pandora/forgejo-woodpecker.image-copy
3
0
Fork 0
generated from pandora/image-copy.template
Code Issues 2 Pull requests Projects Releases Packages 3 Wiki Activity Actions

Vulnerability dashboard #4

New issue
Open
opened 2026-04-12 20:43:47 +00:00 by bot-ci · 0 comments
bot-ci commented 2026-04-12 20:43:47 +00:00
Owner
Copy link

This issue list updates about vulnerabilites that are detected by trivy.woodpecker plugin.

Summary

Severity Count
CRITICAL 0
HIGH 13
MEDIUM 11
LOW 3
UNKNOWN 2

Detected packages and vulnerabilites

Packages

app/gitea/gitea:

Name Version
forgejo.org 15.0.0+gitea-1.22.0
stdlib v1.26.2
cloud.google.com/go/compute/metadata v0.6.0
code.forgejo.org/f3/gof3/v3 v3.11.15
code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab
code.forgejo.org/forgejo/actions-proto v0.7.0
code.forgejo.org/forgejo/go-rpmutils v1.0.0
code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
code.forgejo.org/forgejo/levelqueue v1.0.0
code.forgejo.org/forgejo/reply v1.0.2
code.forgejo.org/forgejo/runner/v12 v12.8.0
code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616
code.forgejo.org/go-chi/binding v1.0.1
code.forgejo.org/go-chi/cache v1.0.1
code.forgejo.org/go-chi/captcha v1.0.2
code.forgejo.org/go-chi/session v1.0.3
code.forgejo.org/xorm/xorm v1.3.9-forgejo.10
code.gitea.io/sdk/gitea v0.21.0
code.superseriousbusiness.org/exif-terminator v0.11.1
code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0
codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
connectrpc.com/connect v1.19.1
filippo.io/edwards25519 v1.1.1
github.com/42wim/httpsig v1.2.3
github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
github.com/6543/go-version v1.3.1
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
github.com/ProtonMail/go-crypto v1.4.1
github.com/RoaringBitmap/roaring/v2 v2.4.5
github.com/STARRY-S/zip v0.2.3
github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
github.com/alecthomas/chroma/v2 v2.23.1
github.com/andybalholm/brotli v1.2.0
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
github.com/aymerick/douceur v0.2.0
github.com/beorn7/perks v1.0.1
github.com/bits-and-blooms/bitset v1.22.0
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
github.com/blevesearch/bleve/v2 v2.5.7
github.com/blevesearch/bleve_index_api v1.2.11
github.com/blevesearch/geo v0.2.4
github.com/blevesearch/go-porterstemmer v1.0.3
github.com/blevesearch/gtreap v0.1.1
github.com/blevesearch/mmap-go v1.0.4
github.com/blevesearch/scorch_segment_api/v2 v2.3.13
github.com/blevesearch/segment v0.9.1
github.com/blevesearch/snowballstem v0.9.0
github.com/blevesearch/upsidedown_store_api v1.0.2
github.com/blevesearch/vellum v1.1.0
github.com/blevesearch/zapx/v11 v11.4.2
github.com/blevesearch/zapx/v12 v12.4.2
github.com/blevesearch/zapx/v13 v13.4.2
github.com/blevesearch/zapx/v14 v14.4.2
github.com/blevesearch/zapx/v15 v15.4.2
github.com/blevesearch/zapx/v16 v16.2.8
github.com/bmatcuk/doublestar/v4 v4.9.1
github.com/bodgit/plumbing v1.3.0
github.com/bodgit/sevenzip v1.6.1
github.com/bodgit/windows v1.0.1
github.com/boombuler/barcode v1.0.1
github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf
github.com/buildkite/terminal-to-html/v3 v3.16.8
github.com/caddyserver/certmagic v0.24.0
github.com/caddyserver/zerossl v0.1.3
github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a
github.com/cespare/xxhash/v2 v2.3.0
github.com/chi-middleware/proxy v1.1.1
github.com/cloudflare/circl v1.6.3
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f
github.com/djherbis/buffer v1.2.0
github.com/djherbis/nio/v3 v3.0.1
github.com/dlclark/regexp2 v1.11.5
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707
github.com/dsoprea/go-exif/v3 v3.0.1
github.com/dsoprea/go-iptc v0.0.0-20200609062250-162ae6b44feb
github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd
github.com/dsoprea/go-photoshop-info-format v0.0.0-20200609050348-3db9b63b202c
github.com/dsoprea/go-utility/v2 v2.0.0-20221003172846-a3e1774ef349
github.com/dustin/go-humanize v1.0.1
github.com/editorconfig/editorconfig-core-go/v2 v2.6.4
github.com/emersion/go-imap v1.2.1
github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43
github.com/fatih/color v1.18.0
github.com/felixge/fgprof v0.9.5
github.com/fsnotify/fsnotify v1.9.0
github.com/fxamacker/cbor/v2 v2.9.0
github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7
github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667
github.com/go-chi/chi/v5 v5.2.5
github.com/go-chi/cors v1.2.2
github.com/go-co-op/gocron v1.37.0
github.com/go-enry/go-enry/v2 v2.9.5
github.com/go-errors/errors v1.4.2
github.com/go-fed/httpsig v1.1.0
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
github.com/go-git/go-billy/v5 v5.8.0
github.com/go-git/go-git/v5 v5.17.1
github.com/go-ini/ini v1.67.0
github.com/go-ldap/ldap/v3 v3.4.12
github.com/go-sql-driver/mysql v1.9.3
github.com/go-viper/mapstructure/v2 v2.5.0
github.com/go-webauthn/webauthn v0.16.1
github.com/go-webauthn/x v0.2.2
github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b
github.com/gobwas/glob v0.2.3
github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
github.com/golang-jwt/jwt/v5 v5.3.1
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
github.com/golang/geo v0.0.0-20210211234256-740aa86cb551
github.com/golang/snappy v0.0.4
github.com/google/btree v1.1.3
github.com/google/go-cmp v0.7.0
github.com/google/go-github/v81 v81.0.0
github.com/google/go-querystring v1.1.0
github.com/google/go-tpm v0.9.8
github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8
github.com/google/uuid v1.6.0
github.com/gorilla/css v1.0.1
github.com/gorilla/feeds v1.2.0
github.com/gorilla/mux v1.8.1
github.com/gorilla/securecookie v1.1.2
github.com/gorilla/sessions v1.4.0
github.com/hashicorp/go-cleanhttp v0.5.2
github.com/hashicorp/go-retryablehttp v0.7.8
github.com/hashicorp/golang-lru/v2 v2.0.7
github.com/huandu/xstrings v1.5.0
github.com/inbucket/html2text v0.9.0
github.com/jackc/pgpassfile v1.0.0
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761
github.com/jackc/pgx/v5 v5.9.1
github.com/jackc/puddle/v2 v2.2.2
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99
github.com/jhillyerd/enmime/v2 v2.2.0
github.com/josharian/intern v1.0.0
github.com/json-iterator/go v1.1.12
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/klauspost/compress v1.18.4
github.com/klauspost/cpuid/v2 v2.2.11
github.com/klauspost/crc32 v1.3.0
github.com/klauspost/pgzip v1.2.6
github.com/lib/pq v1.11.2
github.com/libdns/libdns v1.0.0
github.com/mailru/easyjson v0.9.0
github.com/markbates/going v1.0.3
github.com/markbates/goth v1.82.0
github.com/mattn/go-colorable v0.1.14
github.com/mattn/go-isatty v0.0.20
github.com/mattn/go-runewidth v0.0.17
github.com/mattn/go-shellwords v1.0.12
github.com/mattn/go-sqlite3 v1.14.40
github.com/meilisearch/meilisearch-go v0.36.0
github.com/mholt/acmez/v3 v3.1.2
github.com/mholt/archives v0.1.5
github.com/microcosm-cc/bluemonday v1.0.27
github.com/miekg/dns v1.1.63
github.com/mikelolasagasti/xz v1.0.1
github.com/minio/crc64nvme v1.1.1
github.com/minio/md5-simd v1.1.2
github.com/minio/minio-go/v7 v7.0.99
github.com/minio/minlz v1.0.1
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 v1.0.2
github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
github.com/niklasfasching/go-org v1.9.1
github.com/nwaples/rardecode/v2 v2.2.0
github.com/olekukonko/errors v1.1.0
github.com/olekukonko/ll v0.0.9
github.com/olekukonko/tablewriter v1.0.7
github.com/olivere/elastic/v7 v7.0.32
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
github.com/philhofer/fwd v1.2.0
github.com/pierrec/lz4/v4 v4.1.22
github.com/pkg/errors v0.9.1
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
github.com/pquerna/otp v1.5.0
github.com/prometheus/client_golang v1.21.1
github.com/prometheus/client_model v0.6.1
github.com/prometheus/common v0.62.0
github.com/prometheus/procfs v0.15.1
github.com/redis/go-redis/v9 v9.17.3
github.com/rhysd/actionlint v1.7.10
github.com/rivo/uniseg v0.4.7
github.com/robfig/cron/v3 v3.0.1
github.com/rs/xid v1.6.0
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
github.com/sergi/go-diff v1.4.0
github.com/sirupsen/logrus v1.9.4
github.com/sorairolake/lzip-go v0.3.8
github.com/spf13/afero v1.15.0
github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf
github.com/stretchr/objx v0.5.2
github.com/stretchr/testify v1.11.1
github.com/syndtr/goleveldb v1.0.0
github.com/tinylib/msgp v1.6.1
github.com/ulikunitz/xz v0.5.15
github.com/urfave/cli/v3 v3.7.0
github.com/valyala/fastjson v1.6.10
github.com/x448/float16 v0.8.4
github.com/yohcop/openid-go v1.0.1
github.com/yuin/goldmark v1.7.17
github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
github.com/zeebo/blake3 v0.2.4
gitlab.com/gitlab-org/api/client-go v0.143.2
go.etcd.io/bbolt v1.4.3
go.uber.org/atomic v1.11.0
go.uber.org/multierr v1.11.0
go.uber.org/zap v1.27.0
go.uber.org/zap/exp v0.3.0
go.yaml.in/yaml/v3 v3.0.4
go.yaml.in/yaml/v4 v4.0.0-rc.3
go4.org v0.0.0-20230225012048-214862532bf5
golang.org/x/crypto v0.49.0
golang.org/x/image v0.38.0
golang.org/x/mod v0.33.0
golang.org/x/net v0.52.0
golang.org/x/oauth2 v0.36.0
golang.org/x/sync v0.20.0
golang.org/x/sys v0.42.0
golang.org/x/text v0.35.0
golang.org/x/time v0.15.0
google.golang.org/protobuf v1.36.11
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
gopkg.in/ini.v1 v1.67.0
gopkg.in/warnings.v0 v0.1.2
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
mvdan.cc/xurls/v2 v2.6.0
xorm.io/builder v0.3.13

bin/woodpecker-agent:

Name Version
go.woodpecker-ci.org/woodpecker/v3 v3.13.0
stdlib v1.25.5
al.essio.dev/pkg/shellescape v1.6.0
github.com/6543/logfile-open v1.2.1
github.com/cenkalti/backoff/v5 v5.0.3
github.com/containerd/errdefs v1.0.0
github.com/containerd/errdefs/pkg v0.3.0
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/reference v0.6.0
github.com/docker/cli v29.1.4+incompatible
github.com/docker/docker v28.5.2+incompatible
github.com/docker/docker-credential-helpers v0.8.0
github.com/docker/go-connections v0.6.0
github.com/docker/go-units v0.5.0
github.com/drone/envsubst v1.0.3
github.com/emicklei/go-restful/v3 v3.12.2
github.com/fatih/color v1.18.0
github.com/felixge/httpsnoop v1.0.4
github.com/fxamacker/cbor/v2 v2.9.0
github.com/go-logr/logr v1.4.3
github.com/go-logr/stdr v1.2.2
github.com/go-openapi/jsonpointer v0.21.0
github.com/go-openapi/jsonreference v0.21.0
github.com/go-openapi/swag v0.23.0
github.com/go-viper/mapstructure/v2 v2.5.0
github.com/google/gnostic-models v0.7.0
github.com/google/uuid v1.6.0
github.com/hashicorp/go-hclog v1.6.3
github.com/joho/godotenv v1.5.1
github.com/josharian/intern v1.0.0
github.com/json-iterator/go v1.1.12
github.com/mailru/easyjson v0.7.7
github.com/mattn/go-colorable v0.1.13
github.com/mattn/go-isatty v0.0.20
github.com/moby/docker-image-spec v1.3.1
github.com/moby/term v0.5.2
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee
github.com/morikuni/aec v1.0.0
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
github.com/oklog/ulid/v2 v2.1.1
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.2
github.com/pkg/errors v0.9.1
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
github.com/rs/zerolog v1.34.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/pflag v1.0.9
github.com/urfave/cli/v3 v3.6.1
github.com/x448/float16 v0.8.4
go.opentelemetry.io/auto/sdk v1.2.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0
go.opentelemetry.io/otel v1.38.0
go.opentelemetry.io/otel/metric v1.38.0
go.opentelemetry.io/otel/trace v1.38.0
go.yaml.in/yaml/v2 v2.4.3
go.yaml.in/yaml/v3 v3.0.4
golang.org/x/net v0.49.0
golang.org/x/oauth2 v0.34.0
golang.org/x/sync v0.19.0
golang.org/x/sys v0.40.0
golang.org/x/term v0.39.0
golang.org/x/text v0.33.0
golang.org/x/time v0.14.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda
google.golang.org/grpc v1.78.0
google.golang.org/protobuf v1.36.11
gopkg.in/evanphx/json-patch.v4 v4.13.0
gopkg.in/inf.v0 v0.9.1
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.35.0
k8s.io/apimachinery v0.35.0
k8s.io/client-go v0.35.0
k8s.io/klog/v2 v2.130.1
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730
sigs.k8s.io/randfill v1.0.0
sigs.k8s.io/structured-merge-diff/v6 v6.3.0
sigs.k8s.io/yaml v1.6.0

bin/woodpecker-server:

Name Version
go.woodpecker-ci.org/woodpecker/v3 v3.13.0
stdlib v1.25.5
code.gitea.io/sdk/gitea v0.22.1
codeberg.org/6543/go-yaml2json v1.0.0
codeberg.org/6543/xyaml v1.1.0
codeberg.org/mvdkleijn/forgejo-sdk/forgejo/v2 v2.2.0
filippo.io/edwards25519 v1.1.0
github.com/42wim/httpsig v1.2.3
github.com/6543/logfile-open v1.2.1
github.com/KyleBanks/depth v1.2.1
github.com/beorn7/perks v1.0.1
github.com/bmatcuk/doublestar/v4 v4.9.2
github.com/cenkalti/backoff/v5 v5.0.3
github.com/cespare/xxhash/v2 v2.3.0
github.com/distribution/reference v0.6.0
github.com/docker/cli v29.1.4+incompatible
github.com/docker/docker-credential-helpers v0.8.0
github.com/docker/go-units v0.5.0
github.com/drone/envsubst v1.0.3
github.com/dunglas/httpsfv v1.0.2
github.com/expr-lang/expr v1.17.7
github.com/fatih/color v1.18.0
github.com/gabriel-vasile/mimetype v1.4.8
github.com/gdgvda/cron v0.6.0
github.com/gin-contrib/sse v1.1.0
github.com/gin-gonic/gin v1.11.0
github.com/go-fed/httpsig v1.1.0
github.com/go-openapi/jsonpointer v0.21.0
github.com/go-openapi/jsonreference v0.21.0
github.com/go-openapi/spec v0.21.0
github.com/go-openapi/swag v0.23.0
github.com/go-playground/locales v0.14.1
github.com/go-playground/universal-translator v0.18.1
github.com/go-playground/validator/v10 v10.27.0
github.com/go-sql-driver/mysql v1.9.3
github.com/goccy/go-yaml v1.18.0
github.com/golang-jwt/jwt/v5 v5.3.0
github.com/golang/protobuf v1.5.4
github.com/golang/snappy v0.0.4
github.com/google/go-github/v81 v81.0.0
github.com/google/go-querystring v1.2.0
github.com/hashicorp/go-cleanhttp v0.5.2
github.com/hashicorp/go-hclog v1.6.3
github.com/hashicorp/go-plugin v1.7.0
github.com/hashicorp/go-retryablehttp v0.7.8
github.com/hashicorp/go-version v1.7.0
github.com/hashicorp/yamux v0.1.2
github.com/jellydator/ttlcache/v3 v3.4.0
github.com/joho/godotenv v1.5.1
github.com/josharian/intern v1.0.0
github.com/leodido/go-urn v1.4.0
github.com/lestrrat-go/blackmagic v1.0.4
github.com/lestrrat-go/dsig v1.0.0
github.com/lestrrat-go/httpcc v1.0.1
github.com/lestrrat-go/httprc v1.0.6
github.com/lestrrat-go/httprc/v3 v3.0.1
github.com/lestrrat-go/iter v1.0.2
github.com/lestrrat-go/jwx/v2 v2.1.2
github.com/lestrrat-go/jwx/v3 v3.0.12
github.com/lestrrat-go/option v1.0.1
github.com/lestrrat-go/option/v2 v2.0.0
github.com/lib/pq v1.10.9
github.com/mailru/easyjson v0.7.7
github.com/mattn/go-colorable v0.1.13
github.com/mattn/go-isatty v0.0.20
github.com/mattn/go-sqlite3 v1.14.33
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
github.com/neticdk/go-bitbucket v1.0.5
github.com/oklog/run v1.1.0
github.com/oklog/ulid/v2 v2.1.1
github.com/opencontainers/go-digest v1.0.0
github.com/pelletier/go-toml/v2 v2.2.4
github.com/prometheus/client_golang v1.23.2
github.com/prometheus/client_model v0.6.2
github.com/prometheus/common v0.66.1
github.com/prometheus/procfs v0.16.1
github.com/quic-go/qpack v0.6.0
github.com/quic-go/quic-go v0.57.0
github.com/rs/zerolog v1.34.0
github.com/sirupsen/logrus v1.9.3
github.com/swaggo/files v1.0.1
github.com/swaggo/gin-swagger v1.6.1
github.com/swaggo/swag v1.16.6
github.com/syndtr/goleveldb v1.0.0
github.com/tink-crypto/tink-go/v2 v2.6.0
github.com/ugorji/go/codec v1.3.0
github.com/urfave/cli/v3 v3.6.1
github.com/valyala/fastjson v1.6.4
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
github.com/xeipuuv/gojsonschema v1.2.0
github.com/yaronf/httpsign v0.4.1
gitlab.com/gitlab-org/api/client-go v1.14.0
go.uber.org/multierr v1.11.0
go.yaml.in/yaml/v2 v2.4.3
golang.org/x/crypto v0.47.0
golang.org/x/mod v0.31.0
golang.org/x/net v0.49.0
golang.org/x/oauth2 v0.34.0
golang.org/x/sync v0.19.0
golang.org/x/sys v0.40.0
golang.org/x/term v0.39.0
golang.org/x/text v0.33.0
golang.org/x/time v0.14.0
golang.org/x/tools v0.40.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda
google.golang.org/grpc v1.78.0
google.golang.org/protobuf v1.36.11
gopkg.in/yaml.v3 v3.0.1
src.techknowlogick.com/xormigrate v1.7.1
xorm.io/builder v0.3.13
xorm.io/xorm v1.3.11

code.thinkaboutit.tech/pandora/forgejo:latest (alpine 3.23.4):

Name Version
alpine-baselayout 3.7.2-r0
alpine-baselayout-data 3.7.2-r0
alpine-keys 2.6-r0
alpine-release 3.23.4-r0
apk-tools 3.0.6-r0
bash 5.3.3-r1
brotli-libs 1.2.0-r0
busybox 1.37.0-r30
busybox-binsh 1.37.0-r30
c-ares 1.34.6-r0
ca-certificates 20260413-r0
ca-certificates-bundle 20260413-r0
curl 8.17.0-r1
dumb-init 1.2.5-r3
gdbm 1.26-r0
gettext 0.24.1-r1
gettext-envsubst 0.24.1-r1
gettext-libs 0.24.1-r1
git 2.52.0-r0
git-init-template 2.52.0-r0
gmp 6.3.0-r4
gnupg 2.4.9-r0
gnupg-dirmngr 2.4.9-r0
gnupg-gpgconf 2.4.9-r0
gnupg-keyboxd 2.4.9-r0
gnupg-utils 2.4.9-r0
gnupg-wks-client 2.4.9-r0
gnutls 3.8.12-r0
gpg 2.4.9-r0
gpg-agent 2.4.9-r0
gpg-wks-server 2.4.9-r0
gpgsm 2.4.9-r0
gpgv 2.4.9-r0
libapk 3.0.6-r0
libassuan 3.0.2-r0
libbz2 1.0.8-r6
libcrypto3 3.5.6-r0
libcurl 8.17.0-r1
libedit 20251016.3.1-r0
libexpat 2.7.5-r0
libffi 3.5.2-r0
libgcrypt 1.11.2-r0
libgomp 15.2.0-r2
libgpg-error 1.55-r0
libidn2 2.3.8-r0
libintl 0.24.1-r1
libksba 1.6.7-r0
libldap 2.6.10-r0
libncursesw 6.5_p20251123-r0
libpsl 0.21.5-r3
libsasl 2.1.28-r9
libssl3 3.5.6-r0
libtasn1 4.21.0-r0
libunistring 1.4.1-r0
libxml2 2.13.9-r0
musl 1.2.5-r23
musl-utils 1.2.5-r23
ncurses-terminfo-base 6.5_p20251123-r0
nettle 3.10.2-r0
nghttp2-libs 1.68.0-r0
nghttp3 1.13.1-r0
npth 1.8-r0
openssh-client-common 10.2_p1-r0
openssh-client-default 10.2_p1-r0
openssh-keygen 10.2_p1-r0
p11-kit 0.25.5-r2
pcre2 10.47-r0
pinentry 1.3.2-r0
readline 8.3.1-r0
scanelf 1.3.8-r2
sqlite-libs 3.51.2-r0
ssl_client 1.37.0-r30
xz-libs 5.8.2-r0
zlib 1.3.2-r0
zstd-libs 1.5.7-r2

usr/local/bin/environment-to-ini:

Name Version
stdlib v1.26.2
code.forgejo.org/xorm/xorm v1.3.9-forgejo.10
forgejo.org
github.com/42wim/httpsig v1.2.3
github.com/caddyserver/certmagic v0.24.0
github.com/caddyserver/zerossl v0.1.3
github.com/dustin/go-humanize v1.0.1
github.com/gobwas/glob v0.2.3
github.com/golang-jwt/jwt/v5 v5.3.1
github.com/golang/snappy v0.0.4
github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8
github.com/json-iterator/go v1.1.12
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/klauspost/cpuid/v2 v2.2.11
github.com/libdns/libdns v1.0.0
github.com/mattn/go-isatty v0.0.20
github.com/mholt/acmez/v3 v3.1.2
github.com/miekg/dns v1.1.63
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 v1.0.2
github.com/syndtr/goleveldb v1.0.0
github.com/urfave/cli/v3 v3.7.0
github.com/zeebo/blake3 v0.2.4
go.uber.org/multierr v1.11.0
go.uber.org/zap v1.27.0
go.uber.org/zap/exp v0.3.0
go.yaml.in/yaml/v3 v3.0.4
golang.org/x/crypto v0.49.0
golang.org/x/net v0.52.0
golang.org/x/sys v0.42.0
golang.org/x/text v0.35.0
gopkg.in/ini.v1 v1.67.0
xorm.io/builder v0.3.13
Vulnerabilities

bin/woodpecker-agent:

Package Name Severity Installed version Fixed Version Status Link
github.com/docker/cli HIGH v29.1.4+incompatible 29.2.0 fixed CVE-2025-15558
github.com/docker/docker HIGH v28.5.2+incompatible 29.3.1 fixed CVE-2026-34040
github.com/docker/docker MEDIUM v28.5.2+incompatible 29.3.1 fixed CVE-2026-33997
stdlib HIGH v1.25.5 1.24.12, 1.25.6 fixed CVE-2025-61726
stdlib HIGH v1.25.5 1.24.12, 1.25.6 fixed CVE-2025-61728
stdlib HIGH v1.25.5 1.25.8, 1.26.1 fixed CVE-2026-25679
stdlib HIGH v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32280
stdlib HIGH v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32282
stdlib MEDIUM v1.25.5 1.24.12, 1.25.6 fixed CVE-2025-61730
stdlib MEDIUM v1.25.5 1.25.8, 1.26.1 fixed CVE-2026-27142
stdlib MEDIUM v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32281
stdlib MEDIUM v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32288
stdlib MEDIUM v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32289
stdlib LOW v1.25.5 1.25.8, 1.26.1 fixed CVE-2026-27139
stdlib UNKNOWN v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32283

bin/woodpecker-server:

Package Name Severity Installed version Fixed Version Status Link
filippo.io/edwards25519 LOW v1.1.0 1.1.1 fixed CVE-2026-26958
github.com/docker/cli HIGH v29.1.4+incompatible 29.2.0 fixed CVE-2025-15558
stdlib HIGH v1.25.5 1.24.12, 1.25.6 fixed CVE-2025-61726
stdlib HIGH v1.25.5 1.24.12, 1.25.6 fixed CVE-2025-61728
stdlib HIGH v1.25.5 1.25.8, 1.26.1 fixed CVE-2026-25679
stdlib HIGH v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32280
stdlib HIGH v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32282
stdlib MEDIUM v1.25.5 1.24.12, 1.25.6 fixed CVE-2025-61730
stdlib MEDIUM v1.25.5 1.25.8, 1.26.1 fixed CVE-2026-27142
stdlib MEDIUM v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32281
stdlib MEDIUM v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32288
stdlib MEDIUM v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32289
stdlib LOW v1.25.5 1.25.8, 1.26.1 fixed CVE-2026-27139
stdlib UNKNOWN v1.25.5 1.25.9, 1.26.2 fixed CVE-2026-32283
This issue list updates about vulnerabilites that are detected by [trivy.woodpecker](https://code.thinkaboutit.tech/pandora/trivy.woodpecker) plugin. ## Summary | Severity | Count | | -------- | ----- | | CRITICAL | 0 | | HIGH | 13 | | MEDIUM | 11 | | LOW | 3 | | UNKNOWN | 2 | ## Detected packages and vulnerabilites <details><summary>Packages</summary> **app/gitea/gitea**: | Name | Version | | ---- | ------- | | forgejo.org | 15.0.0+gitea-1.22.0 | | stdlib | v1.26.2 | | cloud.google.com/go/compute/metadata | v0.6.0 | | code.forgejo.org/f3/gof3/v3 | v3.11.15 | | code.forgejo.org/forgejo-contrib/go-libravatar | v0.0.0-20260301104140-add494e31dab | | code.forgejo.org/forgejo/actions-proto | v0.7.0 | | code.forgejo.org/forgejo/go-rpmutils | v1.0.0 | | code.forgejo.org/forgejo/go-xsd-duration | v0.0.0-20220703122237-02e73435a078 | | code.forgejo.org/forgejo/levelqueue | v1.0.0 | | code.forgejo.org/forgejo/reply | v1.0.2 | | code.forgejo.org/forgejo/runner/v12 | v12.8.0 | | code.forgejo.org/forgejo/ssh | v0.0.0-20241211213324-5fc306ca0616 | | code.forgejo.org/go-chi/binding | v1.0.1 | | code.forgejo.org/go-chi/cache | v1.0.1 | | code.forgejo.org/go-chi/captcha | v1.0.2 | | code.forgejo.org/go-chi/session | v1.0.3 | | code.forgejo.org/xorm/xorm | v1.3.9-forgejo.10 | | code.gitea.io/sdk/gitea | v0.21.0 | | code.superseriousbusiness.org/exif-terminator | v0.11.1 | | code.superseriousbusiness.org/go-jpeg-image-structure/v2 | v2.3.0 | | code.superseriousbusiness.org/go-png-image-structure/v2 | v2.3.0 | | codeberg.org/gusted/mcaptcha | v0.0.0-20220723083913-4f3072e1d570 | | connectrpc.com/connect | v1.19.1 | | filippo.io/edwards25519 | v1.1.1 | | github.com/42wim/httpsig | v1.2.3 | | github.com/42wim/sshsig | v0.0.0-20250502153856-5100632e8920 | | github.com/6543/go-version | v1.3.1 | | github.com/Azure/go-ntlmssp | v0.0.0-20221128193559-754e69321358 | | github.com/ProtonMail/go-crypto | v1.4.1 | | github.com/RoaringBitmap/roaring/v2 | v2.4.5 | | github.com/STARRY-S/zip | v0.2.3 | | github.com/SaveTheRbtz/zstd-seekable-format-go/pkg | v0.8.0 | | github.com/alecthomas/chroma/v2 | v2.23.1 | | github.com/andybalholm/brotli | v1.2.0 | | github.com/anmitsu/go-shlex | v0.0.0-20200514113438-38f4b401e2be | | github.com/aymerick/douceur | v0.2.0 | | github.com/beorn7/perks | v1.0.1 | | github.com/bits-and-blooms/bitset | v1.22.0 | | github.com/blakesmith/ar | v0.0.0-20190502131153-809d4375e1fb | | github.com/blevesearch/bleve/v2 | v2.5.7 | | github.com/blevesearch/bleve_index_api | v1.2.11 | | github.com/blevesearch/geo | v0.2.4 | | github.com/blevesearch/go-porterstemmer | v1.0.3 | | github.com/blevesearch/gtreap | v0.1.1 | | github.com/blevesearch/mmap-go | v1.0.4 | | github.com/blevesearch/scorch_segment_api/v2 | v2.3.13 | | github.com/blevesearch/segment | v0.9.1 | | github.com/blevesearch/snowballstem | v0.9.0 | | github.com/blevesearch/upsidedown_store_api | v1.0.2 | | github.com/blevesearch/vellum | v1.1.0 | | github.com/blevesearch/zapx/v11 | v11.4.2 | | github.com/blevesearch/zapx/v12 | v12.4.2 | | github.com/blevesearch/zapx/v13 | v13.4.2 | | github.com/blevesearch/zapx/v14 | v14.4.2 | | github.com/blevesearch/zapx/v15 | v15.4.2 | | github.com/blevesearch/zapx/v16 | v16.2.8 | | github.com/bmatcuk/doublestar/v4 | v4.9.1 | | github.com/bodgit/plumbing | v1.3.0 | | github.com/bodgit/sevenzip | v1.6.1 | | github.com/bodgit/windows | v1.0.1 | | github.com/boombuler/barcode | v1.0.1 | | github.com/bradfitz/gomemcache | v0.0.0-20250403215159-8d39553ac7cf | | github.com/buildkite/terminal-to-html/v3 | v3.16.8 | | github.com/caddyserver/certmagic | v0.24.0 | | github.com/caddyserver/zerossl | v0.1.3 | | github.com/cention-sany/utf7 | v0.0.0-20170124080048-26cad61bd60a | | github.com/cespare/xxhash/v2 | v2.3.0 | | github.com/chi-middleware/proxy | v1.1.1 | | github.com/cloudflare/circl | v1.6.3 | | github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | | github.com/dgryski/go-rendezvous | v0.0.0-20200823014737-9f7001d12a5f | | github.com/djherbis/buffer | v1.2.0 | | github.com/djherbis/nio/v3 | v3.0.1 | | github.com/dlclark/regexp2 | v1.11.5 | | github.com/dsnet/compress | v0.0.2-0.20230904184137-39efe44ab707 | | github.com/dsoprea/go-exif/v3 | v3.0.1 | | github.com/dsoprea/go-iptc | v0.0.0-20200609062250-162ae6b44feb | | github.com/dsoprea/go-logging | v0.0.0-20200710184922-b02d349568dd | | github.com/dsoprea/go-photoshop-info-format | v0.0.0-20200609050348-3db9b63b202c | | github.com/dsoprea/go-utility/v2 | v2.0.0-20221003172846-a3e1774ef349 | | github.com/dustin/go-humanize | v1.0.1 | | github.com/editorconfig/editorconfig-core-go/v2 | v2.6.4 | | github.com/emersion/go-imap | v1.2.1 | | github.com/emersion/go-sasl | v0.0.0-20231106173351-e73c9f7bad43 | | github.com/fatih/color | v1.18.0 | | github.com/felixge/fgprof | v0.9.5 | | github.com/fsnotify/fsnotify | v1.9.0 | | github.com/fxamacker/cbor/v2 | v2.9.0 | | github.com/go-ap/activitypub | v0.0.0-20231114162308-e219254dc5c9 | | github.com/go-ap/errors | v0.0.0-20231003111023-183eef4b31b7 | | github.com/go-ap/jsonld | v0.0.0-20251216162253-e38fa664ea77 | | github.com/go-asn1-ber/asn1-ber | v1.5.8-0.20250403174932-29230038a667 | | github.com/go-chi/chi/v5 | v5.2.5 | | github.com/go-chi/cors | v1.2.2 | | github.com/go-co-op/gocron | v1.37.0 | | github.com/go-enry/go-enry/v2 | v2.9.5 | | github.com/go-errors/errors | v1.4.2 | | github.com/go-fed/httpsig | v1.1.0 | | github.com/go-git/gcfg | v1.5.1-0.20230307220236-3a3c6141e376 | | github.com/go-git/go-billy/v5 | v5.8.0 | | github.com/go-git/go-git/v5 | v5.17.1 | | github.com/go-ini/ini | v1.67.0 | | github.com/go-ldap/ldap/v3 | v3.4.12 | | github.com/go-sql-driver/mysql | v1.9.3 | | github.com/go-viper/mapstructure/v2 | v2.5.0 | | github.com/go-webauthn/webauthn | v0.16.1 | | github.com/go-webauthn/x | v0.2.2 | | github.com/go-xmlfmt/xmlfmt | v0.0.0-20191208150333-d5b6f63a941b | | github.com/gobwas/glob | v0.2.3 | | github.com/gogs/chardet | v0.0.0-20211120154057-b7413eaefb8f | | github.com/gogs/go-gogs-client | v0.0.0-20210131175652-1d7215cd8d85 | | github.com/golang-jwt/jwt/v5 | v5.3.1 | | github.com/golang/freetype | v0.0.0-20170609003504-e2365dfdc4a0 | | github.com/golang/geo | v0.0.0-20210211234256-740aa86cb551 | | github.com/golang/snappy | v0.0.4 | | github.com/google/btree | v1.1.3 | | github.com/google/go-cmp | v0.7.0 | | github.com/google/go-github/v81 | v81.0.0 | | github.com/google/go-querystring | v1.1.0 | | github.com/google/go-tpm | v0.9.8 | | github.com/google/pprof | v0.0.0-20251114195745-4902fdda35c8 | | github.com/google/uuid | v1.6.0 | | github.com/gorilla/css | v1.0.1 | | github.com/gorilla/feeds | v1.2.0 | | github.com/gorilla/mux | v1.8.1 | | github.com/gorilla/securecookie | v1.1.2 | | github.com/gorilla/sessions | v1.4.0 | | github.com/hashicorp/go-cleanhttp | v0.5.2 | | github.com/hashicorp/go-retryablehttp | v0.7.8 | | github.com/hashicorp/golang-lru/v2 | v2.0.7 | | github.com/huandu/xstrings | v1.5.0 | | github.com/inbucket/html2text | v0.9.0 | | github.com/jackc/pgpassfile | v1.0.0 | | github.com/jackc/pgservicefile | v0.0.0-20240606120523-5a60cdf6a761 | | github.com/jackc/pgx/v5 | v5.9.1 | | github.com/jackc/puddle/v2 | v2.2.2 | | github.com/jbenet/go-context | v0.0.0-20150711004518-d14ea06fba99 | | github.com/jhillyerd/enmime/v2 | v2.2.0 | | github.com/josharian/intern | v1.0.0 | | github.com/json-iterator/go | v1.1.12 | | github.com/kballard/go-shellquote | v0.0.0-20180428030007-95032a82bc51 | | github.com/klauspost/compress | v1.18.4 | | github.com/klauspost/cpuid/v2 | v2.2.11 | | github.com/klauspost/crc32 | v1.3.0 | | github.com/klauspost/pgzip | v1.2.6 | | github.com/lib/pq | v1.11.2 | | github.com/libdns/libdns | v1.0.0 | | github.com/mailru/easyjson | v0.9.0 | | github.com/markbates/going | v1.0.3 | | github.com/markbates/goth | v1.82.0 | | github.com/mattn/go-colorable | v0.1.14 | | github.com/mattn/go-isatty | v0.0.20 | | github.com/mattn/go-runewidth | v0.0.17 | | github.com/mattn/go-shellwords | v1.0.12 | | github.com/mattn/go-sqlite3 | v1.14.40 | | github.com/meilisearch/meilisearch-go | v0.36.0 | | github.com/mholt/acmez/v3 | v3.1.2 | | github.com/mholt/archives | v0.1.5 | | github.com/microcosm-cc/bluemonday | v1.0.27 | | github.com/miekg/dns | v1.1.63 | | github.com/mikelolasagasti/xz | v1.0.1 | | github.com/minio/crc64nvme | v1.1.1 | | github.com/minio/md5-simd | v1.1.2 | | github.com/minio/minio-go/v7 | v7.0.99 | | github.com/minio/minlz | v1.0.1 | | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | | github.com/modern-go/reflect2 | v1.0.2 | | github.com/mrjones/oauth | v0.0.0-20190623134757-126b35219450 | | github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | | github.com/niklasfasching/go-org | v1.9.1 | | github.com/nwaples/rardecode/v2 | v2.2.0 | | github.com/olekukonko/errors | v1.1.0 | | github.com/olekukonko/ll | v0.0.9 | | github.com/olekukonko/tablewriter | v1.0.7 | | github.com/olivere/elastic/v7 | v7.0.32 | | github.com/opencontainers/go-digest | v1.0.0 | | github.com/opencontainers/image-spec | v1.1.1 | | github.com/philhofer/fwd | v1.2.0 | | github.com/pierrec/lz4/v4 | v4.1.22 | | github.com/pkg/errors | v0.9.1 | | github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | | github.com/pquerna/otp | v1.5.0 | | github.com/prometheus/client_golang | v1.21.1 | | github.com/prometheus/client_model | v0.6.1 | | github.com/prometheus/common | v0.62.0 | | github.com/prometheus/procfs | v0.15.1 | | github.com/redis/go-redis/v9 | v9.17.3 | | github.com/rhysd/actionlint | v1.7.10 | | github.com/rivo/uniseg | v0.4.7 | | github.com/robfig/cron/v3 | v3.0.1 | | github.com/rs/xid | v1.6.0 | | github.com/santhosh-tekuri/jsonschema/v6 | v6.0.2 | | github.com/sergi/go-diff | v1.4.0 | | github.com/sirupsen/logrus | v1.9.4 | | github.com/sorairolake/lzip-go | v0.3.8 | | github.com/spf13/afero | v1.15.0 | | github.com/ssor/bom | v0.0.0-20170718123548-6386211fdfcf | | github.com/stretchr/objx | v0.5.2 | | github.com/stretchr/testify | v1.11.1 | | github.com/syndtr/goleveldb | v1.0.0 | | github.com/tinylib/msgp | v1.6.1 | | github.com/ulikunitz/xz | v0.5.15 | | github.com/urfave/cli/v3 | v3.7.0 | | github.com/valyala/fastjson | v1.6.10 | | github.com/x448/float16 | v0.8.4 | | github.com/yohcop/openid-go | v1.0.1 | | github.com/yuin/goldmark | v1.7.17 | | github.com/yuin/goldmark-highlighting/v2 | v2.0.0-20230729083705-37449abec8cc | | github.com/zeebo/blake3 | v0.2.4 | | gitlab.com/gitlab-org/api/client-go | v0.143.2 | | go.etcd.io/bbolt | v1.4.3 | | go.uber.org/atomic | v1.11.0 | | go.uber.org/multierr | v1.11.0 | | go.uber.org/zap | v1.27.0 | | go.uber.org/zap/exp | v0.3.0 | | go.yaml.in/yaml/v3 | v3.0.4 | | go.yaml.in/yaml/v4 | v4.0.0-rc.3 | | go4.org | v0.0.0-20230225012048-214862532bf5 | | golang.org/x/crypto | v0.49.0 | | golang.org/x/image | v0.38.0 | | golang.org/x/mod | v0.33.0 | | golang.org/x/net | v0.52.0 | | golang.org/x/oauth2 | v0.36.0 | | golang.org/x/sync | v0.20.0 | | golang.org/x/sys | v0.42.0 | | golang.org/x/text | v0.35.0 | | golang.org/x/time | v0.15.0 | | google.golang.org/protobuf | v1.36.11 | | gopkg.in/gomail.v2 | v2.0.0-20160411212932-81ebce5c23df | | gopkg.in/ini.v1 | v1.67.0 | | gopkg.in/warnings.v0 | v0.1.2 | | gopkg.in/yaml.v2 | v2.4.0 | | gopkg.in/yaml.v3 | v3.0.1 | | mvdan.cc/xurls/v2 | v2.6.0 | | xorm.io/builder | v0.3.13 | **bin/woodpecker-agent**: | Name | Version | | ---- | ------- | | go.woodpecker-ci.org/woodpecker/v3 | v3.13.0 | | stdlib | v1.25.5 | | al.essio.dev/pkg/shellescape | v1.6.0 | | github.com/6543/logfile-open | v1.2.1 | | github.com/cenkalti/backoff/v5 | v5.0.3 | | github.com/containerd/errdefs | v1.0.0 | | github.com/containerd/errdefs/pkg | v0.3.0 | | github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | | github.com/distribution/reference | v0.6.0 | | github.com/docker/cli | v29.1.4+incompatible | | github.com/docker/docker | v28.5.2+incompatible | | github.com/docker/docker-credential-helpers | v0.8.0 | | github.com/docker/go-connections | v0.6.0 | | github.com/docker/go-units | v0.5.0 | | github.com/drone/envsubst | v1.0.3 | | github.com/emicklei/go-restful/v3 | v3.12.2 | | github.com/fatih/color | v1.18.0 | | github.com/felixge/httpsnoop | v1.0.4 | | github.com/fxamacker/cbor/v2 | v2.9.0 | | github.com/go-logr/logr | v1.4.3 | | github.com/go-logr/stdr | v1.2.2 | | github.com/go-openapi/jsonpointer | v0.21.0 | | github.com/go-openapi/jsonreference | v0.21.0 | | github.com/go-openapi/swag | v0.23.0 | | github.com/go-viper/mapstructure/v2 | v2.5.0 | | github.com/google/gnostic-models | v0.7.0 | | github.com/google/uuid | v1.6.0 | | github.com/hashicorp/go-hclog | v1.6.3 | | github.com/joho/godotenv | v1.5.1 | | github.com/josharian/intern | v1.0.0 | | github.com/json-iterator/go | v1.1.12 | | github.com/mailru/easyjson | v0.7.7 | | github.com/mattn/go-colorable | v0.1.13 | | github.com/mattn/go-isatty | v0.0.20 | | github.com/moby/docker-image-spec | v1.3.1 | | github.com/moby/term | v0.5.2 | | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | | github.com/modern-go/reflect2 | v1.0.3-0.20250322232337-35a7c28c31ee | | github.com/morikuni/aec | v1.0.0 | | github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | | github.com/oklog/ulid/v2 | v2.1.1 | | github.com/opencontainers/go-digest | v1.0.0 | | github.com/opencontainers/image-spec | v1.0.2 | | github.com/pkg/errors | v0.9.1 | | github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | | github.com/rs/zerolog | v1.34.0 | | github.com/sirupsen/logrus | v1.9.3 | | github.com/spf13/pflag | v1.0.9 | | github.com/urfave/cli/v3 | v3.6.1 | | github.com/x448/float16 | v0.8.4 | | go.opentelemetry.io/auto/sdk | v1.2.1 | | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.54.0 | | go.opentelemetry.io/otel | v1.38.0 | | go.opentelemetry.io/otel/metric | v1.38.0 | | go.opentelemetry.io/otel/trace | v1.38.0 | | go.yaml.in/yaml/v2 | v2.4.3 | | go.yaml.in/yaml/v3 | v3.0.4 | | golang.org/x/net | v0.49.0 | | golang.org/x/oauth2 | v0.34.0 | | golang.org/x/sync | v0.19.0 | | golang.org/x/sys | v0.40.0 | | golang.org/x/term | v0.39.0 | | golang.org/x/text | v0.33.0 | | golang.org/x/time | v0.14.0 | | google.golang.org/genproto/googleapis/rpc | v0.0.0-20251029180050-ab9386a59fda | | google.golang.org/grpc | v1.78.0 | | google.golang.org/protobuf | v1.36.11 | | gopkg.in/evanphx/json-patch.v4 | v4.13.0 | | gopkg.in/inf.v0 | v0.9.1 | | gopkg.in/yaml.v3 | v3.0.1 | | k8s.io/api | v0.35.0 | | k8s.io/apimachinery | v0.35.0 | | k8s.io/client-go | v0.35.0 | | k8s.io/klog/v2 | v2.130.1 | | k8s.io/kube-openapi | v0.0.0-20250910181357-589584f1c912 | | k8s.io/utils | v0.0.0-20251002143259-bc988d571ff4 | | sigs.k8s.io/json | v0.0.0-20250730193827-2d320260d730 | | sigs.k8s.io/randfill | v1.0.0 | | sigs.k8s.io/structured-merge-diff/v6 | v6.3.0 | | sigs.k8s.io/yaml | v1.6.0 | **bin/woodpecker-server**: | Name | Version | | ---- | ------- | | go.woodpecker-ci.org/woodpecker/v3 | v3.13.0 | | stdlib | v1.25.5 | | code.gitea.io/sdk/gitea | v0.22.1 | | codeberg.org/6543/go-yaml2json | v1.0.0 | | codeberg.org/6543/xyaml | v1.1.0 | | codeberg.org/mvdkleijn/forgejo-sdk/forgejo/v2 | v2.2.0 | | filippo.io/edwards25519 | v1.1.0 | | github.com/42wim/httpsig | v1.2.3 | | github.com/6543/logfile-open | v1.2.1 | | github.com/KyleBanks/depth | v1.2.1 | | github.com/beorn7/perks | v1.0.1 | | github.com/bmatcuk/doublestar/v4 | v4.9.2 | | github.com/cenkalti/backoff/v5 | v5.0.3 | | github.com/cespare/xxhash/v2 | v2.3.0 | | github.com/distribution/reference | v0.6.0 | | github.com/docker/cli | v29.1.4+incompatible | | github.com/docker/docker-credential-helpers | v0.8.0 | | github.com/docker/go-units | v0.5.0 | | github.com/drone/envsubst | v1.0.3 | | github.com/dunglas/httpsfv | v1.0.2 | | github.com/expr-lang/expr | v1.17.7 | | github.com/fatih/color | v1.18.0 | | github.com/gabriel-vasile/mimetype | v1.4.8 | | github.com/gdgvda/cron | v0.6.0 | | github.com/gin-contrib/sse | v1.1.0 | | github.com/gin-gonic/gin | v1.11.0 | | github.com/go-fed/httpsig | v1.1.0 | | github.com/go-openapi/jsonpointer | v0.21.0 | | github.com/go-openapi/jsonreference | v0.21.0 | | github.com/go-openapi/spec | v0.21.0 | | github.com/go-openapi/swag | v0.23.0 | | github.com/go-playground/locales | v0.14.1 | | github.com/go-playground/universal-translator | v0.18.1 | | github.com/go-playground/validator/v10 | v10.27.0 | | github.com/go-sql-driver/mysql | v1.9.3 | | github.com/goccy/go-yaml | v1.18.0 | | github.com/golang-jwt/jwt/v5 | v5.3.0 | | github.com/golang/protobuf | v1.5.4 | | github.com/golang/snappy | v0.0.4 | | github.com/google/go-github/v81 | v81.0.0 | | github.com/google/go-querystring | v1.2.0 | | github.com/hashicorp/go-cleanhttp | v0.5.2 | | github.com/hashicorp/go-hclog | v1.6.3 | | github.com/hashicorp/go-plugin | v1.7.0 | | github.com/hashicorp/go-retryablehttp | v0.7.8 | | github.com/hashicorp/go-version | v1.7.0 | | github.com/hashicorp/yamux | v0.1.2 | | github.com/jellydator/ttlcache/v3 | v3.4.0 | | github.com/joho/godotenv | v1.5.1 | | github.com/josharian/intern | v1.0.0 | | github.com/leodido/go-urn | v1.4.0 | | github.com/lestrrat-go/blackmagic | v1.0.4 | | github.com/lestrrat-go/dsig | v1.0.0 | | github.com/lestrrat-go/httpcc | v1.0.1 | | github.com/lestrrat-go/httprc | v1.0.6 | | github.com/lestrrat-go/httprc/v3 | v3.0.1 | | github.com/lestrrat-go/iter | v1.0.2 | | github.com/lestrrat-go/jwx/v2 | v2.1.2 | | github.com/lestrrat-go/jwx/v3 | v3.0.12 | | github.com/lestrrat-go/option | v1.0.1 | | github.com/lestrrat-go/option/v2 | v2.0.0 | | github.com/lib/pq | v1.10.9 | | github.com/mailru/easyjson | v0.7.7 | | github.com/mattn/go-colorable | v0.1.13 | | github.com/mattn/go-isatty | v0.0.20 | | github.com/mattn/go-sqlite3 | v1.14.33 | | github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | | github.com/neticdk/go-bitbucket | v1.0.5 | | github.com/oklog/run | v1.1.0 | | github.com/oklog/ulid/v2 | v2.1.1 | | github.com/opencontainers/go-digest | v1.0.0 | | github.com/pelletier/go-toml/v2 | v2.2.4 | | github.com/prometheus/client_golang | v1.23.2 | | github.com/prometheus/client_model | v0.6.2 | | github.com/prometheus/common | v0.66.1 | | github.com/prometheus/procfs | v0.16.1 | | github.com/quic-go/qpack | v0.6.0 | | github.com/quic-go/quic-go | v0.57.0 | | github.com/rs/zerolog | v1.34.0 | | github.com/sirupsen/logrus | v1.9.3 | | github.com/swaggo/files | v1.0.1 | | github.com/swaggo/gin-swagger | v1.6.1 | | github.com/swaggo/swag | v1.16.6 | | github.com/syndtr/goleveldb | v1.0.0 | | github.com/tink-crypto/tink-go/v2 | v2.6.0 | | github.com/ugorji/go/codec | v1.3.0 | | github.com/urfave/cli/v3 | v3.6.1 | | github.com/valyala/fastjson | v1.6.4 | | github.com/xeipuuv/gojsonpointer | v0.0.0-20190905194746-02993c407bfb | | github.com/xeipuuv/gojsonreference | v0.0.0-20180127040603-bd5ef7bd5415 | | github.com/xeipuuv/gojsonschema | v1.2.0 | | github.com/yaronf/httpsign | v0.4.1 | | gitlab.com/gitlab-org/api/client-go | v1.14.0 | | go.uber.org/multierr | v1.11.0 | | go.yaml.in/yaml/v2 | v2.4.3 | | golang.org/x/crypto | v0.47.0 | | golang.org/x/mod | v0.31.0 | | golang.org/x/net | v0.49.0 | | golang.org/x/oauth2 | v0.34.0 | | golang.org/x/sync | v0.19.0 | | golang.org/x/sys | v0.40.0 | | golang.org/x/term | v0.39.0 | | golang.org/x/text | v0.33.0 | | golang.org/x/time | v0.14.0 | | golang.org/x/tools | v0.40.0 | | google.golang.org/genproto/googleapis/rpc | v0.0.0-20251029180050-ab9386a59fda | | google.golang.org/grpc | v1.78.0 | | google.golang.org/protobuf | v1.36.11 | | gopkg.in/yaml.v3 | v3.0.1 | | src.techknowlogick.com/xormigrate | v1.7.1 | | xorm.io/builder | v0.3.13 | | xorm.io/xorm | v1.3.11 | **code.thinkaboutit.tech/pandora/forgejo:latest (alpine 3.23.4)**: | Name | Version | | ---- | ------- | | alpine-baselayout | 3.7.2-r0 | | alpine-baselayout-data | 3.7.2-r0 | | alpine-keys | 2.6-r0 | | alpine-release | 3.23.4-r0 | | apk-tools | 3.0.6-r0 | | bash | 5.3.3-r1 | | brotli-libs | 1.2.0-r0 | | busybox | 1.37.0-r30 | | busybox-binsh | 1.37.0-r30 | | c-ares | 1.34.6-r0 | | ca-certificates | 20260413-r0 | | ca-certificates-bundle | 20260413-r0 | | curl | 8.17.0-r1 | | dumb-init | 1.2.5-r3 | | gdbm | 1.26-r0 | | gettext | 0.24.1-r1 | | gettext-envsubst | 0.24.1-r1 | | gettext-libs | 0.24.1-r1 | | git | 2.52.0-r0 | | git-init-template | 2.52.0-r0 | | gmp | 6.3.0-r4 | | gnupg | 2.4.9-r0 | | gnupg-dirmngr | 2.4.9-r0 | | gnupg-gpgconf | 2.4.9-r0 | | gnupg-keyboxd | 2.4.9-r0 | | gnupg-utils | 2.4.9-r0 | | gnupg-wks-client | 2.4.9-r0 | | gnutls | 3.8.12-r0 | | gpg | 2.4.9-r0 | | gpg-agent | 2.4.9-r0 | | gpg-wks-server | 2.4.9-r0 | | gpgsm | 2.4.9-r0 | | gpgv | 2.4.9-r0 | | libapk | 3.0.6-r0 | | libassuan | 3.0.2-r0 | | libbz2 | 1.0.8-r6 | | libcrypto3 | 3.5.6-r0 | | libcurl | 8.17.0-r1 | | libedit | 20251016.3.1-r0 | | libexpat | 2.7.5-r0 | | libffi | 3.5.2-r0 | | libgcrypt | 1.11.2-r0 | | libgomp | 15.2.0-r2 | | libgpg-error | 1.55-r0 | | libidn2 | 2.3.8-r0 | | libintl | 0.24.1-r1 | | libksba | 1.6.7-r0 | | libldap | 2.6.10-r0 | | libncursesw | 6.5_p20251123-r0 | | libpsl | 0.21.5-r3 | | libsasl | 2.1.28-r9 | | libssl3 | 3.5.6-r0 | | libtasn1 | 4.21.0-r0 | | libunistring | 1.4.1-r0 | | libxml2 | 2.13.9-r0 | | musl | 1.2.5-r23 | | musl-utils | 1.2.5-r23 | | ncurses-terminfo-base | 6.5_p20251123-r0 | | nettle | 3.10.2-r0 | | nghttp2-libs | 1.68.0-r0 | | nghttp3 | 1.13.1-r0 | | npth | 1.8-r0 | | openssh-client-common | 10.2_p1-r0 | | openssh-client-default | 10.2_p1-r0 | | openssh-keygen | 10.2_p1-r0 | | p11-kit | 0.25.5-r2 | | pcre2 | 10.47-r0 | | pinentry | 1.3.2-r0 | | readline | 8.3.1-r0 | | scanelf | 1.3.8-r2 | | sqlite-libs | 3.51.2-r0 | | ssl_client | 1.37.0-r30 | | xz-libs | 5.8.2-r0 | | zlib | 1.3.2-r0 | | zstd-libs | 1.5.7-r2 | **usr/local/bin/environment-to-ini**: | Name | Version | | ---- | ------- | | stdlib | v1.26.2 | | code.forgejo.org/xorm/xorm | v1.3.9-forgejo.10 | | forgejo.org | | | github.com/42wim/httpsig | v1.2.3 | | github.com/caddyserver/certmagic | v0.24.0 | | github.com/caddyserver/zerossl | v0.1.3 | | github.com/dustin/go-humanize | v1.0.1 | | github.com/gobwas/glob | v0.2.3 | | github.com/golang-jwt/jwt/v5 | v5.3.1 | | github.com/golang/snappy | v0.0.4 | | github.com/google/pprof | v0.0.0-20251114195745-4902fdda35c8 | | github.com/json-iterator/go | v1.1.12 | | github.com/kballard/go-shellquote | v0.0.0-20180428030007-95032a82bc51 | | github.com/klauspost/cpuid/v2 | v2.2.11 | | github.com/libdns/libdns | v1.0.0 | | github.com/mattn/go-isatty | v0.0.20 | | github.com/mholt/acmez/v3 | v3.1.2 | | github.com/miekg/dns | v1.1.63 | | github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | | github.com/modern-go/reflect2 | v1.0.2 | | github.com/syndtr/goleveldb | v1.0.0 | | github.com/urfave/cli/v3 | v3.7.0 | | github.com/zeebo/blake3 | v0.2.4 | | go.uber.org/multierr | v1.11.0 | | go.uber.org/zap | v1.27.0 | | go.uber.org/zap/exp | v0.3.0 | | go.yaml.in/yaml/v3 | v3.0.4 | | golang.org/x/crypto | v0.49.0 | | golang.org/x/net | v0.52.0 | | golang.org/x/sys | v0.42.0 | | golang.org/x/text | v0.35.0 | | gopkg.in/ini.v1 | v1.67.0 | | xorm.io/builder | v0.3.13 | </details> <details><summary>Vulnerabilities</summary> **bin/woodpecker-agent**: | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | github.com/docker/cli | HIGH | v29.1.4+incompatible | 29.2.0 | fixed | [CVE-2025-15558](https://avd.aquasec.com/nvd/cve-2025-15558) | | github.com/docker/docker | HIGH | v28.5.2+incompatible | 29.3.1 | fixed | [CVE-2026-34040](https://avd.aquasec.com/nvd/cve-2026-34040) | | github.com/docker/docker | MEDIUM | v28.5.2+incompatible | 29.3.1 | fixed | [CVE-2026-33997](https://avd.aquasec.com/nvd/cve-2026-33997) | | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | fixed | [CVE-2025-61726](https://avd.aquasec.com/nvd/cve-2025-61726) | | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | fixed | [CVE-2025-61728](https://avd.aquasec.com/nvd/cve-2025-61728) | | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | fixed | [CVE-2026-25679](https://avd.aquasec.com/nvd/cve-2026-25679) | | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32280](https://avd.aquasec.com/nvd/cve-2026-32280) | | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32282](https://avd.aquasec.com/nvd/cve-2026-32282) | | stdlib | MEDIUM | v1.25.5 | 1.24.12, 1.25.6 | fixed | [CVE-2025-61730](https://avd.aquasec.com/nvd/cve-2025-61730) | | stdlib | MEDIUM | v1.25.5 | 1.25.8, 1.26.1 | fixed | [CVE-2026-27142](https://avd.aquasec.com/nvd/cve-2026-27142) | | stdlib | MEDIUM | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32281](https://avd.aquasec.com/nvd/cve-2026-32281) | | stdlib | MEDIUM | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32288](https://avd.aquasec.com/nvd/cve-2026-32288) | | stdlib | MEDIUM | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32289](https://avd.aquasec.com/nvd/cve-2026-32289) | | stdlib | LOW | v1.25.5 | 1.25.8, 1.26.1 | fixed | [CVE-2026-27139](https://avd.aquasec.com/nvd/cve-2026-27139) | | stdlib | UNKNOWN | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32283](https://avd.aquasec.com/nvd/cve-2026-32283) | **bin/woodpecker-server**: | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | filippo.io/edwards25519 | LOW | v1.1.0 | 1.1.1 | fixed | [CVE-2026-26958](https://avd.aquasec.com/nvd/cve-2026-26958) | | github.com/docker/cli | HIGH | v29.1.4+incompatible | 29.2.0 | fixed | [CVE-2025-15558](https://avd.aquasec.com/nvd/cve-2025-15558) | | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | fixed | [CVE-2025-61726](https://avd.aquasec.com/nvd/cve-2025-61726) | | stdlib | HIGH | v1.25.5 | 1.24.12, 1.25.6 | fixed | [CVE-2025-61728](https://avd.aquasec.com/nvd/cve-2025-61728) | | stdlib | HIGH | v1.25.5 | 1.25.8, 1.26.1 | fixed | [CVE-2026-25679](https://avd.aquasec.com/nvd/cve-2026-25679) | | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32280](https://avd.aquasec.com/nvd/cve-2026-32280) | | stdlib | HIGH | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32282](https://avd.aquasec.com/nvd/cve-2026-32282) | | stdlib | MEDIUM | v1.25.5 | 1.24.12, 1.25.6 | fixed | [CVE-2025-61730](https://avd.aquasec.com/nvd/cve-2025-61730) | | stdlib | MEDIUM | v1.25.5 | 1.25.8, 1.26.1 | fixed | [CVE-2026-27142](https://avd.aquasec.com/nvd/cve-2026-27142) | | stdlib | MEDIUM | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32281](https://avd.aquasec.com/nvd/cve-2026-32281) | | stdlib | MEDIUM | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32288](https://avd.aquasec.com/nvd/cve-2026-32288) | | stdlib | MEDIUM | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32289](https://avd.aquasec.com/nvd/cve-2026-32289) | | stdlib | LOW | v1.25.5 | 1.25.8, 1.26.1 | fixed | [CVE-2026-27139](https://avd.aquasec.com/nvd/cve-2026-27139) | | stdlib | UNKNOWN | v1.25.5 | 1.25.9, 1.26.2 | fixed | [CVE-2026-32283](https://avd.aquasec.com/nvd/cve-2026-32283) | </details>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pandora/forgejo-woodpecker.image-copy#4
No description provided.