Skip to content

docker.io/checkmarx/kics:latest (wolfi 20230201)

Trivy Image Scan

  • Image: docker.io/checkmarx/kics:latest (wolfi 20230201)
  • Scan date: 2026-04-24

docker.io/checkmarx/kics:latest (wolfi 20230201) (wolfi)

Package Vulnerability ID Severity Installed Version Fixed Version Links
git CVE-2026-32631 UNKNOWN 2.53.0-r0 2.54.0-r0 https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3 https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848
git-lfs CVE-2026-27140 HIGH 3.7.1-r5 3.7.1-r9 https://access.redhat.com/security/cve/CVE-2026-27140 https://go.dev/cl/763768 https://go.dev/issue/78335 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-27140 https://pkg.go.dev/vuln/GO-2026-4871 https://www.cve.org/CVERecord?id=CVE-2026-27140
git-lfs CVE-2026-32280 HIGH 3.7.1-r5 3.7.1-r9 https://access.redhat.com/security/cve/CVE-2026-32280 https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32280 https://pkg.go.dev/vuln/GO-2026-4947 https://www.cve.org/CVERecord?id=CVE-2026-32280
git-lfs CVE-2026-32281 HIGH 3.7.1-r5 3.7.1-r9 https://access.redhat.com/security/cve/CVE-2026-32281 https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32281 https://pkg.go.dev/vuln/GO-2026-4946 https://www.cve.org/CVERecord?id=CVE-2026-32281
git-lfs CVE-2026-32283 HIGH 3.7.1-r5 3.7.1-r9 https://go.dev/cl/763767 https://go.dev/issue/78334 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32283 https://pkg.go.dev/vuln/GO-2026-4870
glibc CVE-2026-4046 MEDIUM 2.43-r1 2.43-r6 https://access.redhat.com/security/cve/CVE-2026-4046 https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://www.cve.org/CVERecord?id=CVE-2026-4046
glibc CVE-2026-4437 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://www.openwall.com/lists/oss-security/2026/03/23/2
glibc CVE-2026-4438 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://www.openwall.com/lists/oss-security/2026/03/23/2
glibc-locale-posix CVE-2026-4046 MEDIUM 2.43-r1 2.43-r6 https://access.redhat.com/security/cve/CVE-2026-4046 https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://www.cve.org/CVERecord?id=CVE-2026-4046
glibc-locale-posix CVE-2026-4437 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://www.openwall.com/lists/oss-security/2026/03/23/2
glibc-locale-posix CVE-2026-4438 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://www.openwall.com/lists/oss-security/2026/03/23/2
ld-linux CVE-2026-4046 MEDIUM 2.43-r1 2.43-r6 https://access.redhat.com/security/cve/CVE-2026-4046 https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://www.cve.org/CVERecord?id=CVE-2026-4046
ld-linux CVE-2026-4437 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://www.openwall.com/lists/oss-security/2026/03/23/2
ld-linux CVE-2026-4438 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://www.openwall.com/lists/oss-security/2026/03/23/2
libcrypt1 CVE-2026-4046 MEDIUM 2.43-r1 2.43-r6 https://access.redhat.com/security/cve/CVE-2026-4046 https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://www.cve.org/CVERecord?id=CVE-2026-4046
libcrypt1 CVE-2026-4437 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://www.openwall.com/lists/oss-security/2026/03/23/2
libcrypt1 CVE-2026-4438 MEDIUM 2.43-r1 2.43-r4 https://access.redhat.com/security/cve/CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://www.openwall.com/lists/oss-security/2026/03/23/2
libcrypto3 CVE-2026-2673 LOW 3.6.1-r1 3.6.1-r3 http://www.openwall.com/lists/oss-security/2026/03/13/3 https://access.redhat.com/security/cve/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://openssl-library.org/news/secadv/20260313.txt https://ubuntu.com/security/notices/USN-8155-1 https://www.cve.org/CVERecord?id=CVE-2026-2673
libssl3 CVE-2026-2673 LOW 3.6.1-r1 3.6.1-r3 http://www.openwall.com/lists/oss-security/2026/03/13/3 https://access.redhat.com/security/cve/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://openssl-library.org/news/secadv/20260313.txt https://ubuntu.com/security/notices/USN-8155-1 https://www.cve.org/CVERecord?id=CVE-2026-2673
No Misconfigurations found

app/bin/kics (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 MEDIUM v1.7.0 1.7.8 https://github.com/aws/aws-sdk-go-v2 https://github.com/aws/aws-sdk-go-v2/releases/tag/release-2026-03-23 https://github.com/aws/aws-sdk-go-v2/security/advisories/GHSA-xmrv-pmrh-hhx2
github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 MEDIUM v1.87.1 1.97.3 https://github.com/aws/aws-sdk-go-v2 https://github.com/aws/aws-sdk-go-v2/releases/tag/release-2026-03-23 https://github.com/aws/aws-sdk-go-v2/security/advisories/GHSA-xmrv-pmrh-hhx2
github.com/go-jose/go-jose/v4 CVE-2026-34986 HIGH v4.1.3 4.1.4 https://access.redhat.com/security/cve/CVE-2026-34986 https://github.com/go-jose/go-jose https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8 https://nvd.nist.gov/vuln/detail/CVE-2026-34986 https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants https://www.cve.org/CVERecord?id=CVE-2026-34986
github.com/hashicorp/go-getter CVE-2026-4660 HIGH v1.8.1 1.8.6 https://access.redhat.com/security/cve/CVE-2026-4660 https://discuss.hashicorp.com/t/hcsec-2026-04-go-getter-may-allow-to-arbitrary-filesystem-reads-through-git-operations/77311 https://github.com/hashicorp/go-getter https://nvd.nist.gov/vuln/detail/CVE-2026-4660 https://www.cve.org/CVERecord?id=CVE-2026-4660
github.com/moby/buildkit CVE-2026-33747 HIGH v0.26.3 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33747 https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj https://nvd.nist.gov/vuln/detail/CVE-2026-33747 https://www.cve.org/CVERecord?id=CVE-2026-33747
github.com/moby/buildkit CVE-2026-33748 HIGH v0.26.3 0.28.1 https://access.redhat.com/security/cve/CVE-2026-33748 https://docs.docker.com/build/concepts/context/#url-fragments https://github.com/moby/buildkit https://github.com/moby/buildkit/releases/tag/v0.28.1 https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg https://nvd.nist.gov/vuln/detail/CVE-2026-33748 https://www.cve.org/CVERecord?id=CVE-2026-33748
github.com/moby/spdystream CVE-2026-35469 HIGH v0.5.0 0.5.1 https://access.redhat.com/security/cve/CVE-2026-35469 https://github.com/moby/spdystream https://github.com/moby/spdystream/releases/tag/v0.5.1 https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2 https://nvd.nist.gov/vuln/detail/CVE-2026-35469 https://www.cve.org/CVERecord?id=CVE-2026-35469
go.opentelemetry.io/otel/sdk CVE-2026-39883 HIGH v1.40.0 1.43.0 http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx https://nvd.nist.gov/vuln/detail/CVE-2026-39883
google.golang.org/grpc CVE-2026-33186 CRITICAL v1.77.0 1.79.3 https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
helm.sh/helm/v3 CVE-2026-35206 MEDIUM v3.19.4 3.20.2 https://access.redhat.com/security/cve/CVE-2026-35206 https://github.com/helm/helm https://github.com/helm/helm/commit/4e7994d4467182f535b6797c94b5b0e994a91436 https://github.com/helm/helm/releases/tag/v4.1.4 https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr https://nvd.nist.gov/vuln/detail/CVE-2026-35206 https://www.cve.org/CVERecord?id=CVE-2026-35206
stdlib CVE-2026-25679 HIGH v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/errata/RHSA-2026:9044 https://access.redhat.com/security/cve/CVE-2026-25679 https://bugzilla.redhat.com/2445356 https://bugzilla.redhat.com/show_bug.cgi?id=2445356 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679 https://errata.almalinux.org/9/ALSA-2026-9044.html https://errata.rockylinux.org/RLSA-2026:7259 https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-25679.html https://linux.oracle.com/errata/ELSA-2026-9044.html https://nvd.nist.gov/vuln/detail/CVE-2026-25679 https://pkg.go.dev/vuln/GO-2026-4601 https://www.cve.org/CVERecord?id=CVE-2026-25679
stdlib CVE-2026-27137 HIGH v1.26.0 1.26.1 https://access.redhat.com/errata/RHSA-2026:8842 https://access.redhat.com/security/cve/CVE-2026-27137 https://bugzilla.redhat.com/2445345 https://bugzilla.redhat.com/2445356 https://errata.almalinux.org/10/ALSA-2026-8842.html https://go.dev/cl/752182 https://go.dev/issue/77952 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://linux.oracle.com/cve/CVE-2026-27137.html https://linux.oracle.com/errata/ELSA-2026-8842.html https://nvd.nist.gov/vuln/detail/CVE-2026-27137 https://pkg.go.dev/vuln/GO-2026-4599 https://www.cve.org/CVERecord?id=CVE-2026-27137
stdlib CVE-2026-32280 HIGH v1.26.0 1.25.9, 1.26.2 https://access.redhat.com/security/cve/CVE-2026-32280 https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32280 https://pkg.go.dev/vuln/GO-2026-4947 https://www.cve.org/CVERecord?id=CVE-2026-32280
stdlib CVE-2026-32281 HIGH v1.26.0 1.25.9, 1.26.2 https://access.redhat.com/security/cve/CVE-2026-32281 https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32281 https://pkg.go.dev/vuln/GO-2026-4946 https://www.cve.org/CVERecord?id=CVE-2026-32281
stdlib CVE-2026-32283 HIGH v1.26.0 1.25.9, 1.26.2 https://go.dev/cl/763767 https://go.dev/issue/78334 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32283 https://pkg.go.dev/vuln/GO-2026-4870
stdlib CVE-2026-33810 HIGH v1.26.0 1.26.2 http://www.openwall.com/lists/oss-security/2026/04/19/4 http://www.openwall.com/lists/oss-security/2026/04/20/1 https://access.redhat.com/security/cve/CVE-2026-33810 https://go.dev/cl/763763 https://go.dev/issue/78332 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-33810 https://pkg.go.dev/vuln/GO-2026-4866 https://www.cve.org/CVERecord?id=CVE-2026-33810
stdlib CVE-2026-27142 MEDIUM v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27142 https://go.dev/cl/752081 https://go.dev/issue/77954 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27142 https://pkg.go.dev/vuln/GO-2026-4603 https://www.cve.org/CVERecord?id=CVE-2026-27142
stdlib CVE-2026-32282 MEDIUM v1.26.0 1.25.9, 1.26.2 https://access.redhat.com/security/cve/CVE-2026-32282 https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32282 https://pkg.go.dev/vuln/GO-2026-4864 https://www.cve.org/CVERecord?id=CVE-2026-32282
stdlib CVE-2026-32288 MEDIUM v1.26.0 1.25.9, 1.26.2 https://access.redhat.com/security/cve/CVE-2026-32288 https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32288 https://pkg.go.dev/vuln/GO-2026-4869 https://www.cve.org/CVERecord?id=CVE-2026-32288
stdlib CVE-2026-32289 MEDIUM v1.26.0 1.25.9, 1.26.2 https://access.redhat.com/security/cve/CVE-2026-32289 https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32289 https://pkg.go.dev/vuln/GO-2026-4865 https://www.cve.org/CVERecord?id=CVE-2026-32289
stdlib CVE-2026-27138 LOW v1.26.0 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27138 https://go.dev/cl/752183 https://go.dev/issue/77953 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27138 https://pkg.go.dev/vuln/GO-2026-4600 https://www.cve.org/CVERecord?id=CVE-2026-27138
stdlib CVE-2026-27139 LOW v1.26.0 1.25.8, 1.26.1 https://access.redhat.com/security/cve/CVE-2026-27139 https://go.dev/cl/749480 https://go.dev/issue/77827 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://nvd.nist.gov/vuln/detail/CVE-2026-27139 https://pkg.go.dev/vuln/GO-2026-4602 https://www.cve.org/CVERecord?id=CVE-2026-27139
No Misconfigurations found