pandora/notfysh.image-copy
3
0
Fork 0
generated from pandora/image-copy.template
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Vulnerability dashboard #2

New issue
Open
opened 2026-04-16 21:07:12 +00:00 by bot-ci · 0 comments
bot-ci commented 2026-04-16 21:07:12 +00:00
Owner
Copy link

This issue list updates about vulnerabilities that are detected by trivy.woodpecker plugin.

Summary

Severity Count
CRITICAL 0
HIGH 2
MEDIUM 8
LOW 20
UNKNOWN 0

Detected packages and vulnerabilities

Packages

code.thinkaboutit.tech/pandora/ntfy:latest (alpine 3.23.4)

code.thinkaboutit.tech/pandora/ntfy:latest

Name Version
alpine-baselayout 3.7.2-r0
alpine-baselayout-data 3.7.2-r0
alpine-keys 2.6-r0
alpine-release 3.23.4-r0
apk-tools 3.0.6-r0
busybox 1.37.0-r30
busybox-binsh 1.37.0-r30
ca-certificates-bundle 20260413-r0
libapk 3.0.6-r0
libcrypto3 3.5.6-r0
libssl3 3.5.6-r0
musl 1.2.5-r23
musl-utils 1.2.5-r23
scanelf 1.3.8-r2
ssl_client 1.37.0-r30
tzdata 2026b-r0
zlib 1.3.2-r0

usr/bin/ntfy

code.thinkaboutit.tech/pandora/ntfy:latest

Name Version
heckel.io/ntfy/v2 v2.24.0
stdlib v1.26.4
cel.dev/expr v0.25.2
cloud.google.com/go v0.123.0
cloud.google.com/go/auth v0.20.0
cloud.google.com/go/auth/oauth2adapt v0.2.8
cloud.google.com/go/compute/metadata v0.9.0
cloud.google.com/go/firestore v1.22.0
cloud.google.com/go/iam v1.11.0
cloud.google.com/go/longrunning v1.0.0
cloud.google.com/go/monitoring v1.29.0
cloud.google.com/go/storage v1.62.2
firebase.google.com/go/v4 v4.20.0
github.com/AlekSi/pointer v1.2.0
github.com/BurntSushi/toml v1.6.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.32.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.56.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.56.0
github.com/MicahParks/keyfunc v1.9.0
github.com/SherClockHolmes/webpush-go v1.4.0
github.com/aymerick/douceur v0.2.0
github.com/beorn7/perks v1.0.1
github.com/cespare/xxhash/v2 v2.3.0
github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2
github.com/cpuguy83/go-md2man/v2 v2.0.7
github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6
github.com/emersion/go-smtp v0.17.0
github.com/envoyproxy/go-control-plane/envoy v1.37.0
github.com/envoyproxy/protoc-gen-validate v1.3.3
github.com/felixge/httpsnoop v1.0.4
github.com/gabriel-vasile/mimetype v1.4.13
github.com/go-jose/go-jose/v4 v4.1.4
github.com/go-logr/logr v1.4.3
github.com/go-logr/stdr v1.2.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang-jwt/jwt/v5 v5.3.1
github.com/google/s2a-go v0.1.9
github.com/google/uuid v1.6.0
github.com/googleapis/enterprise-certificate-proxy v0.3.16
github.com/googleapis/gax-go/v2 v2.22.0
github.com/gorilla/css v1.0.1
github.com/gorilla/websocket v1.5.3
github.com/jackc/pgpassfile v1.0.0
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761
github.com/jackc/pgx/v5 v5.10.0
github.com/jackc/puddle/v2 v2.2.2
github.com/mattn/go-sqlite3 v1.14.44
github.com/microcosm-cc/bluemonday v1.0.27
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
github.com/olebedev/when v1.1.0
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.23.2
github.com/prometheus/client_model v0.6.2
github.com/prometheus/common v0.68.1
github.com/prometheus/procfs v0.20.1
github.com/russross/blackfriday/v2 v2.1.0
github.com/spiffe/go-spiffe/v2 v2.7.0
github.com/stripe/stripe-go/v74 v74.30.0
github.com/urfave/cli/v2 v2.27.7
github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342
go.opentelemetry.io/auto/sdk v1.2.1
go.opentelemetry.io/contrib/detectors/gcp v1.44.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.69.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0
go.opentelemetry.io/otel v1.44.0
go.opentelemetry.io/otel/metric v1.44.0
go.opentelemetry.io/otel/sdk v1.44.0
go.opentelemetry.io/otel/sdk/metric v1.44.0
go.opentelemetry.io/otel/trace v1.44.0
golang.org/x/crypto v0.52.0
golang.org/x/net v0.55.0
golang.org/x/oauth2 v0.36.0
golang.org/x/sync v0.20.0
golang.org/x/sys v0.45.0
golang.org/x/term v0.43.0
golang.org/x/text v0.37.0
golang.org/x/time v0.15.0
google.golang.org/api v0.283.0
google.golang.org/genproto v0.0.0-20260526163538-3dc84a4a5aaa
google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa
google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa
google.golang.org/grpc v1.81.1
google.golang.org/protobuf v1.36.11
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
Vulnerabilities

code.thinkaboutit.tech/pandora/ntfy:latest (alpine 3.23.4)

code.thinkaboutit.tech/pandora/ntfy:latest

Package Name Severity Installed version Fixed Version Status Link
libcrypto3 HIGH 3.5.6-r0 3.5.7-r0 fixed CVE-2026-45447
libcrypto3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34182
libcrypto3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34183
libcrypto3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42764
libcrypto3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-45445
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34180
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34181
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42766
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42767
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42768
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42769
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42770
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-45446
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-7383
libcrypto3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-9076
libssl3 HIGH 3.5.6-r0 3.5.7-r0 fixed CVE-2026-45447
libssl3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34182
libssl3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34183
libssl3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42764
libssl3 MEDIUM 3.5.6-r0 3.5.7-r0 fixed CVE-2026-45445
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34180
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-34181
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42766
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42767
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42768
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42769
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-42770
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-45446
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-7383
libssl3 LOW 3.5.6-r0 3.5.7-r0 fixed CVE-2026-9076
This issue list updates about vulnerabilities that are detected by [trivy.woodpecker](https://code.thinkaboutit.tech/pandora/trivy.woodpecker) plugin. ## Summary | Severity | Count | | -------- | ----- | | CRITICAL | 0 | | HIGH | 2 | | MEDIUM | 8 | | LOW | 20 | | UNKNOWN | 0 | ## Detected packages and vulnerabilities <details><summary>Packages</summary> ### code.thinkaboutit.tech/pandora/ntfy:latest (alpine 3.23.4) **code.thinkaboutit.tech/pandora/ntfy:latest** | Name | Version | | ---- | ------- | | alpine-baselayout | 3.7.2-r0 | | alpine-baselayout-data | 3.7.2-r0 | | alpine-keys | 2.6-r0 | | alpine-release | 3.23.4-r0 | | apk-tools | 3.0.6-r0 | | busybox | 1.37.0-r30 | | busybox-binsh | 1.37.0-r30 | | ca-certificates-bundle | 20260413-r0 | | libapk | 3.0.6-r0 | | libcrypto3 | 3.5.6-r0 | | libssl3 | 3.5.6-r0 | | musl | 1.2.5-r23 | | musl-utils | 1.2.5-r23 | | scanelf | 1.3.8-r2 | | ssl_client | 1.37.0-r30 | | tzdata | 2026b-r0 | | zlib | 1.3.2-r0 | ### usr/bin/ntfy **code.thinkaboutit.tech/pandora/ntfy:latest** | Name | Version | | ---- | ------- | | heckel.io/ntfy/v2 | v2.24.0 | | stdlib | v1.26.4 | | cel.dev/expr | v0.25.2 | | cloud.google.com/go | v0.123.0 | | cloud.google.com/go/auth | v0.20.0 | | cloud.google.com/go/auth/oauth2adapt | v0.2.8 | | cloud.google.com/go/compute/metadata | v0.9.0 | | cloud.google.com/go/firestore | v1.22.0 | | cloud.google.com/go/iam | v1.11.0 | | cloud.google.com/go/longrunning | v1.0.0 | | cloud.google.com/go/monitoring | v1.29.0 | | cloud.google.com/go/storage | v1.62.2 | | firebase.google.com/go/v4 | v4.20.0 | | github.com/AlekSi/pointer | v1.2.0 | | github.com/BurntSushi/toml | v1.6.0 | | github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp | v1.32.0 | | github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric | v0.56.0 | | github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping | v0.56.0 | | github.com/MicahParks/keyfunc | v1.9.0 | | github.com/SherClockHolmes/webpush-go | v1.4.0 | | github.com/aymerick/douceur | v0.2.0 | | github.com/beorn7/perks | v1.0.1 | | github.com/cespare/xxhash/v2 | v2.3.0 | | github.com/cncf/xds/go | v0.0.0-20260202195803-dba9d589def2 | | github.com/cpuguy83/go-md2man/v2 | v2.0.7 | | github.com/emersion/go-sasl | v0.0.0-20241020182733-b788ff22d5a6 | | github.com/emersion/go-smtp | v0.17.0 | | github.com/envoyproxy/go-control-plane/envoy | v1.37.0 | | github.com/envoyproxy/protoc-gen-validate | v1.3.3 | | github.com/felixge/httpsnoop | v1.0.4 | | github.com/gabriel-vasile/mimetype | v1.4.13 | | github.com/go-jose/go-jose/v4 | v4.1.4 | | github.com/go-logr/logr | v1.4.3 | | github.com/go-logr/stdr | v1.2.2 | | github.com/golang-jwt/jwt/v4 | v4.5.2 | | github.com/golang-jwt/jwt/v5 | v5.3.1 | | github.com/google/s2a-go | v0.1.9 | | github.com/google/uuid | v1.6.0 | | github.com/googleapis/enterprise-certificate-proxy | v0.3.16 | | github.com/googleapis/gax-go/v2 | v2.22.0 | | github.com/gorilla/css | v1.0.1 | | github.com/gorilla/websocket | v1.5.3 | | github.com/jackc/pgpassfile | v1.0.0 | | github.com/jackc/pgservicefile | v0.0.0-20240606120523-5a60cdf6a761 | | github.com/jackc/pgx/v5 | v5.10.0 | | github.com/jackc/puddle/v2 | v2.2.2 | | github.com/mattn/go-sqlite3 | v1.14.44 | | github.com/microcosm-cc/bluemonday | v1.0.27 | | github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | | github.com/olebedev/when | v1.1.0 | | github.com/pkg/errors | v0.9.1 | | github.com/prometheus/client_golang | v1.23.2 | | github.com/prometheus/client_model | v0.6.2 | | github.com/prometheus/common | v0.68.1 | | github.com/prometheus/procfs | v0.20.1 | | github.com/russross/blackfriday/v2 | v2.1.0 | | github.com/spiffe/go-spiffe/v2 | v2.7.0 | | github.com/stripe/stripe-go/v74 | v74.30.0 | | github.com/urfave/cli/v2 | v2.27.7 | | github.com/xrash/smetrics | v0.0.0-20250705151800-55b8f293f342 | | go.opentelemetry.io/auto/sdk | v1.2.1 | | go.opentelemetry.io/contrib/detectors/gcp | v1.44.0 | | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.69.0 | | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.69.0 | | go.opentelemetry.io/otel | v1.44.0 | | go.opentelemetry.io/otel/metric | v1.44.0 | | go.opentelemetry.io/otel/sdk | v1.44.0 | | go.opentelemetry.io/otel/sdk/metric | v1.44.0 | | go.opentelemetry.io/otel/trace | v1.44.0 | | golang.org/x/crypto | v0.52.0 | | golang.org/x/net | v0.55.0 | | golang.org/x/oauth2 | v0.36.0 | | golang.org/x/sync | v0.20.0 | | golang.org/x/sys | v0.45.0 | | golang.org/x/term | v0.43.0 | | golang.org/x/text | v0.37.0 | | golang.org/x/time | v0.15.0 | | google.golang.org/api | v0.283.0 | | google.golang.org/genproto | v0.0.0-20260526163538-3dc84a4a5aaa | | google.golang.org/genproto/googleapis/api | v0.0.0-20260526163538-3dc84a4a5aaa | | google.golang.org/genproto/googleapis/rpc | v0.0.0-20260526163538-3dc84a4a5aaa | | google.golang.org/grpc | v1.81.1 | | google.golang.org/protobuf | v1.36.11 | | gopkg.in/yaml.v2 | v2.4.0 | | gopkg.in/yaml.v3 | v3.0.1 | </details> <details><summary>Vulnerabilities</summary> ### code.thinkaboutit.tech/pandora/ntfy:latest (alpine 3.23.4) **code.thinkaboutit.tech/pandora/ntfy:latest** | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | libcrypto3 | HIGH | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-45447](https://avd.aquasec.com/nvd/cve-2026-45447) | | libcrypto3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34182](https://avd.aquasec.com/nvd/cve-2026-34182) | | libcrypto3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34183](https://avd.aquasec.com/nvd/cve-2026-34183) | | libcrypto3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42764](https://avd.aquasec.com/nvd/cve-2026-42764) | | libcrypto3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-45445](https://avd.aquasec.com/nvd/cve-2026-45445) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34180](https://avd.aquasec.com/nvd/cve-2026-34180) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34181](https://avd.aquasec.com/nvd/cve-2026-34181) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42766](https://avd.aquasec.com/nvd/cve-2026-42766) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42767](https://avd.aquasec.com/nvd/cve-2026-42767) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42768](https://avd.aquasec.com/nvd/cve-2026-42768) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42769](https://avd.aquasec.com/nvd/cve-2026-42769) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42770](https://avd.aquasec.com/nvd/cve-2026-42770) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-45446](https://avd.aquasec.com/nvd/cve-2026-45446) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-7383](https://avd.aquasec.com/nvd/cve-2026-7383) | | libcrypto3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-9076](https://avd.aquasec.com/nvd/cve-2026-9076) | | libssl3 | HIGH | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-45447](https://avd.aquasec.com/nvd/cve-2026-45447) | | libssl3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34182](https://avd.aquasec.com/nvd/cve-2026-34182) | | libssl3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34183](https://avd.aquasec.com/nvd/cve-2026-34183) | | libssl3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42764](https://avd.aquasec.com/nvd/cve-2026-42764) | | libssl3 | MEDIUM | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-45445](https://avd.aquasec.com/nvd/cve-2026-45445) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34180](https://avd.aquasec.com/nvd/cve-2026-34180) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-34181](https://avd.aquasec.com/nvd/cve-2026-34181) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42766](https://avd.aquasec.com/nvd/cve-2026-42766) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42767](https://avd.aquasec.com/nvd/cve-2026-42767) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42768](https://avd.aquasec.com/nvd/cve-2026-42768) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42769](https://avd.aquasec.com/nvd/cve-2026-42769) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-42770](https://avd.aquasec.com/nvd/cve-2026-42770) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-45446](https://avd.aquasec.com/nvd/cve-2026-45446) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-7383](https://avd.aquasec.com/nvd/cve-2026-7383) | | libssl3 | LOW | 3.5.6-r0 | 3.5.7-r0 | fixed | [CVE-2026-9076](https://avd.aquasec.com/nvd/cve-2026-9076) | </details>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pandora/notfysh.image-copy#2
No description provided.