Skip to content

to be continuous

DEPTRACK_SBOM_SCANNER_IMAGE

to-be-continuous/doc

registry.gitlab.com/to-be-continuous/tools/dt-sbom-scanner:latest (alpine 3.22.1)¶

Trivy Image Scan

Image: registry.gitlab.com/to-be-continuous/tools/dt-sbom-scanner:latest (alpine 3.22.1)
Scan date: 2025-11-19

registry.gitlab.com/to-be-continuous/tools/dt-sbom-scanner:latest (alpine 3.22.1) (alpine)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
libcrypto3	CVE-2025-9230	MEDIUM	3.5.2-r0	3.5.4-r0	http://www.openwall.com/lists/oss-security/2025/09/30/5 https://access.redhat.com/security/cve/CVE-2025-9230 https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280 https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482 https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3 https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://openssl-library.org/news/secadv/20250930.txt https://ubuntu.com/security/notices/USN-7786-1 https://www.cve.org/CVERecord?id=CVE-2025-9230
libcrypto3	CVE-2025-9231	MEDIUM	3.5.2-r0	3.5.4-r0	http://www.openwall.com/lists/oss-security/2025/09/30/5 https://access.redhat.com/security/cve/CVE-2025-9231 https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698 https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4 https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2 https://nvd.nist.gov/vuln/detail/CVE-2025-9231 https://openssl-library.org/news/secadv/20250930.txt https://ubuntu.com/security/notices/USN-7786-1 https://www.cve.org/CVERecord?id=CVE-2025-9231
libcrypto3	CVE-2025-9232	LOW	3.5.2-r0	3.5.4-r0	http://www.openwall.com/lists/oss-security/2025/09/30/5 https://access.redhat.com/security/cve/CVE-2025-9232 https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35 https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3 https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://openssl-library.org/news/secadv/20250930.txt https://ubuntu.com/security/notices/USN-7786-1 https://www.cve.org/CVERecord?id=CVE-2025-9232
libcurl	CVE-2025-10148	MEDIUM	8.14.1-r1	8.14.1-r2	http://www.openwall.com/lists/oss-security/2025/09/10/2 http://www.openwall.com/lists/oss-security/2025/09/10/3 http://www.openwall.com/lists/oss-security/2025/09/10/4 https://access.redhat.com/security/cve/CVE-2025-10148 https://curl.se/docs/CVE-2025-10148.html https://curl.se/docs/CVE-2025-10148.json https://hackerone.com/reports/3330839 https://nvd.nist.gov/vuln/detail/CVE-2025-10148 https://www.cve.org/CVERecord?id=CVE-2025-10148
libcurl	CVE-2025-9086	MEDIUM	8.14.1-r1	8.14.1-r2	http://www.openwall.com/lists/oss-security/2025/09/10/1 https://access.redhat.com/security/cve/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://www.cve.org/CVERecord?id=CVE-2025-9086
libexpat	CVE-2025-59375	MEDIUM	2.7.1-r0	2.7.2-r0	http://www.openwall.com/lists/oss-security/2025/09/16/2 https://access.redhat.com/errata/RHSA-2025:19403 https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/2395108 https://errata.almalinux.org/10/ALSA-2025-19403.html https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes https://github.com/libexpat/libexpat/issues/1018 https://github.com/libexpat/libexpat/pull/1034 https://issues.oss-fuzz.com/issues/439133977 https://linux.oracle.com/cve/CVE-2025-59375.html https://linux.oracle.com/errata/ELSA-2025-19403.html https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://www.cve.org/CVERecord?id=CVE-2025-59375
libssl3	CVE-2025-9230	MEDIUM	3.5.2-r0	3.5.4-r0	http://www.openwall.com/lists/oss-security/2025/09/30/5 https://access.redhat.com/security/cve/CVE-2025-9230 https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280 https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482 https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3 https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://openssl-library.org/news/secadv/20250930.txt https://ubuntu.com/security/notices/USN-7786-1 https://www.cve.org/CVERecord?id=CVE-2025-9230
libssl3	CVE-2025-9231	MEDIUM	3.5.2-r0	3.5.4-r0	http://www.openwall.com/lists/oss-security/2025/09/30/5 https://access.redhat.com/security/cve/CVE-2025-9231 https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698 https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4 https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2 https://nvd.nist.gov/vuln/detail/CVE-2025-9231 https://openssl-library.org/news/secadv/20250930.txt https://ubuntu.com/security/notices/USN-7786-1 https://www.cve.org/CVERecord?id=CVE-2025-9231
libssl3	CVE-2025-9232	LOW	3.5.2-r0	3.5.4-r0	http://www.openwall.com/lists/oss-security/2025/09/30/5 https://access.redhat.com/security/cve/CVE-2025-9232 https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35 https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3 https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://openssl-library.org/news/secadv/20250930.txt https://ubuntu.com/security/notices/USN-7786-1 https://www.cve.org/CVERecord?id=CVE-2025-9232
pcre2	CVE-2025-58050	CRITICAL	10.43-r1	10.46-r0	https://access.redhat.com/security/cve/CVE-2025-58050 https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254 https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46 https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2 https://nvd.nist.gov/vuln/detail/CVE-2025-58050 https://ubuntu.com/security/notices/USN-7777-1 https://www.cve.org/CVERecord?id=CVE-2025-58050
No Misconfigurations found

Python (python-pkg)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
pip	CVE-2025-8869	MEDIUM	25.2	25.3	https://access.redhat.com/security/cve/CVE-2025-8869 https://github.com/pypa/pip https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip/pull/13550 https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/ https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://pip.pypa.io/en/stable/news/#v25-2 https://www.cve.org/CVERecord?id=CVE-2025-8869
No Misconfigurations found