[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
[0011] WARN Unable to determine the OS distribution of some packages. This may result in missing vulnerabilities. You may specify a distro using: --distro <distro>:<version>
{
"version": "2.1.0",
"$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json",
"runs": [
{
"tool": {
"driver": {
"name": "grype",
"version": "0.104.1",
"informationUri": "https://github.com/anchore/grype",
"rules": [
{
"id": "GHSA-v778-237x-gjrc-golang.org/x/crypto",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-v778-237x-gjrc critical vulnerability for golang.org/x/crypto package"
},
"fullDescription": {
"text": "Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-v778-237x-gjrc\nSeverity: critical\nPackage: golang.org/x/crypto\nVersion: v0.23.0\nFix Version: 0.31.0\nType: go-module\nLocation: /docs/debugging/inspect/inspect\nData Namespace: github:language:go\nLink: [GHSA-v778-237x-gjrc](https://github.com/advisories/GHSA-v778-237x-gjrc)",
"markdown": "**Vulnerability GHSA-v778-237x-gjrc**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| critical | golang.org/x/crypto | v0.23.0 | 0.31.0 | go-module | /docs/debugging/inspect/inspect | github:language:go | [GHSA-v778-237x-gjrc](https://github.com/advisories/GHSA-v778-237x-gjrc) |\n"
},
"properties": {
"purls": [
"pkg:golang/golang.org/x/crypto@v0.23.0"
],
"security-severity": "9.1"
}
},
{
"id": "CVE-2024-34156-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2024-34156 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2024-34156\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.22.7,1.23.1\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156)",
"markdown": "**Vulnerability CVE-2024-34156**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.22.7,1.23.1 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.5"
}
},
{
"id": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-hcg3-q754-cr77 high vulnerability for golang.org/x/crypto package"
},
"fullDescription": {
"text": "golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-hcg3-q754-cr77\nSeverity: high\nPackage: golang.org/x/crypto\nVersion: v0.23.0\nFix Version: 0.35.0\nType: go-module\nLocation: /docs/debugging/inspect/inspect\nData Namespace: github:language:go\nLink: [GHSA-hcg3-q754-cr77](https://github.com/advisories/GHSA-hcg3-q754-cr77)",
"markdown": "**Vulnerability GHSA-hcg3-q754-cr77**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | golang.org/x/crypto | v0.23.0 | 0.35.0 | go-module | /docs/debugging/inspect/inspect | github:language:go | [GHSA-hcg3-q754-cr77](https://github.com/advisories/GHSA-hcg3-q754-cr77) |\n"
},
"properties": {
"purls": [
"pkg:golang/golang.org/x/crypto@v0.23.0"
],
"security-severity": "7.5"
}
},
{
"id": "CVE-2024-34158-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2024-34158 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2024-34158\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.22.7,1.23.1\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2024-34158](https://nvd.nist.gov/vuln/detail/CVE-2024-34158)",
"markdown": "**Vulnerability CVE-2024-34158**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.22.7,1.23.1 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2024-34158](https://nvd.nist.gov/vuln/detail/CVE-2024-34158) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.5"
}
},
{
"id": "GHSA-47m2-4cr7-mhcw-github.com/quic-go/quic-go",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-47m2-4cr7-mhcw high vulnerability for github.com/quic-go/quic-go package"
},
"fullDescription": {
"text": "quic-go: Panic occurs when queuing undecryptable packets after handshake completion"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-47m2-4cr7-mhcw\nSeverity: high\nPackage: github.com/quic-go/quic-go\nVersion: v0.53.0\nFix Version: 0.54.1\nType: go-module\nLocation: /minio\nData Namespace: github:language:go\nLink: [GHSA-47m2-4cr7-mhcw](https://github.com/advisories/GHSA-47m2-4cr7-mhcw)",
"markdown": "**Vulnerability GHSA-47m2-4cr7-mhcw**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | github.com/quic-go/quic-go | v0.53.0 | 0.54.1 | go-module | /minio | github:language:go | [GHSA-47m2-4cr7-mhcw](https://github.com/advisories/GHSA-47m2-4cr7-mhcw) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/quic-go/quic-go@v0.53.0"
],
"security-severity": "7.5"
}
},
{
"id": "GHSA-mh63-6h87-95cp-github.com/golang-jwt/jwt/v4",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-mh63-6h87-95cp high vulnerability for github.com/golang-jwt/jwt/v4 package"
},
"fullDescription": {
"text": "jwt-go allows excessive memory allocation during header parsing"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-mh63-6h87-95cp\nSeverity: high\nPackage: github.com/golang-jwt/jwt/v4\nVersion: v4.5.0\nFix Version: 4.5.2\nType: go-module\nLocation: /.github/workflows/multipart/mc\nData Namespace: github:language:go\nLink: [GHSA-mh63-6h87-95cp](https://github.com/advisories/GHSA-mh63-6h87-95cp)",
"markdown": "**Vulnerability GHSA-mh63-6h87-95cp**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | github.com/golang-jwt/jwt/v4 | v4.5.0 | 4.5.2 | go-module | /.github/workflows/multipart/mc | github:language:go | [GHSA-mh63-6h87-95cp](https://github.com/advisories/GHSA-mh63-6h87-95cp) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/golang-jwt/jwt@v4.5.0#v4"
],
"security-severity": "7.5"
}
},
{
"id": "GHSA-mh63-6h87-95cp-github.com/golang-jwt/jwt/v5",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-mh63-6h87-95cp high vulnerability for github.com/golang-jwt/jwt/v5 package"
},
"fullDescription": {
"text": "jwt-go allows excessive memory allocation during header parsing"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-mh63-6h87-95cp\nSeverity: high\nPackage: github.com/golang-jwt/jwt/v5\nVersion: v5.2.1\nFix Version: 5.2.2\nType: go-module\nLocation: /kes\nData Namespace: github:language:go\nLink: [GHSA-mh63-6h87-95cp](https://github.com/advisories/GHSA-mh63-6h87-95cp)",
"markdown": "**Vulnerability GHSA-mh63-6h87-95cp**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | github.com/golang-jwt/jwt/v5 | v5.2.1 | 5.2.2 | go-module | /kes | github:language:go | [GHSA-mh63-6h87-95cp](https://github.com/advisories/GHSA-mh63-6h87-95cp) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/golang-jwt/jwt@v5.2.1#v5"
],
"security-severity": "7.5"
}
},
{
"id": "CVE-2024-45336-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2024-45336 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2024-45336\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.22.11,1.23.5,1.24.0-rc.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2024-45336](https://nvd.nist.gov/vuln/detail/CVE-2024-45336)",
"markdown": "**Vulnerability CVE-2024-45336**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.22.11,1.23.5,1.24.0-rc.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2024-45336](https://nvd.nist.gov/vuln/detail/CVE-2024-45336) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "6.1"
}
},
{
"id": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-j5w8-q4qc-rx2x medium vulnerability for golang.org/x/crypto package"
},
"fullDescription": {
"text": "golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-j5w8-q4qc-rx2x\nSeverity: medium\nPackage: golang.org/x/crypto\nVersion: v0.23.0\nFix Version: 0.45.0\nType: go-module\nLocation: /docs/debugging/inspect/inspect\nData Namespace: github:language:go\nLink: [GHSA-j5w8-q4qc-rx2x](https://github.com/advisories/GHSA-j5w8-q4qc-rx2x)",
"markdown": "**Vulnerability GHSA-j5w8-q4qc-rx2x**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | golang.org/x/crypto | v0.23.0 | 0.45.0 | go-module | /docs/debugging/inspect/inspect | github:language:go | [GHSA-j5w8-q4qc-rx2x](https://github.com/advisories/GHSA-j5w8-q4qc-rx2x) |\n"
},
"properties": {
"purls": [
"pkg:golang/golang.org/x/crypto@v0.23.0"
],
"security-severity": "5.3"
}
},
{
"id": "CVE-2024-34155-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2024-34155 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2024-34155\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.22.7,1.23.1\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155)",
"markdown": "**Vulnerability CVE-2024-34155**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.22.7,1.23.1 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "4.3"
}
},
{
"id": "CVE-2024-45341-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2024-45341 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2024-45341\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.22.11,1.23.5,1.24.0-rc.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2024-45341](https://nvd.nist.gov/vuln/detail/CVE-2024-45341)",
"markdown": "**Vulnerability CVE-2024-45341**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.22.11,1.23.5,1.24.0-rc.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2024-45341](https://nvd.nist.gov/vuln/detail/CVE-2024-45341) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "6.1"
}
},
{
"id": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-f6x5-jh6r-wrfv medium vulnerability for golang.org/x/crypto package"
},
"fullDescription": {
"text": "golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-f6x5-jh6r-wrfv\nSeverity: medium\nPackage: golang.org/x/crypto\nVersion: v0.23.0\nFix Version: 0.45.0\nType: go-module\nLocation: /docs/debugging/inspect/inspect\nData Namespace: github:language:go\nLink: [GHSA-f6x5-jh6r-wrfv](https://github.com/advisories/GHSA-f6x5-jh6r-wrfv)",
"markdown": "**Vulnerability GHSA-f6x5-jh6r-wrfv**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | golang.org/x/crypto | v0.23.0 | 0.45.0 | go-module | /docs/debugging/inspect/inspect | github:language:go | [GHSA-f6x5-jh6r-wrfv](https://github.com/advisories/GHSA-f6x5-jh6r-wrfv) |\n"
},
"properties": {
"purls": [
"pkg:golang/golang.org/x/crypto@v0.23.0"
],
"security-severity": "5.3"
}
},
{
"id": "CVE-2025-22871-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-22871 critical vulnerability for stdlib package"
},
"fullDescription": {
"text": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-22871\nSeverity: critical\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.23.8,1.24.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871)",
"markdown": "**Vulnerability CVE-2025-22871**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| critical | stdlib | go1.22.5 | 1.23.8,1.24.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-22871](https://nvd.nist.gov/vuln/detail/CVE-2025-22871) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "9.1"
}
},
{
"id": "CVE-2025-61723-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-61723 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-61723\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-61723](https://nvd.nist.gov/vuln/detail/CVE-2025-61723)",
"markdown": "**Vulnerability CVE-2025-61723**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-61723](https://nvd.nist.gov/vuln/detail/CVE-2025-61723) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.5"
}
},
{
"id": "CVE-2025-61725-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-61725 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-61725\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-61725](https://nvd.nist.gov/vuln/detail/CVE-2025-61725)",
"markdown": "**Vulnerability CVE-2025-61725**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-61725](https://nvd.nist.gov/vuln/detail/CVE-2025-61725) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.5"
}
},
{
"id": "CVE-2025-58185-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-58185 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-58185\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-58185](https://nvd.nist.gov/vuln/detail/CVE-2025-58185)",
"markdown": "**Vulnerability CVE-2025-58185**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-58185](https://nvd.nist.gov/vuln/detail/CVE-2025-58185) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "5.3"
}
},
{
"id": "CVE-2025-47907-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-47907 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-47907\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.23.12,1.24.6\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907)",
"markdown": "**Vulnerability CVE-2025-47907**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.23.12,1.24.6 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-47907](https://nvd.nist.gov/vuln/detail/CVE-2025-47907) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.0"
}
},
{
"id": "CVE-2025-58186-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-58186 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-58186\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-58186](https://nvd.nist.gov/vuln/detail/CVE-2025-58186)",
"markdown": "**Vulnerability CVE-2025-58186**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-58186](https://nvd.nist.gov/vuln/detail/CVE-2025-58186) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "5.3"
}
},
{
"id": "CVE-2025-61724-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-61724 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-61724\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-61724](https://nvd.nist.gov/vuln/detail/CVE-2025-61724)",
"markdown": "**Vulnerability CVE-2025-61724**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-61724](https://nvd.nist.gov/vuln/detail/CVE-2025-61724) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "5.3"
}
},
{
"id": "CVE-2025-47912-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-47912 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-47912\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-47912](https://nvd.nist.gov/vuln/detail/CVE-2025-47912)",
"markdown": "**Vulnerability CVE-2025-47912**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-47912](https://nvd.nist.gov/vuln/detail/CVE-2025-47912) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "5.3"
}
},
{
"id": "CVE-2025-47906-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-47906 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-47906\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.23.12,1.24.6\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-47906](https://nvd.nist.gov/vuln/detail/CVE-2025-47906)",
"markdown": "**Vulnerability CVE-2025-47906**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.23.12,1.24.6 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-47906](https://nvd.nist.gov/vuln/detail/CVE-2025-47906) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "6.5"
}
},
{
"id": "GHSA-f9f8-9pmf-xv68-helm.sh/helm/v3",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-f9f8-9pmf-xv68 medium vulnerability for helm.sh/helm/v3 package"
},
"fullDescription": {
"text": "Helm May Panic Due To Incorrect YAML Content"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-f9f8-9pmf-xv68\nSeverity: medium\nPackage: helm.sh/helm/v3\nVersion: v3.17.3\nFix Version: 3.18.5\nType: go-module\nLocation: /integrationtests/go.mod\nData Namespace: github:language:go\nLink: [GHSA-f9f8-9pmf-xv68](https://github.com/advisories/GHSA-f9f8-9pmf-xv68)",
"markdown": "**Vulnerability GHSA-f9f8-9pmf-xv68**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | helm.sh/helm/v3 | v3.17.3 | 3.18.5 | go-module | /integrationtests/go.mod | github:language:go | [GHSA-f9f8-9pmf-xv68](https://github.com/advisories/GHSA-f9f8-9pmf-xv68) |\n"
},
"properties": {
"purls": [
"pkg:golang/helm.sh/helm/v3@v3.17.3"
],
"security-severity": "6.5"
}
},
{
"id": "CVE-2025-22874-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-22874 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-22874\nSeverity: high\nPackage: stdlib\nVersion: go1.24.1\nFix Version: 1.24.4\nType: go-module\nLocation: /warp\nData Namespace: nvd:cpe\nLink: [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/CVE-2025-22874)",
"markdown": "**Vulnerability CVE-2025-22874**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.24.1 | 1.24.4 | go-module | /warp | nvd:cpe | [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/CVE-2025-22874) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.24.1"
],
"security-severity": "7.5"
}
},
{
"id": "GHSA-4xh5-x5gv-qwph-pip",
"name": "PythonMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-4xh5-x5gv-qwph medium vulnerability for pip package"
},
"fullDescription": {
"text": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-4xh5-x5gv-qwph\nSeverity: medium\nPackage: pip\nVersion: 24.0\nFix Version: 25.3\nType: python\nLocation: /.venv/lib/python3.12/site-packages/pip-24.0.dist-info/METADATA\nData Namespace: github:language:python\nLink: [GHSA-4xh5-x5gv-qwph](https://github.com/advisories/GHSA-4xh5-x5gv-qwph)",
"markdown": "**Vulnerability GHSA-4xh5-x5gv-qwph**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | pip | 24.0 | 25.3 | python | /.venv/lib/python3.12/site-packages/pip-24.0.dist-info/METADATA | github:language:python | [GHSA-4xh5-x5gv-qwph](https://github.com/advisories/GHSA-4xh5-x5gv-qwph) |\n"
},
"properties": {
"purls": [
"pkg:pypi/pip@24.0"
],
"security-severity": "5.9"
}
},
{
"id": "CVE-2025-58187-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-58187 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-58187\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.9,1.25.3\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-58187](https://nvd.nist.gov/vuln/detail/CVE-2025-58187)",
"markdown": "**Vulnerability CVE-2025-58187**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.24.9,1.25.3 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-58187](https://nvd.nist.gov/vuln/detail/CVE-2025-58187) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.5"
}
},
{
"id": "CVE-2025-58188-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-58188 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-58188\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-58188](https://nvd.nist.gov/vuln/detail/CVE-2025-58188)",
"markdown": "**Vulnerability CVE-2025-58188**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-58188](https://nvd.nist.gov/vuln/detail/CVE-2025-58188) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "7.5"
}
},
{
"id": "GHSA-557j-xg8c-q2mm-helm.sh/helm/v3",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-557j-xg8c-q2mm high vulnerability for helm.sh/helm/v3 package"
},
"fullDescription": {
"text": "Helm vulnerable to Code Injection through malicious chart.yaml content"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-557j-xg8c-q2mm\nSeverity: high\nPackage: helm.sh/helm/v3\nVersion: v3.17.3\nFix Version: 3.17.4\nType: go-module\nLocation: /integrationtests/go.mod\nData Namespace: github:language:go\nLink: [GHSA-557j-xg8c-q2mm](https://github.com/advisories/GHSA-557j-xg8c-q2mm)",
"markdown": "**Vulnerability GHSA-557j-xg8c-q2mm**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | helm.sh/helm/v3 | v3.17.3 | 3.17.4 | go-module | /integrationtests/go.mod | github:language:go | [GHSA-557j-xg8c-q2mm](https://github.com/advisories/GHSA-557j-xg8c-q2mm) |\n"
},
"properties": {
"purls": [
"pkg:golang/helm.sh/helm/v3@v3.17.3"
],
"security-severity": "8.5"
}
},
{
"id": "GHSA-vvgc-356p-c3xw-golang.org/x/net",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-vvgc-356p-c3xw medium vulnerability for golang.org/x/net package"
},
"fullDescription": {
"text": "golang.org/x/net vulnerable to Cross-site Scripting"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-vvgc-356p-c3xw\nSeverity: medium\nPackage: golang.org/x/net\nVersion: v0.28.0\nFix Version: 0.38.0\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: github:language:go\nLink: [GHSA-vvgc-356p-c3xw](https://github.com/advisories/GHSA-vvgc-356p-c3xw)",
"markdown": "**Vulnerability GHSA-vvgc-356p-c3xw**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | golang.org/x/net | v0.28.0 | 0.38.0 | go-module | /.github/workflows/multipart/s3-check-md5 | github:language:go | [GHSA-vvgc-356p-c3xw](https://github.com/advisories/GHSA-vvgc-356p-c3xw) |\n"
},
"properties": {
"purls": [
"pkg:golang/golang.org/x/net@v0.28.0"
],
"security-severity": "6.5"
}
},
{
"id": "GHSA-m6hq-p25p-ffr2-github.com/containerd/containerd",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-m6hq-p25p-ffr2 medium vulnerability for github.com/containerd/containerd package"
},
"fullDescription": {
"text": "containerd CRI server: Host memory exhaustion through Attach goroutine leak"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-m6hq-p25p-ffr2\nSeverity: medium\nPackage: github.com/containerd/containerd\nVersion: v1.7.27\nFix Version: 1.7.29\nType: go-module\nLocation: /integrationtests/go.mod\nData Namespace: github:language:go\nLink: [GHSA-m6hq-p25p-ffr2](https://github.com/advisories/GHSA-m6hq-p25p-ffr2)",
"markdown": "**Vulnerability GHSA-m6hq-p25p-ffr2**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | github.com/containerd/containerd | v1.7.27 | 1.7.29 | go-module | /integrationtests/go.mod | github:language:go | [GHSA-m6hq-p25p-ffr2](https://github.com/advisories/GHSA-m6hq-p25p-ffr2) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/containerd/containerd@v1.7.27"
],
"security-severity": "6.9"
}
},
{
"id": "GHSA-qxp5-gwg8-xv66-golang.org/x/net",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-qxp5-gwg8-xv66 medium vulnerability for golang.org/x/net package"
},
"fullDescription": {
"text": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-qxp5-gwg8-xv66\nSeverity: medium\nPackage: golang.org/x/net\nVersion: v0.28.0\nFix Version: 0.36.0\nType: go-module\nLocation: /.github/workflows/multipart/mc\nData Namespace: github:language:go\nLink: [GHSA-qxp5-gwg8-xv66](https://github.com/advisories/GHSA-qxp5-gwg8-xv66)",
"markdown": "**Vulnerability GHSA-qxp5-gwg8-xv66**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | golang.org/x/net | v0.28.0 | 0.36.0 | go-module | /.github/workflows/multipart/mc | github:language:go | [GHSA-qxp5-gwg8-xv66](https://github.com/advisories/GHSA-qxp5-gwg8-xv66) |\n"
},
"properties": {
"purls": [
"pkg:golang/golang.org/x/net@v0.28.0"
],
"security-severity": "4.4"
}
},
{
"id": "CVE-2025-58189-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-58189 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-58189\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-58189](https://nvd.nist.gov/vuln/detail/CVE-2025-58189)",
"markdown": "**Vulnerability CVE-2025-58189**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-58189](https://nvd.nist.gov/vuln/detail/CVE-2025-58189) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "5.3"
}
},
{
"id": "GHSA-9h84-qmv7-982p-helm.sh/helm/v3",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-9h84-qmv7-982p medium vulnerability for helm.sh/helm/v3 package"
},
"fullDescription": {
"text": "Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-9h84-qmv7-982p\nSeverity: medium\nPackage: helm.sh/helm/v3\nVersion: v3.17.3\nFix Version: 3.18.5\nType: go-module\nLocation: /integrationtests/go.mod\nData Namespace: github:language:go\nLink: [GHSA-9h84-qmv7-982p](https://github.com/advisories/GHSA-9h84-qmv7-982p)",
"markdown": "**Vulnerability GHSA-9h84-qmv7-982p**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | helm.sh/helm/v3 | v3.17.3 | 3.18.5 | go-module | /integrationtests/go.mod | github:language:go | [GHSA-9h84-qmv7-982p](https://github.com/advisories/GHSA-9h84-qmv7-982p) |\n"
},
"properties": {
"purls": [
"pkg:golang/helm.sh/helm/v3@v3.17.3"
],
"security-severity": "6.5"
}
},
{
"id": "GHSA-29wx-vh33-7x7r-github.com/golang-jwt/jwt/v4",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-29wx-vh33-7x7r low vulnerability for github.com/golang-jwt/jwt/v4 package"
},
"fullDescription": {
"text": "Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-29wx-vh33-7x7r\nSeverity: low\nPackage: github.com/golang-jwt/jwt/v4\nVersion: v4.5.0\nFix Version: 4.5.1\nType: go-module\nLocation: /.github/workflows/multipart/mc\nData Namespace: github:language:go\nLink: [GHSA-29wx-vh33-7x7r](https://github.com/advisories/GHSA-29wx-vh33-7x7r)",
"markdown": "**Vulnerability GHSA-29wx-vh33-7x7r**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | github.com/golang-jwt/jwt/v4 | v4.5.0 | 4.5.1 | go-module | /.github/workflows/multipart/mc | github:language:go | [GHSA-29wx-vh33-7x7r](https://github.com/advisories/GHSA-29wx-vh33-7x7r) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/golang-jwt/jwt@v4.5.0#v4"
],
"security-severity": "3.1"
}
},
{
"id": "CVE-2025-22866-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-22866 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-22866\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.22.12,1.23.6,1.24.0-rc.3\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-22866](https://nvd.nist.gov/vuln/detail/CVE-2025-22866)",
"markdown": "**Vulnerability CVE-2025-22866**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.22.12,1.23.6,1.24.0-rc.3 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-22866](https://nvd.nist.gov/vuln/detail/CVE-2025-22866) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "4.0"
}
},
{
"id": "CVE-2025-4673-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-4673 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-4673\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.23.10,1.24.4\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-4673](https://nvd.nist.gov/vuln/detail/CVE-2025-4673)",
"markdown": "**Vulnerability CVE-2025-4673**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.23.10,1.24.4 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-4673](https://nvd.nist.gov/vuln/detail/CVE-2025-4673) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "6.8"
}
},
{
"id": "CVE-2025-4674-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-4674 high vulnerability for stdlib package"
},
"fullDescription": {
"text": "The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via \"go get\", are not affected."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-4674\nSeverity: high\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.23.11,1.24.5\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-4674](https://nvd.nist.gov/vuln/detail/CVE-2025-4674)",
"markdown": "**Vulnerability CVE-2025-4674**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | stdlib | go1.22.5 | 1.23.11,1.24.5 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-4674](https://nvd.nist.gov/vuln/detail/CVE-2025-4674) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "8.6"
}
},
{
"id": "CVE-2025-58183-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-58183 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-58183\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.24.8,1.25.2\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-58183](https://nvd.nist.gov/vuln/detail/CVE-2025-58183)",
"markdown": "**Vulnerability CVE-2025-58183**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.24.8,1.25.2 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-58183](https://nvd.nist.gov/vuln/detail/CVE-2025-58183) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "4.3"
}
},
{
"id": "CVE-2025-0913-stdlib",
"name": "GoModuleMatcherCpeMatch",
"shortDescription": {
"text": "CVE-2025-0913 medium vulnerability for stdlib package"
},
"fullDescription": {
"text": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2025-0913\nSeverity: medium\nPackage: stdlib\nVersion: go1.22.5\nFix Version: 1.23.10,1.23.10,1.24.4,1.24.4\nType: go-module\nLocation: /.github/workflows/multipart/s3-check-md5\nData Namespace: nvd:cpe\nLink: [CVE-2025-0913](https://nvd.nist.gov/vuln/detail/CVE-2025-0913)",
"markdown": "**Vulnerability CVE-2025-0913**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | stdlib | go1.22.5 | 1.23.10,1.23.10,1.24.4,1.24.4 | go-module | /.github/workflows/multipart/s3-check-md5 | nvd:cpe | [CVE-2025-0913](https://nvd.nist.gov/vuln/detail/CVE-2025-0913) |\n"
},
"properties": {
"purls": [
"pkg:golang/stdlib@1.22.5"
],
"security-severity": "5.5"
}
},
{
"id": "GHSA-pwhc-rpq9-4c8w-github.com/containerd/containerd",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-pwhc-rpq9-4c8w high vulnerability for github.com/containerd/containerd package"
},
"fullDescription": {
"text": "containerd affected by a local privilege escalation via wide permissions on CRI directory"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-pwhc-rpq9-4c8w\nSeverity: high\nPackage: github.com/containerd/containerd\nVersion: v1.7.27\nFix Version: 1.7.29\nType: go-module\nLocation: /integrationtests/go.mod\nData Namespace: github:language:go\nLink: [GHSA-pwhc-rpq9-4c8w](https://github.com/advisories/GHSA-pwhc-rpq9-4c8w)",
"markdown": "**Vulnerability GHSA-pwhc-rpq9-4c8w**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | github.com/containerd/containerd | v1.7.27 | 1.7.29 | go-module | /integrationtests/go.mod | github:language:go | [GHSA-pwhc-rpq9-4c8w](https://github.com/advisories/GHSA-pwhc-rpq9-4c8w) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/containerd/containerd@v1.7.27"
],
"security-severity": "7.3"
}
},
{
"id": "GHSA-cxww-7g56-2vh6-actions/download-artifact",
"name": "StockMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-cxww-7g56-2vh6 high vulnerability for actions/download-artifact package"
},
"fullDescription": {
"text": "@actions/download-artifact has an Arbitrary File Write via artifact extraction"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-cxww-7g56-2vh6\nSeverity: high\nPackage: actions/download-artifact\nVersion: v4\nFix Version: 4.1.3\nType: github-action\nLocation: /.github/workflows/race-tests.yaml\nData Namespace: github:language:github-action\nLink: [GHSA-cxww-7g56-2vh6](https://github.com/advisories/GHSA-cxww-7g56-2vh6)",
"markdown": "**Vulnerability GHSA-cxww-7g56-2vh6**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | actions/download-artifact | v4 | 4.1.3 | github-action | /.github/workflows/race-tests.yaml | github:language:github-action | [GHSA-cxww-7g56-2vh6](https://github.com/advisories/GHSA-cxww-7g56-2vh6) |\n"
},
"properties": {
"purls": [
"pkg:github/actions/download-artifact@v4"
],
"security-severity": "7.3"
}
},
{
"id": "GHSA-2464-8j7c-4cjm-github.com/go-viper/mapstructure/v2",
"name": "GoModuleMatcherExactDirectMatch",
"shortDescription": {
"text": "GHSA-2464-8j7c-4cjm medium vulnerability for github.com/go-viper/mapstructure/v2 package"
},
"fullDescription": {
"text": "go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability GHSA-2464-8j7c-4cjm\nSeverity: medium\nPackage: github.com/go-viper/mapstructure/v2\nVersion: v2.3.0\nFix Version: 2.4.0\nType: go-module\nLocation: /.bin/golangci/golangci-lint\nData Namespace: github:language:go\nLink: [GHSA-2464-8j7c-4cjm](https://github.com/advisories/GHSA-2464-8j7c-4cjm)",
"markdown": "**Vulnerability GHSA-2464-8j7c-4cjm**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | github.com/go-viper/mapstructure/v2 | v2.3.0 | 2.4.0 | go-module | /.bin/golangci/golangci-lint | github:language:go | [GHSA-2464-8j7c-4cjm](https://github.com/advisories/GHSA-2464-8j7c-4cjm) |\n"
},
"properties": {
"purls": [
"pkg:golang/github.com/go-viper/mapstructure@v2.3.0#v2"
],
"security-severity": "5.3"
}
}
]
}
},
"results": [
{
"ruleId": "GHSA-v778-237x-gjrc-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: golang.org/x/crypto, version v0.23.0 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4489112f5e9c2c63bdc151392b4b3dca1c4206e249cfbb5b41aafd078bb9e3d7:1"
}
},
{
"ruleId": "GHSA-v778-237x-gjrc-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "879215707d1035e420ebfc2ea760a8a640932447935dbc711f0d723b85ff8c7b:1"
}
},
{
"ruleId": "GHSA-v778-237x-gjrc-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ef4d47c40f526a22aa738f96ddbfac6582428869ddfc388bfb688da0f99515cf:1"
}
},
{
"ruleId": "CVE-2024-34156-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2024-34156-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: golang.org/x/crypto, version v0.23.0 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4489112f5e9c2c63bdc151392b4b3dca1c4206e249cfbb5b41aafd078bb9e3d7:1"
}
},
{
"ruleId": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "879215707d1035e420ebfc2ea760a8a640932447935dbc711f0d723b85ff8c7b:1"
}
},
{
"ruleId": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ef4d47c40f526a22aa738f96ddbfac6582428869ddfc388bfb688da0f99515cf:1"
}
},
{
"ruleId": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cf7011eca6ba9184f43eb8f4327595c5ae9b1a7cf73744267d6f5401dea765db:1"
}
},
{
"ruleId": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "2ef5772a071242ec40d41fea6c68d18d27249ee94cc84f4578c6f5fc20b541f6:1"
}
},
{
"ruleId": "GHSA-hcg3-q754-cr77-golang.org/x/crypto",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /docs/debugging/inspect/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4f4769a562e85ade421801098102129355150bbafdd3cc7f046c1289dc000b08:1"
}
},
{
"ruleId": "CVE-2024-34158-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2024-34158-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "GHSA-47m2-4cr7-mhcw-github.com/quic-go/quic-go",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: github.com/quic-go/quic-go, version v0.53.0 was found at: /minio"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/minio"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "c12dc2b173d97f08f66d6674769a8977b6805b7f655d008f80a34f49628eb2f2:1"
}
},
{
"ruleId": "GHSA-47m2-4cr7-mhcw-github.com/quic-go/quic-go",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: github.com/quic-go/quic-go, version v0.53.0 was found at: /minio-release/linux-amd64/minio.RELEASE.2025-10-17T06-17-41Z.hotfix.11913d029"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/minio-release/linux-amd64/minio.RELEASE.2025-10-17T06-17-41Z.hotfix.11913d029"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8c1a8cfbd7d93adac4c368c6c09f66477d8c71635156b9b47a4ae6ba2625263c:1"
}
},
{
"ruleId": "GHSA-mh63-6h87-95cp-github.com/golang-jwt/jwt/v4",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: github.com/golang-jwt/jwt/v4, version v4.5.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "c092c86e2a643c11cc94bf5f43ace89ee3906c53da5a86cf39c78627f439a0bb:1"
}
},
{
"ruleId": "GHSA-mh63-6h87-95cp-github.com/golang-jwt/jwt/v4",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: github.com/golang-jwt/jwt/v4, version v4.5.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "a6674ada2fc301b9f466e9378a2c147af75694d2c313b7efbed741a462053b50:1"
}
},
{
"ruleId": "GHSA-mh63-6h87-95cp-github.com/golang-jwt/jwt/v5",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: github.com/golang-jwt/jwt/v5, version v5.2.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "9dc552210cf456555ca70eed97bb95635cc078227608831c1342fdc20329ac70:1"
}
},
{
"ruleId": "CVE-2024-45336-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2024-45336-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2024-45336-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.23.0 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4489112f5e9c2c63bdc151392b4b3dca1c4206e249cfbb5b41aafd078bb9e3d7:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "879215707d1035e420ebfc2ea760a8a640932447935dbc711f0d723b85ff8c7b:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ef4d47c40f526a22aa738f96ddbfac6582428869ddfc388bfb688da0f99515cf:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /docs/debugging/inspect/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4f4769a562e85ade421801098102129355150bbafdd3cc7f046c1289dc000b08:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cf7011eca6ba9184f43eb8f4327595c5ae9b1a7cf73744267d6f5401dea765db:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "2ef5772a071242ec40d41fea6c68d18d27249ee94cc84f4578c6f5fc20b541f6:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.35.0 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "835393c8d09b1f16a19d63b77d12a933ba79b8b344277b92460229461db6facd:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.36.0 was found at: /docs/debugging/s3-verify/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/s3-verify/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "7396e61be830640a8c4e7491f6a432a04f79c05e62518279ab89702a39f71c68:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.36.0 was found at: /s3-verify"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/s3-verify"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "24331bbf2104e8883be1afa0098fc2ae1a17eb9ad7ef0843ba78578f987d8a90:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.39.0 was found at: /minio"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/minio"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "b8c1f304cd12f799d01058c690b77e13a646a9365c094452b9b0064a048c0b94:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.39.0 was found at: /minio-release/linux-amd64/minio.RELEASE.2025-10-17T06-17-41Z.hotfix.11913d029"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/minio-release/linux-amd64/minio.RELEASE.2025-10-17T06-17-41Z.hotfix.11913d029"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "32041ab2ba9a486bfc8383f1a07e5f9bcdb0021a8340e4de88611e785c5f992d:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.40.0 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "046fbb771e4f8528044f5bdd2824cc159a3bde3e5e5f978d19ea026594edc26a:1"
}
},
{
"ruleId": "GHSA-j5w8-q4qc-rx2x-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.43.0 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4c7bc7f8e187c2e1be6ef67c96706d766e830ae2fa82477e8808dbbef8baf981:1"
}
},
{
"ruleId": "CVE-2024-34155-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2024-34155-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2024-45341-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2024-45341-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2024-45341-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.23.0 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4489112f5e9c2c63bdc151392b4b3dca1c4206e249cfbb5b41aafd078bb9e3d7:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "879215707d1035e420ebfc2ea760a8a640932447935dbc711f0d723b85ff8c7b:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.26.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ef4d47c40f526a22aa738f96ddbfac6582428869ddfc388bfb688da0f99515cf:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cf7011eca6ba9184f43eb8f4327595c5ae9b1a7cf73744267d6f5401dea765db:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "2ef5772a071242ec40d41fea6c68d18d27249ee94cc84f4578c6f5fc20b541f6:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.31.0 was found at: /docs/debugging/inspect/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4f4769a562e85ade421801098102129355150bbafdd3cc7f046c1289dc000b08:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.35.0 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "835393c8d09b1f16a19d63b77d12a933ba79b8b344277b92460229461db6facd:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.36.0 was found at: /docs/debugging/s3-verify/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/s3-verify/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "7396e61be830640a8c4e7491f6a432a04f79c05e62518279ab89702a39f71c68:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.36.0 was found at: /s3-verify"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/s3-verify"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "24331bbf2104e8883be1afa0098fc2ae1a17eb9ad7ef0843ba78578f987d8a90:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.39.0 was found at: /minio-release/linux-amd64/minio.RELEASE.2025-10-17T06-17-41Z.hotfix.11913d029"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/minio-release/linux-amd64/minio.RELEASE.2025-10-17T06-17-41Z.hotfix.11913d029"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "32041ab2ba9a486bfc8383f1a07e5f9bcdb0021a8340e4de88611e785c5f992d:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.39.0 was found at: /minio"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/minio"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "b8c1f304cd12f799d01058c690b77e13a646a9365c094452b9b0064a048c0b94:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.40.0 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "046fbb771e4f8528044f5bdd2824cc159a3bde3e5e5f978d19ea026594edc26a:1"
}
},
{
"ruleId": "GHSA-f6x5-jh6r-wrfv-golang.org/x/crypto",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/crypto, version v0.43.0 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "4c7bc7f8e187c2e1be6ef67c96706d766e830ae2fa82477e8808dbbef8baf981:1"
}
},
{
"ruleId": "CVE-2025-22871-stdlib",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-22871-stdlib",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-22871-stdlib",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-22871-stdlib",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-22871-stdlib",
"level": "error",
"message": {
"text": "A critical vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-61723-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-61725-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58185-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-47907-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58186-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-61724-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-47912-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-47906-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "GHSA-f9f8-9pmf-xv68-helm.sh/helm/v3",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: helm.sh/helm/v3, version v3.17.3 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "69ecb1a4b6ce4d0a47399f871e6d0c0cadaab8e1c9b1d3bbf4cb46129f488beb:1"
}
},
{
"ruleId": "CVE-2025-22874-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-22874-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-22874-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-22874-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "GHSA-4xh5-x5gv-qwph-pip",
"level": "warning",
"message": {
"text": "A medium vulnerability in python package: pip, version 24.0 was found at: /.venv/lib/python3.12/site-packages/pip-24.0.dist-info/METADATA"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.venv/lib/python3.12/site-packages/pip-24.0.dist-info/METADATA"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "c0b7f30d77d242207e4fcde4f7e774ca7d76ff47c3ee0cf57b5c6b0bee6fefca:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58187-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-58188-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "GHSA-557j-xg8c-q2mm-helm.sh/helm/v3",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: helm.sh/helm/v3, version v3.17.3 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "69ecb1a4b6ce4d0a47399f871e6d0c0cadaab8e1c9b1d3bbf4cb46129f488beb:1"
}
},
{
"ruleId": "GHSA-vvgc-356p-c3xw-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.28.0 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ecf596cca994eff8071b9f557feb193f6c4c39558f204efec0ea3d7fdf0c6fb0:1"
}
},
{
"ruleId": "GHSA-vvgc-356p-c3xw-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.28.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cbd3ee5615f0465a458290471ff39a21c3ac7ca567e922ba1ceb61528c60b19e:1"
}
},
{
"ruleId": "GHSA-vvgc-356p-c3xw-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.32.0 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ce5b693ae91e5a319c531623f2583a98b6bff505317918893953f9218f7d5378:1"
}
},
{
"ruleId": "GHSA-vvgc-356p-c3xw-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.34.0 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "2f30e20c10fb1700fcb5fb42f266c1dbb0a29113e3eb1b6cdd7cb7f4ea55d04a:1"
}
},
{
"ruleId": "GHSA-m6hq-p25p-ffr2-github.com/containerd/containerd",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: github.com/containerd/containerd, version v1.7.27 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "49b2001be73cef7ce70cbc2ca9d778146151dacc54c9da6d5e2b0ac91dc6a882:1"
}
},
{
"ruleId": "GHSA-qxp5-gwg8-xv66-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.28.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cbd3ee5615f0465a458290471ff39a21c3ac7ca567e922ba1ceb61528c60b19e:1"
}
},
{
"ruleId": "GHSA-qxp5-gwg8-xv66-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.28.0 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ecf596cca994eff8071b9f557feb193f6c4c39558f204efec0ea3d7fdf0c6fb0:1"
}
},
{
"ruleId": "GHSA-qxp5-gwg8-xv66-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.32.0 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ce5b693ae91e5a319c531623f2583a98b6bff505317918893953f9218f7d5378:1"
}
},
{
"ruleId": "GHSA-qxp5-gwg8-xv66-golang.org/x/net",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: golang.org/x/net, version v0.34.0 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "2f30e20c10fb1700fcb5fb42f266c1dbb0a29113e3eb1b6cdd7cb7f4ea55d04a:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58189-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "GHSA-9h84-qmv7-982p-helm.sh/helm/v3",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: helm.sh/helm/v3, version v3.17.3 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "69ecb1a4b6ce4d0a47399f871e6d0c0cadaab8e1c9b1d3bbf4cb46129f488beb:1"
}
},
{
"ruleId": "GHSA-29wx-vh33-7x7r-github.com/golang-jwt/jwt/v4",
"level": "note",
"message": {
"text": "A low vulnerability in go-module package: github.com/golang-jwt/jwt/v4, version v4.5.0 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "c092c86e2a643c11cc94bf5f43ace89ee3906c53da5a86cf39c78627f439a0bb:1"
}
},
{
"ruleId": "CVE-2025-22866-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-22866-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-22866-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-4673-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-4674-stdlib",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-58183-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.4 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "17e53e92fb846a78965e53f4d15bd180959e1e3fc81a1786b6ed080d6ea5db44:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.5 was found at: /.github/workflows/multipart/s3-check-md5"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/s3-check-md5"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ea1f0978dacb620344f42b4bd831c851bcb47ccd16ba22828c2496ab91032322:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.22.6 was found at: /.github/workflows/multipart/mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/multipart/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "cdaa42c50d7bc4a84d3e1f768b30166b24a0f396e14a731b73c046fbde8bf8f3:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.23.2 was found at: /docs/debugging/inspect/inspect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/docs/debugging/inspect/inspect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "8b78697ae7923d05f9478f6066f3a3b14678cb29d2487cfe9c2d4118531e168b:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /kes"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/kes"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "96d716e3cf224199e8a16a76c7c737077e46f6f8a52388d20bb22b9fafa1c61f:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.1 was found at: /warp"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/warp"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "6607bdc63d80a238eb98547aec5e82924bdfb0fc7931fce363b2d808153dfbfc:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /scripts/ebpf/minio-protect"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/scripts/ebpf/minio-protect"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ade8f6aee09e273ca4eaae5b71efe5e4ec9b9d412330a59f102beb617ac7c702:1"
}
},
{
"ruleId": "CVE-2025-0913-stdlib",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: stdlib, version go1.24.3 was found at: /mc"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/mc"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5366a899b796978cd0c97a1cb81f227bf49aa104871890b9e2b6c2874dd5117a:1"
}
},
{
"ruleId": "GHSA-pwhc-rpq9-4c8w-github.com/containerd/containerd",
"level": "error",
"message": {
"text": "A high vulnerability in go-module package: github.com/containerd/containerd, version v1.7.27 was found at: /integrationtests/go.mod"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/integrationtests/go.mod"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "49b2001be73cef7ce70cbc2ca9d778146151dacc54c9da6d5e2b0ac91dc6a882:1"
}
},
{
"ruleId": "GHSA-cxww-7g56-2vh6-actions/download-artifact",
"level": "error",
"message": {
"text": "A high vulnerability in github-action package: actions/download-artifact, version v4 was found at: /.github/workflows/race-tests.yaml"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/race-tests.yaml"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "5e7cf75fb2e0afcb1eaa448ddc45c00b5412f6b1fbebc738f2904b90bc1efa9c:1"
}
},
{
"ruleId": "GHSA-cxww-7g56-2vh6-actions/download-artifact",
"level": "error",
"message": {
"text": "A high vulnerability in github-action package: actions/download-artifact, version v4 was found at: /.github/workflows/deployer.yaml"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/deployer.yaml"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "82b2428a9118192d06d03cd5c2f9f600c1c31408d3ae4eecbf69b27e36b551c9:1"
}
},
{
"ruleId": "GHSA-cxww-7g56-2vh6-actions/download-artifact",
"level": "error",
"message": {
"text": "A high vulnerability in github-action package: actions/download-artifact, version v4 was found at: /.github/workflows/integration-tests.yaml"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/integration-tests.yaml"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "2321bf3b7654ef9e0452ae4a07c898d64389c77fd3fd73407859cbe6049e2a88:1"
}
},
{
"ruleId": "GHSA-cxww-7g56-2vh6-actions/download-artifact",
"level": "error",
"message": {
"text": "A high vulnerability in github-action package: actions/download-artifact, version v4 was found at: /.github/workflows/tables-integration-tests.yaml"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.github/workflows/tables-integration-tests.yaml"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "04e939f2aeeb2ab7cccfe896869403be59588573bae7f5533b905e7bb6c83fb2:1"
}
},
{
"ruleId": "GHSA-2464-8j7c-4cjm-github.com/go-viper/mapstructure/v2",
"level": "warning",
"message": {
"text": "A medium vulnerability in go-module package: github.com/go-viper/mapstructure/v2, version v2.3.0 was found at: /.bin/golangci/golangci-lint"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "/.bin/golangci/golangci-lint"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "ab6def8a73563e14d766b2a3af0215a36900ab367491c75e250db17cb1b0ab8c:1"
}
}
]
}
]
}