helper (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.3/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.4/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.10.4/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.8.5/bin/helper (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:8111 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2025-47907	HIGH	v1.22.6	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:7118 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2262921 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315719 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2025-7118.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.8.5/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:8111 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2025-47907	HIGH	v1.22.6	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:7118 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2262921 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315719 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2025-7118.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_clojure-tools/2.15.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_conda-env-update/0.8.2/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.14	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.17.3/bin/env (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.17.3/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/5.37.1/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/5.37.1/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dist-zip/5.10.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-aspnet-runtime/1.0.22/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.31.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.33.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.33.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	LOW	v1.64.0	1.64.1	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-sdk/1.0.20/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.0.16/bin/port-chooser (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.0.16/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-publish/1.0.12/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.20	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.9.6/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.9.6/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.7.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:8111 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2025-47907	HIGH	v1.22.6	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:7118 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2262921 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315719 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2025-7118.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.9.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.9.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_executable-jar/6.13.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_git/1.0.61/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-build/2.2.40/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-dist/2.7.14/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-mod-vendor/1.0.69/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/9.4.3/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/9.4.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_gradle/7.19.5/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_httpd/0.7.67/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_icu/0.7.47/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.18	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.10.1/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.10.2/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.7.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:8111 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2025-47907	HIGH	v1.22.6	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:7118 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2262921 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315719 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2025-7118.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_jattach/1.10.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.8.3/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.8.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_leiningen/4.12.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.1.6/bin/helper (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.1.6/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_maven/6.20.5/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_miniconda/0.11.2/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.14	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_mri/0.17.15/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_native-image/5.16.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/0.18.4/bin/configure (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/0.18.4/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/inspector (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/optimize-memory (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.26.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.26.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.1.0/bin/inspector (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.1.0/bin/optimize-memory (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.1.0/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/docker/docker	CVE-2025-54388	MEDIUM	v28.3.2+incompatible	28.3.3	https://access.redhat.com/security/cve/CVE-2025-54388 https://github.com/moby/moby https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0 https://github.com/moby/moby/pull/50506 https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4 https://nvd.nist.gov/vuln/detail/CVE-2025-54388 https://www.cve.org/CVERecord?id=CVE-2025-54388
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.4.0/bin/inspector (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.4.0/bin/optimize-memory (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.4.0/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.6.0/bin/inspector (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.6.0/bin/optimize-memory (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/7.6.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.3.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-start/2.5.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.1.0/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/docker/docker	CVE-2025-54388	MEDIUM	v28.3.2+incompatible	28.3.3	https://access.redhat.com/security/cve/CVE-2025-54388 https://github.com/moby/moby https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0 https://github.com/moby/moby/pull/50506 https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4 https://nvd.nist.gov/vuln/detail/CVE-2025-54388 https://www.cve.org/CVERecord?id=CVE-2025-54388
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/2.1.0/bin/setup-symlinks (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/docker/docker	CVE-2025-54388	MEDIUM	v28.3.2+incompatible	28.3.3	https://access.redhat.com/security/cve/CVE-2025-54388 https://github.com/moby/moby https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0 https://github.com/moby/moby/pull/50506 https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4 https://nvd.nist.gov/vuln/detail/CVE-2025-54388 https://www.cve.org/CVERecord?id=CVE-2025-54388
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-start/2.3.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_passenger/0.14.11/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.24.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.24.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	LOW	v1.64.0	1.64.1	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip-install/0.7.1/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip/0.24.1/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv-install/0.7.1/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv/1.23.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-install/0.6.2/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry-run/0.5.2/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_poetry/0.11.2/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.11.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.11.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_procfile/5.9.2/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2024-34156	HIGH	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:3773 https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://errata.almalinux.org/9/ALSA-2025-3773.html https://errata.rockylinux.org/RLSA-2024:8111 https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34156.html https://linux.oracle.com/errata/ELSA-2025-3773.html https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://pkg.go.dev/vuln/GO-2024-3106 https://security.netapp.com/advisory/ntap-20240926-0004/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34156
stdlib	CVE-2025-47907	HIGH	v1.22.6	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-34155	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2024:9459 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/2310527 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315691 https://bugzilla.redhat.com/2315887 https://bugzilla.redhat.com/2317458 https://bugzilla.redhat.com/2317467 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34155.html https://linux.oracle.com/errata/ELSA-2024-9459.html https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://pkg.go.dev/vuln/GO-2024-3105 https://security.netapp.com/advisory/ntap-20240926-0005/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34155
stdlib	CVE-2024-34158	MEDIUM	v1.22.6	1.22.7, 1.23.1	https://access.redhat.com/errata/RHSA-2025:7118 https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/2262921 https://bugzilla.redhat.com/2310529 https://bugzilla.redhat.com/2315719 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://bugzilla.redhat.com/show_bug.cgi?id=2315691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341 https://errata.almalinux.org/9/ALSA-2025-7118.html https://errata.rockylinux.org/RLSA-2024:8039 https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://linux.oracle.com/cve/CVE-2024-34158.html https://linux.oracle.com/errata/ELSA-2025-7118.html https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://pkg.go.dev/vuln/GO-2024-3107 https://security.netapp.com/advisory/ntap-20241004-0003/ https://ubuntu.com/security/notices/USN-7081-1 https://ubuntu.com/security/notices/USN-7109-1 https://ubuntu.com/security/notices/USN-7111-1 https://www.cve.org/CVERecord?id=CVE-2024-34158
stdlib	CVE-2024-45336	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.22.6	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.22.6	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.22.6	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.22.6	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_puma/0.4.56/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_python-start/0.15.2/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.14	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rackup/0.4.51/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.26.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.26.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rails-assets/0.10.24/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_rake/0.4.56/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_sbt/6.19.6/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_source-removal/0.2.60/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.33.4/bin/helper (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_spring-boot/5.33.4/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_syft/2.19.0/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.5	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_thin/0.5.51/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_unicorn/0.4.54/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_upx/3.8.3/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_vsdbg/0.3.53/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.31.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.33.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.33.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
google.golang.org/grpc	GHSA-xr7q-jx4m-x55m	LOW	v1.64.0	1.64.1	https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.5.3/bin/main (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.24.4	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_watchexec/3.5.4/bin/main (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.0.9/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.26.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.26.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.0.9/bin/setup-symlinks (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.6.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-install/2.6.0/bin/setup-symlinks (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn-start/2.4.0/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/1.3.15/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/anchore/stereoscope	CVE-2024-24579	MEDIUM	v0.0.0-20230412183729-8602f1afc574	0.0.1	https://github.com/anchore/stereoscope https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv https://nvd.nist.gov/vuln/detail/CVE-2024-24579
github.com/cloudflare/circl	CVE-2025-8556	LOW	v1.3.9	1.6.1	https://access.redhat.com/security/cve/CVE-2025-8556 https://bugzilla.redhat.com/show_bug.cgi?id=2371624 https://github.com/cloudflare/circl https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm https://github.com/cloudflare/circl/tree/v1.6.1 https://nvd.nist.gov/vuln/detail/CVE-2025-8556 https://www.cve.org/CVERecord?id=CVE-2025-8556
github.com/containerd/containerd	CVE-2024-40635	MEDIUM	v1.7.22	1.7.27, 1.6.38	https://access.redhat.com/security/cve/CVE-2024-40635 https://github.com/containerd/containerd https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27) https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38) https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html https://nvd.nist.gov/vuln/detail/CVE-2024-40635 https://ubuntu.com/security/notices/USN-7374-1 https://www.cve.org/CVERecord?id=CVE-2024-40635
github.com/docker/docker	CVE-2024-41110	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://access.redhat.com/security/cve/CVE-2024-41110 https://github.com/moby/moby https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://security.netapp.com/advisory/ntap-20240802-0001/ https://ubuntu.com/security/notices/USN-7161-1 https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-3 https://www.cve.org/CVERecord?id=CVE-2024-41110 https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
github.com/docker/docker	CVE-2025-54410	LOW	v26.1.4+incompatible	28.0.0	https://access.redhat.com/security/cve/CVE-2025-54410 https://firewalld.org/documentation/howto/reload-firewalld.html https://github.com/moby/moby https://github.com/moby/moby/pull/49443 https://github.com/moby/moby/pull/49728 https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp https://nvd.nist.gov/vuln/detail/CVE-2025-54410 https://www.cve.org/CVERecord?id=CVE-2025-54410
github.com/go-git/go-git/v5	CVE-2025-21613	CRITICAL	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21613 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m https://linux.oracle.com/cve/CVE-2025-21613.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21613 https://pkg.go.dev/vuln/GO-2025-3368 https://www.cve.org/CVERecord?id=CVE-2025-21613
github.com/go-git/go-git/v5	CVE-2025-21614	HIGH	v5.12.0	5.13.0	https://access.redhat.com/errata/RHSA-2025:0401 https://access.redhat.com/security/cve/CVE-2025-21614 https://bugzilla.redhat.com/2335888 https://bugzilla.redhat.com/2335901 https://bugzilla.redhat.com/show_bug.cgi?id=2335888 https://bugzilla.redhat.com/show_bug.cgi?id=2335901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21613 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21614 https://errata.almalinux.org/8/ALSA-2025-0401.html https://errata.rockylinux.org/RLSA-2025:0401 https://github.com/go-git/go-git https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 https://linux.oracle.com/cve/CVE-2025-21614.html https://linux.oracle.com/errata/ELSA-2025-0401.html https://nvd.nist.gov/vuln/detail/CVE-2025-21614 https://pkg.go.dev/vuln/GO-2025-3367 https://www.cve.org/CVERecord?id=CVE-2025-21614
github.com/mholt/archiver/v3	CVE-2025-3445	HIGH	v3.5.1	no fix available	https://access.redhat.com/security/cve/CVE-2025-3445 https://github.com/mholt/archiver https://github.com/mholt/archiver/ https://github.com/mholt/archiver/commit/fea250ac6eacd56f90a82fbe2481cfdbb9a1bbd1 https://github.com/mholt/archiver/issues/267 https://nvd.nist.gov/vuln/detail/CVE-2025-3445 https://www.cve.org/CVERecord?id=CVE-2025-3445
github.com/mholt/archiver/v3	CVE-2024-0406	MEDIUM	v3.5.1	no fix available	https://access.redhat.com/errata/RHSA-2025:2449 https://access.redhat.com/security/cve/CVE-2024-0406 https://bugzilla.redhat.com/show_bug.cgi?id=2257749 https://github.com/mholt/archiver https://nvd.nist.gov/vuln/detail/CVE-2024-0406 https://pkg.go.dev/vuln/GO-2024-2698 https://www.cve.org/CVERecord?id=CVE-2024-0406
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
golang.org/x/crypto	CVE-2024-45337	CRITICAL	v0.26.0	0.31.0	http://www.openwall.com/lists/oss-security/2024/12/11/2 https://access.redhat.com/security/cve/CVE-2024-45337 https://github.com/golang/crypto https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 https://go.dev/cl/635315 https://go.dev/issue/70779 https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ https://nvd.nist.gov/vuln/detail/CVE-2024-45337 https://pkg.go.dev/vuln/GO-2024-3321 https://security.netapp.com/advisory/ntap-20250131-0007 https://security.netapp.com/advisory/ntap-20250131-0007/ https://www.cve.org/CVERecord?id=CVE-2024-45337
golang.org/x/crypto	CVE-2025-22869	HIGH	v0.26.0	0.35.0	https://access.redhat.com/errata/RHSA-2025:3833 https://access.redhat.com/security/cve/CVE-2025-22869 https://bugzilla.redhat.com/2348367 https://errata.almalinux.org/9/ALSA-2025-3833.html https://github.com/golang/crypto https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://linux.oracle.com/cve/CVE-2025-22869.html https://linux.oracle.com/errata/ELSA-2025-7484.html https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010 https://security.netapp.com/advisory/ntap-20250411-0010/ https://www.cve.org/CVERecord?id=CVE-2025-22869
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.28.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.28.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://www.cve.org/CVERecord?id=CVE-2025-22872
stdlib	CVE-2025-47907	HIGH	v1.23.1	1.23.12, 1.24.6	https://access.redhat.com/security/cve/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://pkg.go.dev/vuln/GO-2025-3849 https://www.cve.org/CVERecord?id=CVE-2025-47907
stdlib	CVE-2024-45336	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45336.html https://linux.oracle.com/errata/ELSA-2025-7592.html https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://pkg.go.dev/vuln/GO-2025-3420 https://security.netapp.com/advisory/ntap-20250221-0003/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45336
stdlib	CVE-2024-45341	MEDIUM	v1.23.1	1.22.11, 1.23.5, 1.24.0-rc.2	https://access.redhat.com/errata/RHSA-2025:3772 https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://errata.almalinux.org/8/ALSA-2025-3772.html https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://linux.oracle.com/cve/CVE-2024-45341.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://pkg.go.dev/vuln/GO-2025-3373 https://security.netapp.com/advisory/ntap-20250221-0004/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2024-45341
stdlib	CVE-2025-0913	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://nvd.nist.gov/vuln/detail/CVE-2025-0913 https://pkg.go.dev/vuln/GO-2025-3750
stdlib	CVE-2025-22866	MEDIUM	v1.23.1	1.22.12, 1.23.6, 1.24.0-rc.3	https://access.redhat.com/errata/RHSA-2025:7466 https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/2341750 https://bugzilla.redhat.com/2341751 https://bugzilla.redhat.com/2344219 https://errata.almalinux.org/10/ALSA-2025-7466.html https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12) https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6) https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3) https://github.com/golang/go/issues/71383 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://linux.oracle.com/cve/CVE-2025-22866.html https://linux.oracle.com/errata/ELSA-2025-7466.html https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://pkg.go.dev/vuln/GO-2025-3447 https://security.netapp.com/advisory/ntap-20250221-0002/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22866
stdlib	CVE-2025-22871	MEDIUM	v1.23.1	1.23.8, 1.24.2	http://www.openwall.com/lists/oss-security/2025/04/04/4 https://access.redhat.com/errata/RHSA-2025:9635 https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/2358493 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871 https://errata.almalinux.org/9/ALSA-2025-9635.html https://errata.rockylinux.org/RLSA-2025:9845 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://linux.oracle.com/cve/CVE-2025-22871.html https://linux.oracle.com/errata/ELSA-2025-9845.html https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563 https://www.cve.org/CVERecord?id=CVE-2025-22871
stdlib	CVE-2025-4673	MEDIUM	v1.23.1	1.23.10, 1.24.4	https://access.redhat.com/errata/RHSA-2025:10676 https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/2373305 https://errata.almalinux.org/9/ALSA-2025-10676.html https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://linux.oracle.com/cve/CVE-2025-4673.html https://linux.oracle.com/errata/ELSA-2025-10677.html https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://pkg.go.dev/vuln/GO-2025-3751 https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-4673
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.1.0/bin/run (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/hashicorp/go-getter	CVE-2025-8959	HIGH	v1.7.8	1.7.9	https://access.redhat.com/security/cve/CVE-2025-8959 https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242 https://github.com/hashicorp/go-getter https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7 https://github.com/hashicorp/go-getter/pull/540 https://nvd.nist.gov/vuln/detail/CVE-2025-8959 https://pkg.go.dev/vuln/GO-2025-3892 https://www.cve.org/CVERecord?id=CVE-2025-8959
github.com/ulikunitz/xz	CVE-2025-58058	MEDIUM	v0.5.12	0.5.15	https://access.redhat.com/security/cve/CVE-2025-58058 https://github.com/ulikunitz/xz https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://nvd.nist.gov/vuln/detail/CVE-2025-58058 https://www.cve.org/CVERecord?id=CVE-2025-58058
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_yarn/2.1.3/bin/run (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/launcher (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/launcher.sbom.spdx.json (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/lifecycle (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

cnb/lifecycle/lifecycle.sbom.spdx.json (gobinary)¶

No Vulnerabilities found
No Misconfigurations found