Security Alert by Trivy

[github-actions]

zozo-gatling-operator:ae135e6f90cd102cea21a8684d59b1c2f19a692c (debian 13.5)

debian [os-pkgs]

No vulnerabilities found

manager

gobinary [lang-pkgs]

Title	Severity	CVE	Package Name	Installed Version	Fixed Version	PrimaryURL
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto	🔴CRITICAL	CVE-2024-45337	golang.org/x/crypto	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh	🟠HIGH	CVE-2025-22869	golang.org/x/crypto	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws	🟠HIGH	CVE-2025-22868	golang.org/x/oauth2	v0.0.0-20211104180415-d3ed0bb246c8	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
golang-gopkg-yaml: crash when attempting to deserialize invalid input	🟠HIGH	CVE-2022-28948	gopkg.in/yaml.v3	v3.0.0	3.0.1	https://avd.aquasec.com/nvd/cve-2022-28948
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption	🔴CRITICAL	CVE-2025-68121	stdlib	v1.21.13	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion	🟠HIGH	CVE-2024-34156	stdlib	v1.21.13	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
golang: net/url: Memory exhaustion in query parameter parsing in net/url	🟠HIGH	CVE-2025-61726	stdlib	v1.21.13	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate	🟠HIGH	CVE-2025-61729	stdlib	v1.21.13	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
net/url: Incorrect parsing of IPv6 host literals in net/url	🟠HIGH	CVE-2026-25679	stdlib	v1.21.13	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building	🟠HIGH	CVE-2026-32280	stdlib	v1.21.13	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32280
crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation	🟠HIGH	CVE-2026-32281	stdlib	v1.21.13	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32281
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages	🟠HIGH	CVE-2026-32283	stdlib	v1.21.13	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32283
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME	🟠HIGH	CVE-2026-33811	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-33811
When processing HTTP/2 SETTINGS frames, transport will enter an infini ...	🟠HIGH	CVE-2026-33814	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-33814
Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...	🟠HIGH	CVE-2026-39820	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-39820
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...	🟠HIGH	CVE-2026-39823	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-39823
ReverseProxy can forward queries containing parameters not visible to ...	🟠HIGH	CVE-2026-39825	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-39825
If a trusted template author were to write a <script> tag containing a ...	🟠HIGH	CVE-2026-39826	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-39826
Panic in Dial and LookupPort when handling NUL byte on Windows in net	🟠HIGH	CVE-2026-39836	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-39836
Pathological inputs could cause DoS through consumePhrase when parsing ...	🟠HIGH	CVE-2026-42499	stdlib	v1.21.13	1.25.10, 1.26.3	https://avd.aquasec.com/nvd/cve-2026-42499

---

Total count of vulnerabilities: 20