pandora/image-copy.woodpecker
3
0
Fork 0
generated from pandora/woodpecker-plugin.template
Code Issues 4 Pull requests Projects Releases 10 Packages 1 Wiki Activity Actions

Vulnerability dashboard #1

New issue
Open
opened 2026-04-12 01:28:05 +00:00 by bot-ci · 0 comments
bot-ci commented 2026-04-12 01:28:05 +00:00
Owner
Copy link

This issue list updates about vulnerabilities that are detected by trivy.woodpecker plugin.

Summary

Severity Count
CRITICAL 0
HIGH 1
MEDIUM 2
LOW 0
UNKNOWN 0

Detected packages and vulnerabilities

Packages

code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest (debian 13.5)

code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest

Name Version
base-files 13.8+deb13u5
media-types 13.0.0
netbase 6.5
tzdata 2026b
tzdata-legacy 2026b

go.mod

https://code.thinkaboutit.tech/pandora/image-copy.woodpecker

Name Version
code.thinkaboutit.tech/pandora/skopeo.woodpecker
code.thinkaboutit.tech/pandora/woodpecker-utils.gopack v1.4.0
github.com/google/go-containerregistry v0.21.6
github.com/docker/cli v29.4.3+incompatible
github.com/docker/docker-credential-helpers v0.9.5
github.com/klauspost/compress v1.18.6
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
github.com/sirupsen/logrus v1.9.4
golang.org/x/sync v0.20.0
golang.org/x/sys v0.44.0
gotest.tools/v3 v3.5.2

usr/local/bin/image-copy.woodpecker

code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest

Name Version
code.thinkaboutit.tech/pandora/skopeo.woodpecker 1.2.0-SNAPSHOT-bab0a2f
stdlib v1.26.3
code.thinkaboutit.tech/pandora/woodpecker-utils.gopack v1.4.0
github.com/docker/cli v29.4.3+incompatible
github.com/docker/docker-credential-helpers v0.9.5
github.com/google/go-containerregistry v0.21.6
github.com/klauspost/compress v1.18.6
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
github.com/sirupsen/logrus v1.9.4
golang.org/x/sync v0.20.0
golang.org/x/sys v0.44.0
Vulnerabilities

usr/local/bin/image-copy.woodpecker

code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest

Package Name Severity Installed version Fixed Version Status Link
stdlib HIGH v1.26.3 1.25.11, 1.26.4 fixed CVE-2026-42504
stdlib MEDIUM v1.26.3 1.25.11, 1.26.4 fixed CVE-2026-27145
stdlib MEDIUM v1.26.3 1.25.11, 1.26.4 fixed CVE-2026-42507
This issue list updates about vulnerabilities that are detected by [trivy.woodpecker](https://code.thinkaboutit.tech/pandora/trivy.woodpecker) plugin. ## Summary | Severity | Count | | -------- | ----- | | CRITICAL | 0 | | HIGH | 1 | | MEDIUM | 2 | | LOW | 0 | | UNKNOWN | 0 | ## Detected packages and vulnerabilities <details><summary>Packages</summary> ### code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest (debian 13.5) **code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest** | Name | Version | | ---- | ------- | | base-files | 13.8+deb13u5 | | media-types | 13.0.0 | | netbase | 6.5 | | tzdata | 2026b | | tzdata-legacy | 2026b | ### go.mod **https://code.thinkaboutit.tech/pandora/image-copy.woodpecker** | Name | Version | | ---- | ------- | | code.thinkaboutit.tech/pandora/skopeo.woodpecker | | | code.thinkaboutit.tech/pandora/woodpecker-utils.gopack | v1.4.0 | | github.com/google/go-containerregistry | v0.21.6 | | github.com/docker/cli | v29.4.3+incompatible | | github.com/docker/docker-credential-helpers | v0.9.5 | | github.com/klauspost/compress | v1.18.6 | | github.com/opencontainers/go-digest | v1.0.0 | | github.com/opencontainers/image-spec | v1.1.1 | | github.com/sirupsen/logrus | v1.9.4 | | golang.org/x/sync | v0.20.0 | | golang.org/x/sys | v0.44.0 | | gotest.tools/v3 | v3.5.2 | ### usr/local/bin/image-copy.woodpecker **code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest** | Name | Version | | ---- | ------- | | code.thinkaboutit.tech/pandora/skopeo.woodpecker | 1.2.0-SNAPSHOT-bab0a2f | | stdlib | v1.26.3 | | code.thinkaboutit.tech/pandora/woodpecker-utils.gopack | v1.4.0 | | github.com/docker/cli | v29.4.3+incompatible | | github.com/docker/docker-credential-helpers | v0.9.5 | | github.com/google/go-containerregistry | v0.21.6 | | github.com/klauspost/compress | v1.18.6 | | github.com/opencontainers/go-digest | v1.0.0 | | github.com/opencontainers/image-spec | v1.1.1 | | github.com/sirupsen/logrus | v1.9.4 | | golang.org/x/sync | v0.20.0 | | golang.org/x/sys | v0.44.0 | </details> <details><summary>Vulnerabilities</summary> ### usr/local/bin/image-copy.woodpecker **code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest** | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | stdlib | HIGH | v1.26.3 | 1.25.11, 1.26.4 | fixed | [CVE-2026-42504](https://avd.aquasec.com/nvd/cve-2026-42504) | | stdlib | MEDIUM | v1.26.3 | 1.25.11, 1.26.4 | fixed | [CVE-2026-27145](https://avd.aquasec.com/nvd/cve-2026-27145) | | stdlib | MEDIUM | v1.26.3 | 1.25.11, 1.26.4 | fixed | [CVE-2026-42507](https://avd.aquasec.com/nvd/cve-2026-42507) | </details>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pandora/image-copy.woodpecker#1
No description provided.