Vulnerability dashboard #9

New issue

Open

opened 2026-03-23 18:28:38 +00:00 by bot-ci · 0 comments

bot-ci commented 2026-03-23 18:28:38 +00:00

Owner

Copy link

This issue list updates about vulnerabilites that are detected by trivy.woodpecker plugin.

Summary

Severity	Count
CRITICAL	0
HIGH	11
MEDIUM	51
LOW	116
UNKNOWN	1

Detected packages and vulnerabilites

Packages

Node.js:

Name	Version
1to2	1.0.0
@arcanis/slice-ansi	1.1.1
@aws-crypto/crc32	5.2.0
@aws-crypto/crc32c	5.2.0
@aws-crypto/sha1-browser	5.2.0
@aws-crypto/sha256-browser	5.2.0
@aws-crypto/sha256-js	5.2.0
@aws-crypto/supports-web-crypto	5.2.0
@aws-crypto/util	5.2.0
@aws-sdk/client-codecommit	3.1021.0
@aws-sdk/client-cognito-identity	3.1021.0
@aws-sdk/client-ec2	3.1021.0
@aws-sdk/client-ecr	3.1021.0
@aws-sdk/client-eks	3.1021.0
@aws-sdk/client-rds	3.1021.0
@aws-sdk/client-s3	3.1021.0
@aws-sdk/core	3.974.1
@aws-sdk/crc64-nvme	3.972.7
@aws-sdk/credential-provider-cognito-identity	3.972.24
@aws-sdk/credential-provider-env	3.972.27
@aws-sdk/credential-provider-http	3.972.29
@aws-sdk/credential-provider-ini	3.972.31
@aws-sdk/credential-provider-login	3.972.31
@aws-sdk/credential-provider-node	3.972.32
@aws-sdk/credential-provider-process	3.972.27
@aws-sdk/credential-provider-sso	3.972.31
@aws-sdk/credential-provider-web-identity	3.972.31
@aws-sdk/credential-providers	3.1021.0
@aws-sdk/middleware-bucket-endpoint	3.972.10
@aws-sdk/middleware-expect-continue	3.972.10
@aws-sdk/middleware-flexible-checksums	3.974.9
@aws-sdk/middleware-host-header	3.972.10
@aws-sdk/middleware-location-constraint	3.972.10
@aws-sdk/middleware-logger	3.972.10
@aws-sdk/middleware-recursion-detection	3.972.11
@aws-sdk/middleware-sdk-ec2	3.972.20
@aws-sdk/middleware-sdk-rds	3.972.20
@aws-sdk/middleware-sdk-s3	3.972.30
@aws-sdk/middleware-ssec	3.972.10
@aws-sdk/middleware-user-agent	3.972.31
@aws-sdk/nested-clients	3.996.21
@aws-sdk/region-config-resolver	3.972.12
@aws-sdk/signature-v4-multi-region	3.996.18
@aws-sdk/token-providers	3.1032.0
@aws-sdk/types	3.973.8
@aws-sdk/util-arn-parser	3.972.3
@aws-sdk/util-endpoints	3.996.7
@aws-sdk/util-format-url	3.972.10
@aws-sdk/util-locate-window	3.965.5
@aws-sdk/util-user-agent-browser	3.972.10
@aws-sdk/util-user-agent-node	3.973.17
@aws-sdk/xml-builder	3.972.18
@aws/lambda-invoke-store	0.2.4
@babel/code-frame	7.29.0
@babel/helper-validator-identifier	7.28.5
@babel/runtime-corejs3	7.29.2
@baszalmstra/rattler	0.2.1
@breejs/later	4.2.0
@cdktf/hcl2json	0.21.0
@gar/promise-retry	1.0.3
@gar/promise-retry	1.0.3
@gwhitney/detect-indent	7.0.1
@isaacs/fs-minipass	4.0.1
@isaacs/fs-minipass	4.0.1
@isaacs/string-locale-compare	1.1.0
@keyv/serialize	1.1.1
@kwsites/file-exists	1.1.1
@kwsites/promise-deferred	1.1.1
@nodelib/fs.scandir	2.1.5
@nodelib/fs.stat	2.0.5
@nodelib/fs.walk	1.2.8
@npmcli/agent	4.0.0
@npmcli/agent	4.0.0
@npmcli/arborist	9.4.2
@npmcli/config	10.8.1
@npmcli/fs	5.0.0
@npmcli/fs	5.0.0
@npmcli/git	7.0.2
@npmcli/installed-package-contents	4.0.0
@npmcli/map-workspaces	5.0.3
@npmcli/metavuln-calculator	9.0.3
@npmcli/name-from-folder	4.0.0
@npmcli/node-gyp	5.0.0
@npmcli/package-json	7.0.5
@npmcli/promise-spawn	9.0.1
@npmcli/query	5.0.0
@npmcli/redact	4.0.0
@npmcli/redact	4.0.0
@npmcli/run-script	10.0.4
@one-ini/wasm	0.2.1
@opentelemetry/api	1.9.1
@opentelemetry/api-logs	0.214.0
@opentelemetry/context-async-hooks	2.6.1
@opentelemetry/core	2.6.1
@opentelemetry/exporter-trace-otlp-http	0.214.0
@opentelemetry/instrumentation	0.214.0
@opentelemetry/instrumentation-bunyan	0.59.0
@opentelemetry/instrumentation-http	0.214.0
@opentelemetry/instrumentation-redis	0.62.0
@opentelemetry/otlp-exporter-base	0.214.0
@opentelemetry/otlp-transformer	0.214.0
@opentelemetry/redis-common	0.38.3
@opentelemetry/resource-detector-aws	2.14.0
@opentelemetry/resource-detector-azure	0.22.0
@opentelemetry/resource-detector-gcp	0.49.0
@opentelemetry/resource-detector-github	0.32.0
@opentelemetry/resources	2.6.1
@opentelemetry/sdk-logs	0.214.0
@opentelemetry/sdk-metrics	2.6.1
@opentelemetry/sdk-trace-base	2.6.1
@opentelemetry/sdk-trace-node	2.6.1
@opentelemetry/semantic-conventions	1.40.0
@pnpm/catalogs.protocol-parser	1001.0.0
@pnpm/catalogs.resolver	1000.0.5
@pnpm/catalogs.types	1000.0.0
@pnpm/constants	1001.3.1
@pnpm/constants	6.1.0
@pnpm/error	1000.1.0
@pnpm/error	4.0.0
@pnpm/graceful-fs	2.0.0
@pnpm/parse-overrides	1001.0.4
@pnpm/parse-wanted-dependency	1001.0.0
@pnpm/read-project-manifest	4.1.1
@pnpm/text.comments-parser	1.0.0
@pnpm/types	8.9.0
@pnpm/util.lex-comparator	1.0.0
@pnpm/write-project-manifest	4.1.1
@protobufjs/aspromise	1.1.2
@protobufjs/base64	1.1.2
@protobufjs/codegen	2.0.4
@protobufjs/eventemitter	1.1.0
@protobufjs/fetch	1.1.0
@protobufjs/float	1.0.2
@protobufjs/inquire	1.1.0
@protobufjs/path	1.1.2
@protobufjs/pool	1.1.0
@protobufjs/utf8	1.1.0
@qnighy/marshal	0.1.3
@redis/client	5.11.0
@redis/client	5.11.0
@renovatebot/detect-tools	3.0.0
@renovatebot/good-enough-parser	2.0.0
@renovatebot/osv-offline	2.5.0
@renovatebot/osv-offline-db	2.5.0
@renovatebot/pep440	4.2.2
@renovatebot/pgp	1.3.6
@renovatebot/ruby-semver	4.1.2
@sec-ant/readable-stream	0.4.1
@sigstore/bundle	4.0.0
@sigstore/core	3.2.0
@sigstore/protobuf-specs	0.5.0
@sigstore/sign	4.1.1
@sigstore/tuf	4.0.2
@sigstore/verify	3.1.0
@simple-git/args-pathspec	1.0.3
@simple-git/argv-parser	1.1.1
@sindresorhus/is	4.6.0
@sindresorhus/is	7.2.0
@smithy/chunked-blob-reader	5.2.2
@smithy/chunked-blob-reader-native	4.2.3
@smithy/config-resolver	4.4.16
@smithy/core	3.23.15
@smithy/credential-provider-imds	4.2.14
@smithy/eventstream-codec	4.2.14
@smithy/eventstream-serde-browser	4.2.14
@smithy/eventstream-serde-config-resolver	4.3.14
@smithy/eventstream-serde-node	4.2.14
@smithy/eventstream-serde-universal	4.2.14
@smithy/fetch-http-handler	5.3.17
@smithy/hash-blob-browser	4.2.15
@smithy/hash-node	4.2.14
@smithy/hash-stream-node	4.2.14
@smithy/invalid-dependency	4.2.14
@smithy/is-array-buffer	2.2.0
@smithy/is-array-buffer	2.2.0
@smithy/is-array-buffer	2.2.0
@smithy/is-array-buffer	4.2.2
@smithy/md5-js	4.2.14
@smithy/middleware-content-length	4.2.14
@smithy/middleware-endpoint	4.4.30
@smithy/middleware-retry	4.5.3
@smithy/middleware-serde	4.2.18
@smithy/middleware-stack	4.2.14
@smithy/node-config-provider	4.3.14
@smithy/node-http-handler	4.5.3
@smithy/property-provider	4.2.14
@smithy/protocol-http	5.3.14
@smithy/querystring-builder	4.2.14
@smithy/querystring-parser	4.2.14
@smithy/service-error-classification	4.2.14
@smithy/shared-ini-file-loader	4.4.9
@smithy/signature-v4	5.3.14
@smithy/smithy-client	4.12.11
@smithy/types	4.14.1
@smithy/url-parser	4.2.14
@smithy/util-base64	4.3.2
@smithy/util-body-length-browser	4.2.2
@smithy/util-body-length-node	4.2.3
@smithy/util-buffer-from	2.2.0
@smithy/util-buffer-from	2.2.0
@smithy/util-buffer-from	2.2.0
@smithy/util-buffer-from	4.2.2
@smithy/util-config-provider	4.2.2
@smithy/util-defaults-mode-browser	4.3.47
@smithy/util-defaults-mode-node	4.2.52
@smithy/util-endpoints	3.4.1
@smithy/util-hex-encoding	4.2.2
@smithy/util-middleware	4.2.14
@smithy/util-retry	4.3.2
@smithy/util-stream	4.5.23
@smithy/util-uri-escape	4.2.2
@smithy/util-utf8	2.3.0
@smithy/util-utf8	2.3.0
@smithy/util-utf8	2.3.0
@smithy/util-utf8	4.2.2
@smithy/util-waiter	4.2.16
@smithy/uuid	1.1.2
@szmarczak/http-timer	4.0.6
@thi.ng/api	7.2.0
@thi.ng/arrays	1.0.3
@thi.ng/checks	2.9.11
@thi.ng/compare	1.3.34
@thi.ng/equiv	1.0.45
@thi.ng/errors	1.3.4
@thi.ng/hex	1.0.4
@thi.ng/random	2.4.8
@thi.ng/zipper	1.0.3
@tufjs/canonical-json	2.0.0
@tufjs/models	4.1.0
@types/bunyan	1.8.11
@types/cacheable-request	6.0.3
@types/debug	4.1.13
@types/emscripten	1.41.5
@types/http-cache-semantics	4.2.0
@types/keyv	3.1.4
@types/mdast	4.0.4
@types/moo	0.5.10
@types/ms	2.1.0
@types/node	25.6.0
@types/parse-path	7.0.3
@types/responselike	1.0.3
@types/semver	7.7.1
@types/treeify	1.0.3
@types/unist	3.0.3
@types/yauzl	2.10.3
@yarnpkg/core	4.6.0
@yarnpkg/fslib	3.1.5
@yarnpkg/libzip	3.2.2
@yarnpkg/parsers	3.0.3
@yarnpkg/shell	4.1.3
abbrev	4.0.0
abbrev	4.0.0
acorn	8.16.0
acorn-import-attributes	1.9.5
adm-zip	0.5.17
ae-cvss-calculator	1.0.12
agent-base	7.1.4
agent-base	7.1.4
agentkeepalive	4.6.0
ansi-regex	5.0.1
ansi-styles	4.3.0
aproba	2.1.0
archy	1.0.0
argparse	1.0.10
argparse	2.0.1
argparse	2.0.1
argparse	2.0.1
async-mutex	0.5.0
aws4	1.13.2
azure-devops-node-api	15.1.2
backslash	0.2.2
bail	2.0.2
balanced-match	1.0.2
balanced-match	4.0.4
balanced-match	4.0.4
base64-js	1.5.1
beep-boop	1.2.3
better-sqlite3	12.8.0
bignumber.js	9.3.1
bin-links	6.0.0
binary-extensions	3.1.0
bindings	1.5.0
bl	4.1.0
boolbase	1.0.0
boolean	3.2.0
bowser	2.14.1
brace-expansion	1.1.14
brace-expansion	5.0.4
brace-expansion	5.0.5
braces	3.0.3
buffer	5.7.1
buffer-crc32	0.2.13
buffer-equal-constant-time	1.0.1
buffer-from	1.1.2
builtins	5.1.0
bunyan	1.8.15
byte-counter	0.1.0
cacache	20.0.4
cacache	20.0.4
cacheable-lookup	5.0.4
cacheable-lookup	7.0.0
cacheable-request	13.0.18
cacheable-request	7.0.4
call-bind-apply-helpers	1.0.2
call-bound	1.0.4
camelcase	5.3.1
ccount	2.0.1
chalk	4.1.2
chalk	5.6.2
changelog-filename-regex	2.0.1
character-entities	2.0.2
chownr	1.1.4
chownr	3.0.0
chownr	3.0.0
ci-info	4.4.0
ci-info	4.4.0
cidr-regex	5.0.3
cjs-module-lexer	2.2.0
clean-git-ref	2.0.1
clipanion	4.0.0-rc.4
clone-response	1.0.3
cluster-key-slot	1.1.2
cmd-shim	8.0.0
color-convert	2.0.1
color-name	1.1.4
commander	14.0.3
common-ancestor-path	2.0.0
concat-map	0.0.1
core-js-pure	3.49.0
corepack	0.34.6
croner	10.0.1
cronstrue	3.14.0
cross-spawn	7.0.6
css-select	5.2.2
css-what	6.2.2
cssesc	3.0.0
data-uri-to-buffer	4.0.1
debug	4.4.3
debug	4.4.3
decode-named-character-reference	1.3.0
decompress-response	10.0.0
decompress-response	6.0.0
decompress-response	6.0.0
deep-extend	0.6.0
deepmerge	4.3.1
defer-to-connect	2.0.1
define-data-property	1.1.4
define-properties	1.2.1
dequal	2.0.3
des.js	1.1.0
detect-indent	7.0.2
detect-libc	2.1.2
detect-node	2.1.0
devlop	1.1.0
diff	5.2.2
diff	8.0.3
diff	8.0.4
dom-serializer	2.0.0
domelementtype	2.3.0
domhandler	5.0.3
domutils	3.2.2
dotenv	16.6.1
dtrace-provider	0.8.8
dunder-proto	1.0.1
ecdsa-sig-formatter	1.0.11
editorconfig	3.0.2
email-addresses	5.0.0
emoji-regex	10.6.0
emojibase	17.0.0
emojibase-regex	17.0.0
end-of-stream	1.4.5
entities	4.5.0
env-paths	2.2.1
env-paths	2.2.1
error-ex	1.3.4
es-define-property	1.0.1
es-errors	1.3.0
es-object-atoms	1.1.1
es-toolkit	1.45.1
es6-error	4.1.1
escape-string-regexp	4.0.0
escape-string-regexp	5.0.0
eslint-visitor-keys	3.4.3
eslint-visitor-keys	5.0.1
esprima	4.0.1
eventemitter3	5.0.4
execa	8.0.1
expand-template	2.0.3
exponential-backoff	3.1.3
exponential-backoff	3.1.3
extend	3.0.2
extract-zip	2.0.1
fast-deep-equal	3.1.3
fast-glob	3.3.3
fast-xml-builder	1.1.5
fast-xml-parser	5.5.8
fastest-levenshtein	1.0.16
fastq	1.20.1
fd-slicer	1.1.0
fdir	6.5.0
fdir	6.5.0
fetch-blob	3.2.0
file-uri-to-path	1.0.0
fill-range	7.1.1
find-packages	10.0.4
find-up	8.0.0
form-data-encoder	4.1.0
formdata-polyfill	4.0.10
forwarded-parse	2.1.2
fs-constants	1.0.0
fs-extra	11.3.0
fs-extra	11.3.4
fs-minipass	3.0.3
fs-minipass	3.0.3
function-bind	1.1.2
gaxios	7.1.4
gcp-metadata	8.1.2
get-intrinsic	1.3.0
get-proto	1.0.1
get-stream	5.2.0
get-stream	5.2.0
get-stream	8.0.1
get-stream	9.0.1
git-up	8.1.1
git-url-parse	16.1.0
github-from-package	0.0.0
github-url-from-git	1.5.0
glob	13.0.6
glob	13.0.6
glob	6.0.4
glob-parent	5.1.2
global-agent	3.0.0
globalthis	1.0.4
google-auth-library	10.6.2
google-logging-utils	1.1.3
gopd	1.2.0
got	11.8.6
got	14.6.6
graceful-fs	4.2.11
graceful-fs	4.2.11
graph-data-structure	4.5.0
grapheme-splitter	1.0.4
handlebars	4.7.9
has-flag	4.0.0
has-property-descriptors	1.0.2
has-symbols	1.1.0
hasown	2.0.2
he	1.2.0
hosted-git-info	9.0.2
hpagent	1.2.0
http-cache-semantics	4.2.0
http-cache-semantics	4.2.0
http-proxy-agent	7.0.2
http-proxy-agent	7.0.2
http2-wrapper	1.0.3
http2-wrapper	2.2.1
https-proxy-agent	7.0.6
https-proxy-agent	7.0.6
human-signals	5.0.0
humanize-ms	1.2.1
iconv-lite	0.7.2
iconv-lite	0.7.2
ieee754	1.2.1
ignore	7.0.5
ignore-walk	8.0.0
import-in-the-middle	3.0.1
imurmurhash	0.1.4
inflight	1.0.6
inherits	2.0.4
ini	1.3.8
ini	6.0.0
ini	6.0.0
init-package-json	8.2.5
install-artifact-from-github	1.4.0
ip-address	10.1.0
ip-address	10.1.0
is-arrayish	0.2.1
is-cidr	6.0.3
is-extglob	2.1.1
is-glob	4.0.3
is-number	7.0.0
is-plain-obj	2.1.0
is-plain-obj	4.1.0
is-ssh	1.4.1
is-stream	3.0.0
is-stream	4.0.1
is-typedarray	1.0.0
is-windows	1.0.2
isexe	2.0.0
isexe	4.0.0
isexe	4.0.0
js-md4	0.3.2
js-tokens	4.0.0
js-yaml	3.14.2
js-yaml	4.1.1
js-yaml	4.1.1
json-bigint	1.0.0
json-buffer	3.0.1
json-dup-key-validator	1.0.3
json-parse-even-better-errors	2.3.1
json-parse-even-better-errors	5.0.0
json-stringify-nice	1.1.4
json-stringify-pretty-compact	4.0.0
json-stringify-safe	5.0.1
json5	2.2.3
jsonata	2.1.0
jsonc-morph	0.3.3
jsonc-weaver	0.2.4
jsonfile	6.2.0
jsonparse	1.3.1
just-diff	6.0.2
just-diff-apply	5.5.0
jwa	2.0.1
jws	4.0.1
keyv	4.5.4
keyv	5.6.0
klona	2.0.6
libnpmaccess	10.0.3
libnpmdiff	8.1.5
libnpmexec	10.2.5
libnpmfund	7.0.19
libnpmorg	8.0.1
libnpmpack	9.1.5
libnpmpublish	11.1.3
libnpmsearch	9.0.1
libnpmteam	8.0.2
libnpmversion	8.0.3
lines-and-columns	1.2.4
linkify-it	5.0.0
locate-path	8.0.0
long	5.3.2
longest-streak	3.1.0
lowercase-keys	2.0.0
lowercase-keys	3.0.0
lru-cache	11.2.7
lru-cache	11.3.5
luxon	3.7.2
make-fetch-happen	15.0.5
make-fetch-happen	15.0.5
markdown-it	14.1.1
markdown-table	3.0.4
matcher	3.0.0
math-intrinsics	1.1.0
mdast-util-find-and-replace	3.0.2
mdast-util-from-markdown	2.0.3
mdast-util-gfm	3.1.0
mdast-util-gfm-autolink-literal	2.0.1
mdast-util-gfm-footnote	2.1.0
mdast-util-gfm-strikethrough	2.0.0
mdast-util-gfm-table	2.0.0
mdast-util-gfm-task-list-item	2.0.0
mdast-util-phrasing	4.1.0
mdast-util-to-markdown	2.1.2
mdast-util-to-string	4.0.0
mdurl	2.0.0
merge-stream	2.0.0
merge2	1.4.1
micromark	4.0.2
micromark-core-commonmark	2.0.3
micromark-extension-gfm	3.0.0
micromark-extension-gfm-autolink-literal	2.1.0
micromark-extension-gfm-footnote	2.1.0
micromark-extension-gfm-strikethrough	2.1.0
micromark-extension-gfm-table	2.1.1
micromark-extension-gfm-tagfilter	2.0.0
micromark-extension-gfm-task-list-item	2.1.0
micromark-factory-destination	2.0.1
micromark-factory-label	2.0.1
micromark-factory-space	2.0.1
micromark-factory-title	2.0.1
micromark-factory-whitespace	2.0.1
micromark-util-character	2.1.1
micromark-util-chunked	2.0.1
micromark-util-classify-character	2.0.1
micromark-util-combine-extensions	2.0.1
micromark-util-decode-numeric-character-reference	2.0.2
micromark-util-decode-string	2.0.1
micromark-util-encode	2.0.1
micromark-util-html-tag-name	2.0.1
micromark-util-normalize-identifier	2.0.1
micromark-util-resolve-all	2.0.1
micromark-util-sanitize-uri	2.0.1
micromark-util-subtokenize	2.1.0
micromark-util-symbol	2.0.1
micromark-util-types	2.0.2
micromatch	4.0.8
mimic-fn	4.0.0
mimic-response	1.0.1
mimic-response	3.1.0
mimic-response	3.1.0
mimic-response	4.0.0
minimalistic-assert	1.0.1
minimatch	10.2.4
minimatch	10.2.5
minimatch	3.1.5
minimist	1.2.8
minipass	3.3.6
minipass	3.3.6
minipass	3.3.6
minipass	3.3.6
minipass	7.1.3
minipass	7.1.3
minipass-collect	2.0.1
minipass-collect	2.0.1
minipass-fetch	5.0.2
minipass-fetch	5.0.2
minipass-flush	1.0.5
minipass-flush	1.0.7
minipass-pipeline	1.2.4
minipass-pipeline	1.2.4
minipass-sized	2.0.0
minipass-sized	2.0.0
minizlib	3.1.0
minizlib	3.1.0
mkdirp	0.5.6
mkdirp-classic	0.5.3
module-details-from-path	1.0.4
moment	2.30.1
moo	0.5.3
ms	2.1.3
ms	2.1.3
mute-stream	3.0.0
mv	2.1.1
nan	2.26.2
napi-build-utils	2.0.0
ncp	2.0.0
negotiator	1.0.0
negotiator	1.0.0
neo-async	2.6.2
neotraverse	0.6.18
node-abi	3.89.0
node-domexception	1.0.0
node-fetch	3.3.2
node-gyp	12.2.0
node-gyp	12.2.0
node-html-parser	7.1.0
nopt	9.0.0
nopt	9.0.0
normalize-url	6.1.0
normalize-url	8.1.1
npm	11.12.1
npm-audit-report	7.0.0
npm-bundled	5.0.0
npm-install-checks	8.0.0
npm-normalize-package-bin	5.0.0
npm-package-arg	13.0.2
npm-packlist	10.0.4
npm-pick-manifest	11.0.3
npm-profile	12.0.1
npm-registry-fetch	19.1.1
npm-run-path	5.3.0
npm-user-validate	4.0.0
nth-check	2.1.1
object-inspect	1.13.4
object-keys	1.1.1
once	1.4.0
onetime	6.0.0
openpgp	6.3.0
p-all	5.0.1
p-cancelable	2.1.1
p-cancelable	4.0.1
p-filter	2.1.0
p-limit	2.3.0
p-limit	4.0.0
p-locate	6.0.0
p-map	2.1.0
p-map	6.0.0
p-map	7.0.4
p-map	7.0.4
p-queue	9.1.2
p-throttle	8.1.0
p-timeout	7.0.1
p-try	2.2.0
pacote	21.5.0
parse-conflict-json	5.0.1
parse-json	5.2.0
parse-link-header	2.0.0
parse-path	7.1.0
parse-url	9.2.0
path-expression-matcher	1.5.0
path-is-absolute	1.0.1
path-key	3.1.1
path-key	4.0.0
path-scurry	2.0.2
path-scurry	2.0.2
pend	1.2.0
picocolors	1.1.1
picomatch	2.3.2
picomatch	4.0.3
picomatch	4.0.4
postcss-selector-parser	7.1.1
prebuild-install	7.1.3
prettier	3.8.1
proc-log	6.1.0
proc-log	6.1.0
proggy	4.0.0
promise-all-reject-late	1.0.1
promise-call-limit	3.0.2
promzard	3.0.1
protobufjs	7.5.5
protobufjs	8.0.1
protocols	2.0.2
pump	3.0.4
punycode	2.3.1
punycode.js	2.3.1
qrcode-terminal	0.12.0
qs	6.15.1
queue-microtask	1.2.3
quick-lru	5.1.1
rc	1.2.8
re2	1.24.0
read	5.0.1
read-cmd-shim	6.0.0
read-yaml-file	2.1.0
readable-stream	3.6.2
remark	15.0.1
remark-gfm	4.0.1
remark-github	12.0.0
remark-parse	11.0.0
remark-stringify	11.0.0
renovate	43.129.0
require-in-the-middle	8.0.1
resolve-alpn	1.2.1
responselike	2.0.1
responselike	4.0.2
reusify	1.1.0
rimraf	2.4.5
roarr	2.15.4
run-parallel	1.2.0
safe-buffer	5.2.1
safe-json-stringify	1.2.0
safe-stable-stringify	2.5.0
safer-buffer	2.1.2
safer-buffer	2.1.2
sax	1.6.0
semver	6.3.1
semver	7.7.4
semver	7.7.4
semver-compare	1.0.0
semver-stable	3.0.0
semver-utils	1.1.4
serialize-error	7.0.1
shebang-command	2.0.0
shebang-regex	3.0.0
shlex	3.0.0
side-channel	1.1.0
side-channel-list	1.0.1
side-channel-map	1.0.1
side-channel-weakmap	1.0.2
signal-exit	3.0.7
signal-exit	4.1.0
signal-exit	4.1.0
sigstore	4.1.0
simple-concat	1.0.1
simple-get	4.0.1
simple-git	3.35.2
slugify	1.6.9
smart-buffer	4.2.0
smart-buffer	4.2.0
socks	2.8.7
socks	2.8.7
socks-proxy-agent	8.0.5
socks-proxy-agent	8.0.5
sort-keys	4.2.0
source-map	0.6.1
source-map-support	0.5.21
spdx-exceptions	2.5.0
spdx-expression-parse	4.0.0
spdx-license-ids	3.0.23
sprintf-js	1.0.3
sprintf-js	1.1.3
ssri	13.0.1
ssri	13.0.1
string_decoder	1.3.0
strip-ansi	6.0.1
strip-bom	4.0.0
strip-comments-strings	1.2.0
strip-final-newline	3.0.0
strip-json-comments	2.0.1
strip-json-comments	5.0.3
strnum	2.2.3
supports-color	10.2.2
supports-color	7.2.0
tar	7.5.11
tar	7.5.13
tar-fs	2.1.4
tar-stream	2.2.0
text-table	0.2.0
tiny-relative-date	2.0.2
tinyglobby	0.2.15
tinyglobby	0.2.16
tinylogic	2.0.0
to-regex-range	5.0.1
to-vfile	8.0.0
toml-eslint-parser	0.12.0
toml-eslint-parser	1.0.3
treeify	1.1.0
treeverse	3.0.0
trough	2.2.0
tslib	2.8.1
tuf-js	4.1.0
tunnel	0.0.6
tunnel-agent	0.6.0
typanion	3.14.0
type-fest	0.13.1
type-fest	4.41.0
typed-rest-client	2.1.0
typedarray-to-buffer	3.1.5
uc.micro	2.1.0
uglify-js	3.19.3
underscore	1.13.8
undici-types	7.19.2
unicorn-magic	0.3.0
unified	11.0.5
unist-util-is	6.0.1
unist-util-stringify-position	4.0.0
unist-util-visit	5.1.0
unist-util-visit-parents	6.0.2
universalify	2.0.1
upath	2.0.1
url-join	5.0.0
util-deprecate	1.0.2
util-deprecate	1.0.2
validate-npm-package-name	5.0.0
validate-npm-package-name	7.0.2
validate-npm-package-name	7.0.2
vfile	6.0.3
vfile-message	4.0.3
walk-up-path	4.0.0
web-streams-polyfill	3.3.3
which	2.0.2
which	6.0.1
which	6.0.1
wordwrap	1.0.0
wrappy	1.0.2
write-file-atomic	3.0.3
write-file-atomic	5.0.1
write-file-atomic	7.0.1
write-yaml-file	4.2.0
xmldoc	2.0.3
xtend	4.0.2
yallist	4.0.0
yallist	4.0.0
yallist	4.0.0
yallist	4.0.0
yallist	5.0.0
yallist	5.0.0
yaml	2.8.3
yarn	1.22.22
yauzl	2.10.0
yocto-queue	1.2.2
zod	4.3.6
zwitch	2.0.4

code.thinkaboutit.tech/pandora/renovate.woodpecker:latest (debian 12.13):

Name	Version
adduser	3.134
apt	2.6.1
base-files	12.4+deb12u13
base-passwd	3.6.1
bash	5.2.15
bsdutils	2.38.1
ca-certificates	20230311+deb12u1
coreutils	9.1
dash	0.5.12
debconf	1.5.82
debian-archive-keyring	2023.3+deb12u2
debianutils	5.7
diffutils	3.8
dpkg	1.21.22
e2fsprogs	1.47.0
findutils	4.9.0
gcc-12-base	12.2.0
git	2.39.5
git-man	2.39.5
gpgv	2.2.40
grep	3.8
gzip	1.12
hostname	3.23+nmu1
init-system-helpers	1.65.2+deb12u1
libacl1	2.3.1
libapt-pkg6.0	2.6.1
libattr1	2.5.1
libaudit-common	3.0.9
libaudit1	3.0.9
libblkid1	2.38.1
libbrotli1	1.0.9
libbz2-1.0	1.0.8
libc-bin	2.36
libc6	2.36
libcap-ng0	0.8.3
libcap2	2.66
libcom-err2	1.47.0
libcrypt1	4.4.33
libcurl3-gnutls	7.88.1
libdb5.3	5.3.28+dfsg2
libdebconfclient0	0.270
liberror-perl	0.17029
libexpat1	2.5.0
libext2fs2	1.47.0
libffi8	3.4.4
libgcc-s1	12.2.0
libgcrypt20	1.10.1
libgdbm-compat4	1.23
libgdbm6	1.23
libgmp10	6.2.1+dfsg1
libgnutls30	3.7.9
libgpg-error0	1.46
libgssapi-krb5-2	1.20.1
libhogweed6	3.8.1
libidn2-0	2.3.3
libk5crypto3	1.20.1
libkeyutils1	1.6.3
libkrb5-3	1.20.1
libkrb5support0	1.20.1
libldap-2.5-0	2.5.13+dfsg
liblz4-1	1.9.4
liblzma5	5.4.1
libmd0	1.0.4
libmount1	2.38.1
libnettle8	3.8.1
libnghttp2-14	1.52.0
libp11-kit0	0.24.1
libpam-modules	1.5.2
libpam-modules-bin	1.5.2
libpam-runtime	1.5.2
libpam0g	1.5.2
libpcre2-8-0	10.42
libperl5.36	5.36.0
libpsl5	0.21.2
librtmp1	2.4+20151223.gitfa8646d.1
libsasl2-2	2.1.28+dfsg
libsasl2-modules-db	2.1.28+dfsg
libseccomp2	2.5.4
libselinux1	3.4
libsemanage-common	3.4
libsemanage2	3.4
libsepol2	3.4
libsmartcols1	2.38.1
libss2	1.47.0
libssh2-1	1.10.0
libssl3	3.0.19
libstdc++6	12.2.0
libsystemd0	252.39
libtasn1-6	4.19.0
libtinfo6	6.4
libudev1	252.39
libunistring2	1.0
libuuid1	2.38.1
libxxhash0	0.8.1
libzstd1	1.5.4+dfsg2
login	4.13+dfsg1
logsave	1.47.0
mawk	1.3.4.20200120
mount	2.38.1
ncurses-base	6.4
ncurses-bin	6.4
openssl	3.0.19
passwd	4.13+dfsg1
perl	5.36.0
perl-base	5.36.0
perl-modules-5.36	5.36.0
sed	4.9
sysvinit-utils	3.06
tar	1.34+dfsg
tzdata	2025b
usr-is-merged	37~deb12u1
util-linux	2.38.1
util-linux-extra	2.38.1
zlib1g	1.2.13.dfsg

Vulnerabilities

Node.js:

Package Name	Severity	Installed version	Fixed Version	Status	Link
brace-expansion	MEDIUM	5.0.4	5.0.5, 3.0.2, 2.0.3, 1.1.13	fixed	CVE-2026-33750
picomatch	HIGH	4.0.3	4.0.4, 3.0.2, 2.3.2	fixed	CVE-2026-33671
picomatch	MEDIUM	4.0.3	4.0.4, 3.0.2, 2.3.2	fixed	CVE-2026-33672

code.thinkaboutit.tech/pandora/renovate.woodpecker:latest (debian 12.13):

Package Name	Severity	Installed version	Fixed Version	Status	Link
apt	LOW	2.6.1		affected	CVE-2011-3374
bash	LOW	5.2.15-2+b10		affected	TEMP-0841856-B18BAF
bsdutils	MEDIUM	1:2.38.1-5+deb12u3		affected	CVE-2026-27456
bsdutils	LOW	1:2.38.1-5+deb12u3		affected	CVE-2022-0563
bsdutils	LOW	1:2.38.1-5+deb12u3		affected	CVE-2025-14104
bsdutils	LOW	1:2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
coreutils	LOW	9.1-1		will_not_fix	CVE-2016-2781
coreutils	LOW	9.1-1		affected	CVE-2017-18018
coreutils	LOW	9.1-1		affected	CVE-2025-5278
dpkg	LOW	1.21.22		affected	CVE-2025-6297
dpkg	UNKNOWN	1.21.22		affected	CVE-2026-2219
gcc-12-base	LOW	12.2.0-14+deb12u1		affected	CVE-2022-27943
git	LOW	1:2.39.5-0+deb12u3		affected	CVE-2018-1000021
git	LOW	1:2.39.5-0+deb12u3		affected	CVE-2022-24975
git	LOW	1:2.39.5-0+deb12u3		affected	CVE-2024-52005
git-man	LOW	1:2.39.5-0+deb12u3		affected	CVE-2018-1000021
git-man	LOW	1:2.39.5-0+deb12u3		affected	CVE-2022-24975
git-man	LOW	1:2.39.5-0+deb12u3		affected	CVE-2024-52005
gpgv	MEDIUM	2.2.40-1.1+deb12u2		affected	CVE-2025-30258
gpgv	MEDIUM	2.2.40-1.1+deb12u2		affected	CVE-2025-68972
gpgv	LOW	2.2.40-1.1+deb12u2		affected	CVE-2022-3219
libapt-pkg6.0	LOW	2.6.1		affected	CVE-2011-3374
libblkid1	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
libblkid1	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
libblkid1	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
libblkid1	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
libc-bin	HIGH	2.36-9+deb12u13		affected	CVE-2026-0861
libc-bin	MEDIUM	2.36-9+deb12u13		affected	CVE-2025-15281
libc-bin	MEDIUM	2.36-9+deb12u13		affected	CVE-2026-0915
libc-bin	MEDIUM	2.36-9+deb12u13		fix_deferred	CVE-2026-4046
libc-bin	MEDIUM	2.36-9+deb12u13		affected	CVE-2026-4437
libc-bin	MEDIUM	2.36-9+deb12u13		affected	CVE-2026-4438
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2010-4756
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2018-20796
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2019-1010022
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2019-1010023
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2019-1010024
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2019-1010025
libc-bin	LOW	2.36-9+deb12u13		affected	CVE-2019-9192
libc6	HIGH	2.36-9+deb12u13		affected	CVE-2026-0861
libc6	MEDIUM	2.36-9+deb12u13		affected	CVE-2025-15281
libc6	MEDIUM	2.36-9+deb12u13		affected	CVE-2026-0915
libc6	MEDIUM	2.36-9+deb12u13		fix_deferred	CVE-2026-4046
libc6	MEDIUM	2.36-9+deb12u13		affected	CVE-2026-4437
libc6	MEDIUM	2.36-9+deb12u13		affected	CVE-2026-4438
libc6	LOW	2.36-9+deb12u13		affected	CVE-2010-4756
libc6	LOW	2.36-9+deb12u13		affected	CVE-2018-20796
libc6	LOW	2.36-9+deb12u13		affected	CVE-2019-1010022
libc6	LOW	2.36-9+deb12u13		affected	CVE-2019-1010023
libc6	LOW	2.36-9+deb12u13		affected	CVE-2019-1010024
libc6	LOW	2.36-9+deb12u13		affected	CVE-2019-1010025
libc6	LOW	2.36-9+deb12u13		affected	CVE-2019-9192
libcap2	MEDIUM	1:2.66-4+deb12u2+b2		affected	CVE-2026-4878
libcurl3-gnutls	MEDIUM	7.88.1-10+deb12u14		will_not_fix	CVE-2025-10148
libcurl3-gnutls	MEDIUM	7.88.1-10+deb12u14		affected	CVE-2025-14524
libcurl3-gnutls	MEDIUM	7.88.1-10+deb12u14		affected	CVE-2025-14819
libcurl3-gnutls	MEDIUM	7.88.1-10+deb12u14		affected	CVE-2026-1965
libcurl3-gnutls	MEDIUM	7.88.1-10+deb12u14		affected	CVE-2026-3783
libcurl3-gnutls	MEDIUM	7.88.1-10+deb12u14		affected	CVE-2026-3784
libcurl3-gnutls	LOW	7.88.1-10+deb12u14		affected	CVE-2024-2379
libcurl3-gnutls	LOW	7.88.1-10+deb12u14		affected	CVE-2025-0725
libcurl3-gnutls	LOW	7.88.1-10+deb12u14		affected	CVE-2025-10966
libcurl3-gnutls	LOW	7.88.1-10+deb12u14		affected	CVE-2025-14017
libcurl3-gnutls	LOW	7.88.1-10+deb12u14		affected	CVE-2025-15079
libcurl3-gnutls	LOW	7.88.1-10+deb12u14		affected	CVE-2025-15224
libexpat1	HIGH	2.5.0-1+deb12u2		affected	CVE-2026-25210
libexpat1	MEDIUM	2.5.0-1+deb12u2		will_not_fix	CVE-2025-59375
libexpat1	MEDIUM	2.5.0-1+deb12u2		fix_deferred	CVE-2025-66382
libexpat1	MEDIUM	2.5.0-1+deb12u2		affected	CVE-2026-32776
libexpat1	MEDIUM	2.5.0-1+deb12u2		affected	CVE-2026-32777
libexpat1	MEDIUM	2.5.0-1+deb12u2		affected	CVE-2026-32778
libexpat1	LOW	2.5.0-1+deb12u2		affected	CVE-2023-52426
libexpat1	LOW	2.5.0-1+deb12u2		affected	CVE-2024-28757
libexpat1	LOW	2.5.0-1+deb12u2		affected	CVE-2026-24515
libgcc-s1	LOW	12.2.0-14+deb12u1		affected	CVE-2022-27943
libgcrypt20	LOW	1.10.1-3		affected	CVE-2018-6829
libgcrypt20	LOW	1.10.1-3		affected	CVE-2024-2236
libgnutls30	LOW	3.7.9-2+deb12u6		affected	CVE-2011-3389
libgssapi-krb5-2	LOW	1.20.1-2+deb12u4		affected	CVE-2018-5709
libgssapi-krb5-2	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26458
libgssapi-krb5-2	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26461
libk5crypto3	LOW	1.20.1-2+deb12u4		affected	CVE-2018-5709
libk5crypto3	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26458
libk5crypto3	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26461
libkrb5-3	LOW	1.20.1-2+deb12u4		affected	CVE-2018-5709
libkrb5-3	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26458
libkrb5-3	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26461
libkrb5support0	LOW	1.20.1-2+deb12u4		affected	CVE-2018-5709
libkrb5support0	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26458
libkrb5support0	LOW	1.20.1-2+deb12u4		affected	CVE-2024-26461
libldap-2.5-0	HIGH	2.5.13+dfsg-5		affected	CVE-2023-2953
libldap-2.5-0	LOW	2.5.13+dfsg-5		affected	CVE-2015-3276
libldap-2.5-0	LOW	2.5.13+dfsg-5		affected	CVE-2017-14159
libldap-2.5-0	LOW	2.5.13+dfsg-5		affected	CVE-2017-17740
libldap-2.5-0	LOW	2.5.13+dfsg-5		affected	CVE-2020-15719
libldap-2.5-0	LOW	2.5.13+dfsg-5		affected	CVE-2026-22185
liblzma5	MEDIUM	5.4.1-1		affected	CVE-2026-34743
libmount1	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
libmount1	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
libmount1	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
libmount1	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
libnghttp2-14	HIGH	1.52.0-1+deb12u2		affected	CVE-2026-27135
libpam-modules	MEDIUM	1.5.2-6+deb12u2		will_not_fix	CVE-2024-10041
libpam-modules-bin	MEDIUM	1.5.2-6+deb12u2		will_not_fix	CVE-2024-10041
libpam-runtime	MEDIUM	1.5.2-6+deb12u2		will_not_fix	CVE-2024-10041
libpam0g	MEDIUM	1.5.2-6+deb12u2		will_not_fix	CVE-2024-10041
libperl5.36	LOW	5.36.0-7+deb12u3		affected	CVE-2011-4116
libperl5.36	LOW	5.36.0-7+deb12u3		affected	CVE-2023-31486
libsmartcols1	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
libsmartcols1	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
libsmartcols1	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
libsmartcols1	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
libssl3	LOW	3.0.19-1~deb12u2		affected	CVE-2025-27587
libstdc++6	LOW	12.2.0-14+deb12u1		affected	CVE-2022-27943
libsystemd0	HIGH	252.39-1~deb12u1		affected	CVE-2026-29111
libsystemd0	MEDIUM	252.39-1~deb12u1		affected	CVE-2026-40225
libsystemd0	MEDIUM	252.39-1~deb12u1		affected	CVE-2026-40226
libsystemd0	MEDIUM	252.39-1~deb12u1		affected	CVE-2026-4105
libsystemd0	LOW	252.39-1~deb12u1		affected	CVE-2013-4392
libsystemd0	LOW	252.39-1~deb12u1		affected	CVE-2023-31437
libsystemd0	LOW	252.39-1~deb12u1		affected	CVE-2023-31438
libsystemd0	LOW	252.39-1~deb12u1		affected	CVE-2023-31439
libsystemd0	LOW	252.39-1~deb12u1		affected	CVE-2026-40228
libtasn1-6	MEDIUM	4.19.0-2+deb12u1		affected	CVE-2025-13151
libtinfo6	HIGH	6.4-4		affected	CVE-2025-69720
libtinfo6	MEDIUM	6.4-4		affected	CVE-2023-50495
libtinfo6	LOW	6.4-4		affected	CVE-2025-6141
libudev1	HIGH	252.39-1~deb12u1		affected	CVE-2026-29111
libudev1	MEDIUM	252.39-1~deb12u1		affected	CVE-2026-40225
libudev1	MEDIUM	252.39-1~deb12u1		affected	CVE-2026-40226
libudev1	MEDIUM	252.39-1~deb12u1		affected	CVE-2026-4105
libudev1	LOW	252.39-1~deb12u1		affected	CVE-2013-4392
libudev1	LOW	252.39-1~deb12u1		affected	CVE-2023-31437
libudev1	LOW	252.39-1~deb12u1		affected	CVE-2023-31438
libudev1	LOW	252.39-1~deb12u1		affected	CVE-2023-31439
libudev1	LOW	252.39-1~deb12u1		affected	CVE-2026-40228
libuuid1	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
libuuid1	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
libuuid1	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
libuuid1	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
login	LOW	1:4.13+dfsg1-1+deb12u2		affected	CVE-2007-5686
login	LOW	1:4.13+dfsg1-1+deb12u2		affected	CVE-2024-56433
login	LOW	1:4.13+dfsg1-1+deb12u2		affected	TEMP-0628843-DBAD28
mount	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
mount	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
mount	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
mount	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
ncurses-base	HIGH	6.4-4		affected	CVE-2025-69720
ncurses-base	MEDIUM	6.4-4		affected	CVE-2023-50495
ncurses-base	LOW	6.4-4		affected	CVE-2025-6141
ncurses-bin	HIGH	6.4-4		affected	CVE-2025-69720
ncurses-bin	MEDIUM	6.4-4		affected	CVE-2023-50495
ncurses-bin	LOW	6.4-4		affected	CVE-2025-6141
openssl	LOW	3.0.19-1~deb12u2		affected	CVE-2025-27587
passwd	LOW	1:4.13+dfsg1-1+deb12u2		affected	CVE-2007-5686
passwd	LOW	1:4.13+dfsg1-1+deb12u2		affected	CVE-2024-56433
passwd	LOW	1:4.13+dfsg1-1+deb12u2		affected	TEMP-0628843-DBAD28
perl	LOW	5.36.0-7+deb12u3		affected	CVE-2011-4116
perl	LOW	5.36.0-7+deb12u3		affected	CVE-2023-31486
perl-base	LOW	5.36.0-7+deb12u3		affected	CVE-2011-4116
perl-base	LOW	5.36.0-7+deb12u3		affected	CVE-2023-31486
perl-modules-5.36	LOW	5.36.0-7+deb12u3		affected	CVE-2011-4116
perl-modules-5.36	LOW	5.36.0-7+deb12u3		affected	CVE-2023-31486
sysvinit-utils	LOW	3.06-4		affected	TEMP-0517018-A83CE6
tar	MEDIUM	1.34+dfsg-1.2+deb12u1		affected	CVE-2026-5704
tar	LOW	1.34+dfsg-1.2+deb12u1		affected	CVE-2005-2541
tar	LOW	1.34+dfsg-1.2+deb12u1		affected	TEMP-0290435-0B57B5
util-linux	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
util-linux	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
util-linux	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
util-linux	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
util-linux-extra	MEDIUM	2.38.1-5+deb12u3		affected	CVE-2026-27456
util-linux-extra	LOW	2.38.1-5+deb12u3		affected	CVE-2022-0563
util-linux-extra	LOW	2.38.1-5+deb12u3		affected	CVE-2025-14104
util-linux-extra	LOW	2.38.1-5+deb12u3		will_not_fix	CVE-2026-3184
zlib1g	MEDIUM	1:1.2.13.dfsg-1		affected	CVE-2026-27171

This issue list updates about vulnerabilites that are detected by [trivy.woodpecker](https://code.thinkaboutit.tech/pandora/trivy.woodpecker) plugin. ## Summary | Severity | Count | | -------- | ----- | | CRITICAL | 0 | | HIGH | 11 | | MEDIUM | 51 | | LOW | 116 | | UNKNOWN | 1 | ## Detected packages and vulnerabilites <details><summary>Packages</summary> **Node.js**: | Name | Version | | ---- | ------- | | 1to2 | 1.0.0 | | @arcanis/slice-ansi | 1.1.1 | | @aws-crypto/crc32 | 5.2.0 | | @aws-crypto/crc32c | 5.2.0 | | @aws-crypto/sha1-browser | 5.2.0 | | @aws-crypto/sha256-browser | 5.2.0 | | @aws-crypto/sha256-js | 5.2.0 | | @aws-crypto/supports-web-crypto | 5.2.0 | | @aws-crypto/util | 5.2.0 | | @aws-sdk/client-codecommit | 3.1021.0 | | @aws-sdk/client-cognito-identity | 3.1021.0 | | @aws-sdk/client-ec2 | 3.1021.0 | | @aws-sdk/client-ecr | 3.1021.0 | | @aws-sdk/client-eks | 3.1021.0 | | @aws-sdk/client-rds | 3.1021.0 | | @aws-sdk/client-s3 | 3.1021.0 | | @aws-sdk/core | 3.974.1 | | @aws-sdk/crc64-nvme | 3.972.7 | | @aws-sdk/credential-provider-cognito-identity | 3.972.24 | | @aws-sdk/credential-provider-env | 3.972.27 | | @aws-sdk/credential-provider-http | 3.972.29 | | @aws-sdk/credential-provider-ini | 3.972.31 | | @aws-sdk/credential-provider-login | 3.972.31 | | @aws-sdk/credential-provider-node | 3.972.32 | | @aws-sdk/credential-provider-process | 3.972.27 | | @aws-sdk/credential-provider-sso | 3.972.31 | | @aws-sdk/credential-provider-web-identity | 3.972.31 | | @aws-sdk/credential-providers | 3.1021.0 | | @aws-sdk/middleware-bucket-endpoint | 3.972.10 | | @aws-sdk/middleware-expect-continue | 3.972.10 | | @aws-sdk/middleware-flexible-checksums | 3.974.9 | | @aws-sdk/middleware-host-header | 3.972.10 | | @aws-sdk/middleware-location-constraint | 3.972.10 | | @aws-sdk/middleware-logger | 3.972.10 | | @aws-sdk/middleware-recursion-detection | 3.972.11 | | @aws-sdk/middleware-sdk-ec2 | 3.972.20 | | @aws-sdk/middleware-sdk-rds | 3.972.20 | | @aws-sdk/middleware-sdk-s3 | 3.972.30 | | @aws-sdk/middleware-ssec | 3.972.10 | | @aws-sdk/middleware-user-agent | 3.972.31 | | @aws-sdk/nested-clients | 3.996.21 | | @aws-sdk/region-config-resolver | 3.972.12 | | @aws-sdk/signature-v4-multi-region | 3.996.18 | | @aws-sdk/token-providers | 3.1032.0 | | @aws-sdk/types | 3.973.8 | | @aws-sdk/util-arn-parser | 3.972.3 | | @aws-sdk/util-endpoints | 3.996.7 | | @aws-sdk/util-format-url | 3.972.10 | | @aws-sdk/util-locate-window | 3.965.5 | | @aws-sdk/util-user-agent-browser | 3.972.10 | | @aws-sdk/util-user-agent-node | 3.973.17 | | @aws-sdk/xml-builder | 3.972.18 | | @aws/lambda-invoke-store | 0.2.4 | | @babel/code-frame | 7.29.0 | | @babel/helper-validator-identifier | 7.28.5 | | @babel/runtime-corejs3 | 7.29.2 | | @baszalmstra/rattler | 0.2.1 | | @breejs/later | 4.2.0 | | @cdktf/hcl2json | 0.21.0 | | @gar/promise-retry | 1.0.3 | | @gar/promise-retry | 1.0.3 | | @gwhitney/detect-indent | 7.0.1 | | @isaacs/fs-minipass | 4.0.1 | | @isaacs/fs-minipass | 4.0.1 | | @isaacs/string-locale-compare | 1.1.0 | | @keyv/serialize | 1.1.1 | | @kwsites/file-exists | 1.1.1 | | @kwsites/promise-deferred | 1.1.1 | | @nodelib/fs.scandir | 2.1.5 | | @nodelib/fs.stat | 2.0.5 | | @nodelib/fs.walk | 1.2.8 | | @npmcli/agent | 4.0.0 | | @npmcli/agent | 4.0.0 | | @npmcli/arborist | 9.4.2 | | @npmcli/config | 10.8.1 | | @npmcli/fs | 5.0.0 | | @npmcli/fs | 5.0.0 | | @npmcli/git | 7.0.2 | | @npmcli/installed-package-contents | 4.0.0 | | @npmcli/map-workspaces | 5.0.3 | | @npmcli/metavuln-calculator | 9.0.3 | | @npmcli/name-from-folder | 4.0.0 | | @npmcli/node-gyp | 5.0.0 | | @npmcli/package-json | 7.0.5 | | @npmcli/promise-spawn | 9.0.1 | | @npmcli/query | 5.0.0 | | @npmcli/redact | 4.0.0 | | @npmcli/redact | 4.0.0 | | @npmcli/run-script | 10.0.4 | | @one-ini/wasm | 0.2.1 | | @opentelemetry/api | 1.9.1 | | @opentelemetry/api-logs | 0.214.0 | | @opentelemetry/context-async-hooks | 2.6.1 | | @opentelemetry/core | 2.6.1 | | @opentelemetry/exporter-trace-otlp-http | 0.214.0 | | @opentelemetry/instrumentation | 0.214.0 | | @opentelemetry/instrumentation-bunyan | 0.59.0 | | @opentelemetry/instrumentation-http | 0.214.0 | | @opentelemetry/instrumentation-redis | 0.62.0 | | @opentelemetry/otlp-exporter-base | 0.214.0 | | @opentelemetry/otlp-transformer | 0.214.0 | | @opentelemetry/redis-common | 0.38.3 | | @opentelemetry/resource-detector-aws | 2.14.0 | | @opentelemetry/resource-detector-azure | 0.22.0 | | @opentelemetry/resource-detector-gcp | 0.49.0 | | @opentelemetry/resource-detector-github | 0.32.0 | | @opentelemetry/resources | 2.6.1 | | @opentelemetry/sdk-logs | 0.214.0 | | @opentelemetry/sdk-metrics | 2.6.1 | | @opentelemetry/sdk-trace-base | 2.6.1 | | @opentelemetry/sdk-trace-node | 2.6.1 | | @opentelemetry/semantic-conventions | 1.40.0 | | @pnpm/catalogs.protocol-parser | 1001.0.0 | | @pnpm/catalogs.resolver | 1000.0.5 | | @pnpm/catalogs.types | 1000.0.0 | | @pnpm/constants | 1001.3.1 | | @pnpm/constants | 6.1.0 | | @pnpm/error | 1000.1.0 | | @pnpm/error | 4.0.0 | | @pnpm/graceful-fs | 2.0.0 | | @pnpm/parse-overrides | 1001.0.4 | | @pnpm/parse-wanted-dependency | 1001.0.0 | | @pnpm/read-project-manifest | 4.1.1 | | @pnpm/text.comments-parser | 1.0.0 | | @pnpm/types | 8.9.0 | | @pnpm/util.lex-comparator | 1.0.0 | | @pnpm/write-project-manifest | 4.1.1 | | @protobufjs/aspromise | 1.1.2 | | @protobufjs/base64 | 1.1.2 | | @protobufjs/codegen | 2.0.4 | | @protobufjs/eventemitter | 1.1.0 | | @protobufjs/fetch | 1.1.0 | | @protobufjs/float | 1.0.2 | | @protobufjs/inquire | 1.1.0 | | @protobufjs/path | 1.1.2 | | @protobufjs/pool | 1.1.0 | | @protobufjs/utf8 | 1.1.0 | | @qnighy/marshal | 0.1.3 | | @redis/client | 5.11.0 | | @redis/client | 5.11.0 | | @renovatebot/detect-tools | 3.0.0 | | @renovatebot/good-enough-parser | 2.0.0 | | @renovatebot/osv-offline | 2.5.0 | | @renovatebot/osv-offline-db | 2.5.0 | | @renovatebot/pep440 | 4.2.2 | | @renovatebot/pgp | 1.3.6 | | @renovatebot/ruby-semver | 4.1.2 | | @sec-ant/readable-stream | 0.4.1 | | @sigstore/bundle | 4.0.0 | | @sigstore/core | 3.2.0 | | @sigstore/protobuf-specs | 0.5.0 | | @sigstore/sign | 4.1.1 | | @sigstore/tuf | 4.0.2 | | @sigstore/verify | 3.1.0 | | @simple-git/args-pathspec | 1.0.3 | | @simple-git/argv-parser | 1.1.1 | | @sindresorhus/is | 4.6.0 | | @sindresorhus/is | 7.2.0 | | @smithy/chunked-blob-reader | 5.2.2 | | @smithy/chunked-blob-reader-native | 4.2.3 | | @smithy/config-resolver | 4.4.16 | | @smithy/core | 3.23.15 | | @smithy/credential-provider-imds | 4.2.14 | | @smithy/eventstream-codec | 4.2.14 | | @smithy/eventstream-serde-browser | 4.2.14 | | @smithy/eventstream-serde-config-resolver | 4.3.14 | | @smithy/eventstream-serde-node | 4.2.14 | | @smithy/eventstream-serde-universal | 4.2.14 | | @smithy/fetch-http-handler | 5.3.17 | | @smithy/hash-blob-browser | 4.2.15 | | @smithy/hash-node | 4.2.14 | | @smithy/hash-stream-node | 4.2.14 | | @smithy/invalid-dependency | 4.2.14 | | @smithy/is-array-buffer | 2.2.0 | | @smithy/is-array-buffer | 2.2.0 | | @smithy/is-array-buffer | 2.2.0 | | @smithy/is-array-buffer | 4.2.2 | | @smithy/md5-js | 4.2.14 | | @smithy/middleware-content-length | 4.2.14 | | @smithy/middleware-endpoint | 4.4.30 | | @smithy/middleware-retry | 4.5.3 | | @smithy/middleware-serde | 4.2.18 | | @smithy/middleware-stack | 4.2.14 | | @smithy/node-config-provider | 4.3.14 | | @smithy/node-http-handler | 4.5.3 | | @smithy/property-provider | 4.2.14 | | @smithy/protocol-http | 5.3.14 | | @smithy/querystring-builder | 4.2.14 | | @smithy/querystring-parser | 4.2.14 | | @smithy/service-error-classification | 4.2.14 | | @smithy/shared-ini-file-loader | 4.4.9 | | @smithy/signature-v4 | 5.3.14 | | @smithy/smithy-client | 4.12.11 | | @smithy/types | 4.14.1 | | @smithy/url-parser | 4.2.14 | | @smithy/util-base64 | 4.3.2 | | @smithy/util-body-length-browser | 4.2.2 | | @smithy/util-body-length-node | 4.2.3 | | @smithy/util-buffer-from | 2.2.0 | | @smithy/util-buffer-from | 2.2.0 | | @smithy/util-buffer-from | 2.2.0 | | @smithy/util-buffer-from | 4.2.2 | | @smithy/util-config-provider | 4.2.2 | | @smithy/util-defaults-mode-browser | 4.3.47 | | @smithy/util-defaults-mode-node | 4.2.52 | | @smithy/util-endpoints | 3.4.1 | | @smithy/util-hex-encoding | 4.2.2 | | @smithy/util-middleware | 4.2.14 | | @smithy/util-retry | 4.3.2 | | @smithy/util-stream | 4.5.23 | | @smithy/util-uri-escape | 4.2.2 | | @smithy/util-utf8 | 2.3.0 | | @smithy/util-utf8 | 2.3.0 | | @smithy/util-utf8 | 2.3.0 | | @smithy/util-utf8 | 4.2.2 | | @smithy/util-waiter | 4.2.16 | | @smithy/uuid | 1.1.2 | | @szmarczak/http-timer | 4.0.6 | | @thi.ng/api | 7.2.0 | | @thi.ng/arrays | 1.0.3 | | @thi.ng/checks | 2.9.11 | | @thi.ng/compare | 1.3.34 | | @thi.ng/equiv | 1.0.45 | | @thi.ng/errors | 1.3.4 | | @thi.ng/hex | 1.0.4 | | @thi.ng/random | 2.4.8 | | @thi.ng/zipper | 1.0.3 | | @tufjs/canonical-json | 2.0.0 | | @tufjs/models | 4.1.0 | | @types/bunyan | 1.8.11 | | @types/cacheable-request | 6.0.3 | | @types/debug | 4.1.13 | | @types/emscripten | 1.41.5 | | @types/http-cache-semantics | 4.2.0 | | @types/keyv | 3.1.4 | | @types/mdast | 4.0.4 | | @types/moo | 0.5.10 | | @types/ms | 2.1.0 | | @types/node | 25.6.0 | | @types/parse-path | 7.0.3 | | @types/responselike | 1.0.3 | | @types/semver | 7.7.1 | | @types/treeify | 1.0.3 | | @types/unist | 3.0.3 | | @types/yauzl | 2.10.3 | | @yarnpkg/core | 4.6.0 | | @yarnpkg/fslib | 3.1.5 | | @yarnpkg/libzip | 3.2.2 | | @yarnpkg/parsers | 3.0.3 | | @yarnpkg/shell | 4.1.3 | | abbrev | 4.0.0 | | abbrev | 4.0.0 | | acorn | 8.16.0 | | acorn-import-attributes | 1.9.5 | | adm-zip | 0.5.17 | | ae-cvss-calculator | 1.0.12 | | agent-base | 7.1.4 | | agent-base | 7.1.4 | | agentkeepalive | 4.6.0 | | ansi-regex | 5.0.1 | | ansi-styles | 4.3.0 | | aproba | 2.1.0 | | archy | 1.0.0 | | argparse | 1.0.10 | | argparse | 2.0.1 | | argparse | 2.0.1 | | argparse | 2.0.1 | | async-mutex | 0.5.0 | | aws4 | 1.13.2 | | azure-devops-node-api | 15.1.2 | | backslash | 0.2.2 | | bail | 2.0.2 | | balanced-match | 1.0.2 | | balanced-match | 4.0.4 | | balanced-match | 4.0.4 | | base64-js | 1.5.1 | | beep-boop | 1.2.3 | | better-sqlite3 | 12.8.0 | | bignumber.js | 9.3.1 | | bin-links | 6.0.0 | | binary-extensions | 3.1.0 | | bindings | 1.5.0 | | bl | 4.1.0 | | boolbase | 1.0.0 | | boolean | 3.2.0 | | bowser | 2.14.1 | | brace-expansion | 1.1.14 | | brace-expansion | 5.0.4 | | brace-expansion | 5.0.5 | | braces | 3.0.3 | | buffer | 5.7.1 | | buffer-crc32 | 0.2.13 | | buffer-equal-constant-time | 1.0.1 | | buffer-from | 1.1.2 | | builtins | 5.1.0 | | bunyan | 1.8.15 | | byte-counter | 0.1.0 | | cacache | 20.0.4 | | cacache | 20.0.4 | | cacheable-lookup | 5.0.4 | | cacheable-lookup | 7.0.0 | | cacheable-request | 13.0.18 | | cacheable-request | 7.0.4 | | call-bind-apply-helpers | 1.0.2 | | call-bound | 1.0.4 | | camelcase | 5.3.1 | | ccount | 2.0.1 | | chalk | 4.1.2 | | chalk | 5.6.2 | | changelog-filename-regex | 2.0.1 | | character-entities | 2.0.2 | | chownr | 1.1.4 | | chownr | 3.0.0 | | chownr | 3.0.0 | | ci-info | 4.4.0 | | ci-info | 4.4.0 | | cidr-regex | 5.0.3 | | cjs-module-lexer | 2.2.0 | | clean-git-ref | 2.0.1 | | clipanion | 4.0.0-rc.4 | | clone-response | 1.0.3 | | cluster-key-slot | 1.1.2 | | cmd-shim | 8.0.0 | | color-convert | 2.0.1 | | color-name | 1.1.4 | | commander | 14.0.3 | | common-ancestor-path | 2.0.0 | | concat-map | 0.0.1 | | core-js-pure | 3.49.0 | | corepack | 0.34.6 | | croner | 10.0.1 | | cronstrue | 3.14.0 | | cross-spawn | 7.0.6 | | css-select | 5.2.2 | | css-what | 6.2.2 | | cssesc | 3.0.0 | | data-uri-to-buffer | 4.0.1 | | debug | 4.4.3 | | debug | 4.4.3 | | decode-named-character-reference | 1.3.0 | | decompress-response | 10.0.0 | | decompress-response | 6.0.0 | | decompress-response | 6.0.0 | | deep-extend | 0.6.0 | | deepmerge | 4.3.1 | | defer-to-connect | 2.0.1 | | define-data-property | 1.1.4 | | define-properties | 1.2.1 | | dequal | 2.0.3 | | des.js | 1.1.0 | | detect-indent | 7.0.2 | | detect-libc | 2.1.2 | | detect-node | 2.1.0 | | devlop | 1.1.0 | | diff | 5.2.2 | | diff | 8.0.3 | | diff | 8.0.4 | | dom-serializer | 2.0.0 | | domelementtype | 2.3.0 | | domhandler | 5.0.3 | | domutils | 3.2.2 | | dotenv | 16.6.1 | | dtrace-provider | 0.8.8 | | dunder-proto | 1.0.1 | | ecdsa-sig-formatter | 1.0.11 | | editorconfig | 3.0.2 | | email-addresses | 5.0.0 | | emoji-regex | 10.6.0 | | emojibase | 17.0.0 | | emojibase-regex | 17.0.0 | | end-of-stream | 1.4.5 | | entities | 4.5.0 | | env-paths | 2.2.1 | | env-paths | 2.2.1 | | error-ex | 1.3.4 | | es-define-property | 1.0.1 | | es-errors | 1.3.0 | | es-object-atoms | 1.1.1 | | es-toolkit | 1.45.1 | | es6-error | 4.1.1 | | escape-string-regexp | 4.0.0 | | escape-string-regexp | 5.0.0 | | eslint-visitor-keys | 3.4.3 | | eslint-visitor-keys | 5.0.1 | | esprima | 4.0.1 | | eventemitter3 | 5.0.4 | | execa | 8.0.1 | | expand-template | 2.0.3 | | exponential-backoff | 3.1.3 | | exponential-backoff | 3.1.3 | | extend | 3.0.2 | | extract-zip | 2.0.1 | | fast-deep-equal | 3.1.3 | | fast-glob | 3.3.3 | | fast-xml-builder | 1.1.5 | | fast-xml-parser | 5.5.8 | | fastest-levenshtein | 1.0.16 | | fastq | 1.20.1 | | fd-slicer | 1.1.0 | | fdir | 6.5.0 | | fdir | 6.5.0 | | fetch-blob | 3.2.0 | | file-uri-to-path | 1.0.0 | | fill-range | 7.1.1 | | find-packages | 10.0.4 | | find-up | 8.0.0 | | form-data-encoder | 4.1.0 | | formdata-polyfill | 4.0.10 | | forwarded-parse | 2.1.2 | | fs-constants | 1.0.0 | | fs-extra | 11.3.0 | | fs-extra | 11.3.4 | | fs-minipass | 3.0.3 | | fs-minipass | 3.0.3 | | function-bind | 1.1.2 | | gaxios | 7.1.4 | | gcp-metadata | 8.1.2 | | get-intrinsic | 1.3.0 | | get-proto | 1.0.1 | | get-stream | 5.2.0 | | get-stream | 5.2.0 | | get-stream | 8.0.1 | | get-stream | 9.0.1 | | git-up | 8.1.1 | | git-url-parse | 16.1.0 | | github-from-package | 0.0.0 | | github-url-from-git | 1.5.0 | | glob | 13.0.6 | | glob | 13.0.6 | | glob | 6.0.4 | | glob-parent | 5.1.2 | | global-agent | 3.0.0 | | globalthis | 1.0.4 | | google-auth-library | 10.6.2 | | google-logging-utils | 1.1.3 | | gopd | 1.2.0 | | got | 11.8.6 | | got | 14.6.6 | | graceful-fs | 4.2.11 | | graceful-fs | 4.2.11 | | graph-data-structure | 4.5.0 | | grapheme-splitter | 1.0.4 | | handlebars | 4.7.9 | | has-flag | 4.0.0 | | has-property-descriptors | 1.0.2 | | has-symbols | 1.1.0 | | hasown | 2.0.2 | | he | 1.2.0 | | hosted-git-info | 9.0.2 | | hpagent | 1.2.0 | | http-cache-semantics | 4.2.0 | | http-cache-semantics | 4.2.0 | | http-proxy-agent | 7.0.2 | | http-proxy-agent | 7.0.2 | | http2-wrapper | 1.0.3 | | http2-wrapper | 2.2.1 | | https-proxy-agent | 7.0.6 | | https-proxy-agent | 7.0.6 | | human-signals | 5.0.0 | | humanize-ms | 1.2.1 | | iconv-lite | 0.7.2 | | iconv-lite | 0.7.2 | | ieee754 | 1.2.1 | | ignore | 7.0.5 | | ignore-walk | 8.0.0 | | import-in-the-middle | 3.0.1 | | imurmurhash | 0.1.4 | | inflight | 1.0.6 | | inherits | 2.0.4 | | ini | 1.3.8 | | ini | 6.0.0 | | ini | 6.0.0 | | init-package-json | 8.2.5 | | install-artifact-from-github | 1.4.0 | | ip-address | 10.1.0 | | ip-address | 10.1.0 | | is-arrayish | 0.2.1 | | is-cidr | 6.0.3 | | is-extglob | 2.1.1 | | is-glob | 4.0.3 | | is-number | 7.0.0 | | is-plain-obj | 2.1.0 | | is-plain-obj | 4.1.0 | | is-ssh | 1.4.1 | | is-stream | 3.0.0 | | is-stream | 4.0.1 | | is-typedarray | 1.0.0 | | is-windows | 1.0.2 | | isexe | 2.0.0 | | isexe | 4.0.0 | | isexe | 4.0.0 | | js-md4 | 0.3.2 | | js-tokens | 4.0.0 | | js-yaml | 3.14.2 | | js-yaml | 4.1.1 | | js-yaml | 4.1.1 | | json-bigint | 1.0.0 | | json-buffer | 3.0.1 | | json-dup-key-validator | 1.0.3 | | json-parse-even-better-errors | 2.3.1 | | json-parse-even-better-errors | 5.0.0 | | json-stringify-nice | 1.1.4 | | json-stringify-pretty-compact | 4.0.0 | | json-stringify-safe | 5.0.1 | | json5 | 2.2.3 | | jsonata | 2.1.0 | | jsonc-morph | 0.3.3 | | jsonc-weaver | 0.2.4 | | jsonfile | 6.2.0 | | jsonparse | 1.3.1 | | just-diff | 6.0.2 | | just-diff-apply | 5.5.0 | | jwa | 2.0.1 | | jws | 4.0.1 | | keyv | 4.5.4 | | keyv | 5.6.0 | | klona | 2.0.6 | | libnpmaccess | 10.0.3 | | libnpmdiff | 8.1.5 | | libnpmexec | 10.2.5 | | libnpmfund | 7.0.19 | | libnpmorg | 8.0.1 | | libnpmpack | 9.1.5 | | libnpmpublish | 11.1.3 | | libnpmsearch | 9.0.1 | | libnpmteam | 8.0.2 | | libnpmversion | 8.0.3 | | lines-and-columns | 1.2.4 | | linkify-it | 5.0.0 | | locate-path | 8.0.0 | | long | 5.3.2 | | longest-streak | 3.1.0 | | lowercase-keys | 2.0.0 | | lowercase-keys | 3.0.0 | | lru-cache | 11.2.7 | | lru-cache | 11.3.5 | | luxon | 3.7.2 | | make-fetch-happen | 15.0.5 | | make-fetch-happen | 15.0.5 | | markdown-it | 14.1.1 | | markdown-table | 3.0.4 | | matcher | 3.0.0 | | math-intrinsics | 1.1.0 | | mdast-util-find-and-replace | 3.0.2 | | mdast-util-from-markdown | 2.0.3 | | mdast-util-gfm | 3.1.0 | | mdast-util-gfm-autolink-literal | 2.0.1 | | mdast-util-gfm-footnote | 2.1.0 | | mdast-util-gfm-strikethrough | 2.0.0 | | mdast-util-gfm-table | 2.0.0 | | mdast-util-gfm-task-list-item | 2.0.0 | | mdast-util-phrasing | 4.1.0 | | mdast-util-to-markdown | 2.1.2 | | mdast-util-to-string | 4.0.0 | | mdurl | 2.0.0 | | merge-stream | 2.0.0 | | merge2 | 1.4.1 | | micromark | 4.0.2 | | micromark-core-commonmark | 2.0.3 | | micromark-extension-gfm | 3.0.0 | | micromark-extension-gfm-autolink-literal | 2.1.0 | | micromark-extension-gfm-footnote | 2.1.0 | | micromark-extension-gfm-strikethrough | 2.1.0 | | micromark-extension-gfm-table | 2.1.1 | | micromark-extension-gfm-tagfilter | 2.0.0 | | micromark-extension-gfm-task-list-item | 2.1.0 | | micromark-factory-destination | 2.0.1 | | micromark-factory-label | 2.0.1 | | micromark-factory-space | 2.0.1 | | micromark-factory-title | 2.0.1 | | micromark-factory-whitespace | 2.0.1 | | micromark-util-character | 2.1.1 | | micromark-util-chunked | 2.0.1 | | micromark-util-classify-character | 2.0.1 | | micromark-util-combine-extensions | 2.0.1 | | micromark-util-decode-numeric-character-reference | 2.0.2 | | micromark-util-decode-string | 2.0.1 | | micromark-util-encode | 2.0.1 | | micromark-util-html-tag-name | 2.0.1 | | micromark-util-normalize-identifier | 2.0.1 | | micromark-util-resolve-all | 2.0.1 | | micromark-util-sanitize-uri | 2.0.1 | | micromark-util-subtokenize | 2.1.0 | | micromark-util-symbol | 2.0.1 | | micromark-util-types | 2.0.2 | | micromatch | 4.0.8 | | mimic-fn | 4.0.0 | | mimic-response | 1.0.1 | | mimic-response | 3.1.0 | | mimic-response | 3.1.0 | | mimic-response | 4.0.0 | | minimalistic-assert | 1.0.1 | | minimatch | 10.2.4 | | minimatch | 10.2.5 | | minimatch | 3.1.5 | | minimist | 1.2.8 | | minipass | 3.3.6 | | minipass | 3.3.6 | | minipass | 3.3.6 | | minipass | 3.3.6 | | minipass | 7.1.3 | | minipass | 7.1.3 | | minipass-collect | 2.0.1 | | minipass-collect | 2.0.1 | | minipass-fetch | 5.0.2 | | minipass-fetch | 5.0.2 | | minipass-flush | 1.0.5 | | minipass-flush | 1.0.7 | | minipass-pipeline | 1.2.4 | | minipass-pipeline | 1.2.4 | | minipass-sized | 2.0.0 | | minipass-sized | 2.0.0 | | minizlib | 3.1.0 | | minizlib | 3.1.0 | | mkdirp | 0.5.6 | | mkdirp-classic | 0.5.3 | | module-details-from-path | 1.0.4 | | moment | 2.30.1 | | moo | 0.5.3 | | ms | 2.1.3 | | ms | 2.1.3 | | mute-stream | 3.0.0 | | mv | 2.1.1 | | nan | 2.26.2 | | napi-build-utils | 2.0.0 | | ncp | 2.0.0 | | negotiator | 1.0.0 | | negotiator | 1.0.0 | | neo-async | 2.6.2 | | neotraverse | 0.6.18 | | node-abi | 3.89.0 | | node-domexception | 1.0.0 | | node-fetch | 3.3.2 | | node-gyp | 12.2.0 | | node-gyp | 12.2.0 | | node-html-parser | 7.1.0 | | nopt | 9.0.0 | | nopt | 9.0.0 | | normalize-url | 6.1.0 | | normalize-url | 8.1.1 | | npm | 11.12.1 | | npm-audit-report | 7.0.0 | | npm-bundled | 5.0.0 | | npm-install-checks | 8.0.0 | | npm-normalize-package-bin | 5.0.0 | | npm-package-arg | 13.0.2 | | npm-packlist | 10.0.4 | | npm-pick-manifest | 11.0.3 | | npm-profile | 12.0.1 | | npm-registry-fetch | 19.1.1 | | npm-run-path | 5.3.0 | | npm-user-validate | 4.0.0 | | nth-check | 2.1.1 | | object-inspect | 1.13.4 | | object-keys | 1.1.1 | | once | 1.4.0 | | onetime | 6.0.0 | | openpgp | 6.3.0 | | p-all | 5.0.1 | | p-cancelable | 2.1.1 | | p-cancelable | 4.0.1 | | p-filter | 2.1.0 | | p-limit | 2.3.0 | | p-limit | 4.0.0 | | p-locate | 6.0.0 | | p-map | 2.1.0 | | p-map | 6.0.0 | | p-map | 7.0.4 | | p-map | 7.0.4 | | p-queue | 9.1.2 | | p-throttle | 8.1.0 | | p-timeout | 7.0.1 | | p-try | 2.2.0 | | pacote | 21.5.0 | | parse-conflict-json | 5.0.1 | | parse-json | 5.2.0 | | parse-link-header | 2.0.0 | | parse-path | 7.1.0 | | parse-url | 9.2.0 | | path-expression-matcher | 1.5.0 | | path-is-absolute | 1.0.1 | | path-key | 3.1.1 | | path-key | 4.0.0 | | path-scurry | 2.0.2 | | path-scurry | 2.0.2 | | pend | 1.2.0 | | picocolors | 1.1.1 | | picomatch | 2.3.2 | | picomatch | 4.0.3 | | picomatch | 4.0.4 | | postcss-selector-parser | 7.1.1 | | prebuild-install | 7.1.3 | | prettier | 3.8.1 | | proc-log | 6.1.0 | | proc-log | 6.1.0 | | proggy | 4.0.0 | | promise-all-reject-late | 1.0.1 | | promise-call-limit | 3.0.2 | | promzard | 3.0.1 | | protobufjs | 7.5.5 | | protobufjs | 8.0.1 | | protocols | 2.0.2 | | pump | 3.0.4 | | punycode | 2.3.1 | | punycode.js | 2.3.1 | | qrcode-terminal | 0.12.0 | | qs | 6.15.1 | | queue-microtask | 1.2.3 | | quick-lru | 5.1.1 | | rc | 1.2.8 | | re2 | 1.24.0 | | read | 5.0.1 | | read-cmd-shim | 6.0.0 | | read-yaml-file | 2.1.0 | | readable-stream | 3.6.2 | | remark | 15.0.1 | | remark-gfm | 4.0.1 | | remark-github | 12.0.0 | | remark-parse | 11.0.0 | | remark-stringify | 11.0.0 | | renovate | 43.129.0 | | require-in-the-middle | 8.0.1 | | resolve-alpn | 1.2.1 | | responselike | 2.0.1 | | responselike | 4.0.2 | | reusify | 1.1.0 | | rimraf | 2.4.5 | | roarr | 2.15.4 | | run-parallel | 1.2.0 | | safe-buffer | 5.2.1 | | safe-json-stringify | 1.2.0 | | safe-stable-stringify | 2.5.0 | | safer-buffer | 2.1.2 | | safer-buffer | 2.1.2 | | sax | 1.6.0 | | semver | 6.3.1 | | semver | 7.7.4 | | semver | 7.7.4 | | semver-compare | 1.0.0 | | semver-stable | 3.0.0 | | semver-utils | 1.1.4 | | serialize-error | 7.0.1 | | shebang-command | 2.0.0 | | shebang-regex | 3.0.0 | | shlex | 3.0.0 | | side-channel | 1.1.0 | | side-channel-list | 1.0.1 | | side-channel-map | 1.0.1 | | side-channel-weakmap | 1.0.2 | | signal-exit | 3.0.7 | | signal-exit | 4.1.0 | | signal-exit | 4.1.0 | | sigstore | 4.1.0 | | simple-concat | 1.0.1 | | simple-get | 4.0.1 | | simple-git | 3.35.2 | | slugify | 1.6.9 | | smart-buffer | 4.2.0 | | smart-buffer | 4.2.0 | | socks | 2.8.7 | | socks | 2.8.7 | | socks-proxy-agent | 8.0.5 | | socks-proxy-agent | 8.0.5 | | sort-keys | 4.2.0 | | source-map | 0.6.1 | | source-map-support | 0.5.21 | | spdx-exceptions | 2.5.0 | | spdx-expression-parse | 4.0.0 | | spdx-license-ids | 3.0.23 | | sprintf-js | 1.0.3 | | sprintf-js | 1.1.3 | | ssri | 13.0.1 | | ssri | 13.0.1 | | string_decoder | 1.3.0 | | strip-ansi | 6.0.1 | | strip-bom | 4.0.0 | | strip-comments-strings | 1.2.0 | | strip-final-newline | 3.0.0 | | strip-json-comments | 2.0.1 | | strip-json-comments | 5.0.3 | | strnum | 2.2.3 | | supports-color | 10.2.2 | | supports-color | 7.2.0 | | tar | 7.5.11 | | tar | 7.5.13 | | tar-fs | 2.1.4 | | tar-stream | 2.2.0 | | text-table | 0.2.0 | | tiny-relative-date | 2.0.2 | | tinyglobby | 0.2.15 | | tinyglobby | 0.2.16 | | tinylogic | 2.0.0 | | to-regex-range | 5.0.1 | | to-vfile | 8.0.0 | | toml-eslint-parser | 0.12.0 | | toml-eslint-parser | 1.0.3 | | treeify | 1.1.0 | | treeverse | 3.0.0 | | trough | 2.2.0 | | tslib | 2.8.1 | | tuf-js | 4.1.0 | | tunnel | 0.0.6 | | tunnel-agent | 0.6.0 | | typanion | 3.14.0 | | type-fest | 0.13.1 | | type-fest | 4.41.0 | | typed-rest-client | 2.1.0 | | typedarray-to-buffer | 3.1.5 | | uc.micro | 2.1.0 | | uglify-js | 3.19.3 | | underscore | 1.13.8 | | undici-types | 7.19.2 | | unicorn-magic | 0.3.0 | | unified | 11.0.5 | | unist-util-is | 6.0.1 | | unist-util-stringify-position | 4.0.0 | | unist-util-visit | 5.1.0 | | unist-util-visit-parents | 6.0.2 | | universalify | 2.0.1 | | upath | 2.0.1 | | url-join | 5.0.0 | | util-deprecate | 1.0.2 | | util-deprecate | 1.0.2 | | validate-npm-package-name | 5.0.0 | | validate-npm-package-name | 7.0.2 | | validate-npm-package-name | 7.0.2 | | vfile | 6.0.3 | | vfile-message | 4.0.3 | | walk-up-path | 4.0.0 | | web-streams-polyfill | 3.3.3 | | which | 2.0.2 | | which | 6.0.1 | | which | 6.0.1 | | wordwrap | 1.0.0 | | wrappy | 1.0.2 | | write-file-atomic | 3.0.3 | | write-file-atomic | 5.0.1 | | write-file-atomic | 7.0.1 | | write-yaml-file | 4.2.0 | | xmldoc | 2.0.3 | | xtend | 4.0.2 | | yallist | 4.0.0 | | yallist | 4.0.0 | | yallist | 4.0.0 | | yallist | 4.0.0 | | yallist | 5.0.0 | | yallist | 5.0.0 | | yaml | 2.8.3 | | yarn | 1.22.22 | | yauzl | 2.10.0 | | yocto-queue | 1.2.2 | | zod | 4.3.6 | | zwitch | 2.0.4 | **code.thinkaboutit.tech/pandora/renovate.woodpecker:latest (debian 12.13)**: | Name | Version | | ---- | ------- | | adduser | 3.134 | | apt | 2.6.1 | | base-files | 12.4+deb12u13 | | base-passwd | 3.6.1 | | bash | 5.2.15 | | bsdutils | 2.38.1 | | ca-certificates | 20230311+deb12u1 | | coreutils | 9.1 | | dash | 0.5.12 | | debconf | 1.5.82 | | debian-archive-keyring | 2023.3+deb12u2 | | debianutils | 5.7 | | diffutils | 3.8 | | dpkg | 1.21.22 | | e2fsprogs | 1.47.0 | | findutils | 4.9.0 | | gcc-12-base | 12.2.0 | | git | 2.39.5 | | git-man | 2.39.5 | | gpgv | 2.2.40 | | grep | 3.8 | | gzip | 1.12 | | hostname | 3.23+nmu1 | | init-system-helpers | 1.65.2+deb12u1 | | libacl1 | 2.3.1 | | libapt-pkg6.0 | 2.6.1 | | libattr1 | 2.5.1 | | libaudit-common | 3.0.9 | | libaudit1 | 3.0.9 | | libblkid1 | 2.38.1 | | libbrotli1 | 1.0.9 | | libbz2-1.0 | 1.0.8 | | libc-bin | 2.36 | | libc6 | 2.36 | | libcap-ng0 | 0.8.3 | | libcap2 | 2.66 | | libcom-err2 | 1.47.0 | | libcrypt1 | 4.4.33 | | libcurl3-gnutls | 7.88.1 | | libdb5.3 | 5.3.28+dfsg2 | | libdebconfclient0 | 0.270 | | liberror-perl | 0.17029 | | libexpat1 | 2.5.0 | | libext2fs2 | 1.47.0 | | libffi8 | 3.4.4 | | libgcc-s1 | 12.2.0 | | libgcrypt20 | 1.10.1 | | libgdbm-compat4 | 1.23 | | libgdbm6 | 1.23 | | libgmp10 | 6.2.1+dfsg1 | | libgnutls30 | 3.7.9 | | libgpg-error0 | 1.46 | | libgssapi-krb5-2 | 1.20.1 | | libhogweed6 | 3.8.1 | | libidn2-0 | 2.3.3 | | libk5crypto3 | 1.20.1 | | libkeyutils1 | 1.6.3 | | libkrb5-3 | 1.20.1 | | libkrb5support0 | 1.20.1 | | libldap-2.5-0 | 2.5.13+dfsg | | liblz4-1 | 1.9.4 | | liblzma5 | 5.4.1 | | libmd0 | 1.0.4 | | libmount1 | 2.38.1 | | libnettle8 | 3.8.1 | | libnghttp2-14 | 1.52.0 | | libp11-kit0 | 0.24.1 | | libpam-modules | 1.5.2 | | libpam-modules-bin | 1.5.2 | | libpam-runtime | 1.5.2 | | libpam0g | 1.5.2 | | libpcre2-8-0 | 10.42 | | libperl5.36 | 5.36.0 | | libpsl5 | 0.21.2 | | librtmp1 | 2.4+20151223.gitfa8646d.1 | | libsasl2-2 | 2.1.28+dfsg | | libsasl2-modules-db | 2.1.28+dfsg | | libseccomp2 | 2.5.4 | | libselinux1 | 3.4 | | libsemanage-common | 3.4 | | libsemanage2 | 3.4 | | libsepol2 | 3.4 | | libsmartcols1 | 2.38.1 | | libss2 | 1.47.0 | | libssh2-1 | 1.10.0 | | libssl3 | 3.0.19 | | libstdc++6 | 12.2.0 | | libsystemd0 | 252.39 | | libtasn1-6 | 4.19.0 | | libtinfo6 | 6.4 | | libudev1 | 252.39 | | libunistring2 | 1.0 | | libuuid1 | 2.38.1 | | libxxhash0 | 0.8.1 | | libzstd1 | 1.5.4+dfsg2 | | login | 4.13+dfsg1 | | logsave | 1.47.0 | | mawk | 1.3.4.20200120 | | mount | 2.38.1 | | ncurses-base | 6.4 | | ncurses-bin | 6.4 | | openssl | 3.0.19 | | passwd | 4.13+dfsg1 | | perl | 5.36.0 | | perl-base | 5.36.0 | | perl-modules-5.36 | 5.36.0 | | sed | 4.9 | | sysvinit-utils | 3.06 | | tar | 1.34+dfsg | | tzdata | 2025b | | usr-is-merged | 37~deb12u1 | | util-linux | 2.38.1 | | util-linux-extra | 2.38.1 | | zlib1g | 1.2.13.dfsg | </details> <details><summary>Vulnerabilities</summary> **Node.js**: | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | brace-expansion | MEDIUM | 5.0.4 | 5.0.5, 3.0.2, 2.0.3, 1.1.13 | fixed | [CVE-2026-33750](https://avd.aquasec.com/nvd/cve-2026-33750) | | picomatch | HIGH | 4.0.3 | 4.0.4, 3.0.2, 2.3.2 | fixed | [CVE-2026-33671](https://avd.aquasec.com/nvd/cve-2026-33671) | | picomatch | MEDIUM | 4.0.3 | 4.0.4, 3.0.2, 2.3.2 | fixed | [CVE-2026-33672](https://avd.aquasec.com/nvd/cve-2026-33672) | **code.thinkaboutit.tech/pandora/renovate.woodpecker:latest (debian 12.13)**: | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | apt | LOW | 2.6.1 | | affected | [CVE-2011-3374](https://avd.aquasec.com/nvd/cve-2011-3374) | | bash | LOW | 5.2.15-2+b10 | | affected | [TEMP-0841856-B18BAF](https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF) | | bsdutils | MEDIUM | 1:2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | bsdutils | LOW | 1:2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | bsdutils | LOW | 1:2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | bsdutils | LOW | 1:2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | coreutils | LOW | 9.1-1 | | will_not_fix | [CVE-2016-2781](https://avd.aquasec.com/nvd/cve-2016-2781) | | coreutils | LOW | 9.1-1 | | affected | [CVE-2017-18018](https://avd.aquasec.com/nvd/cve-2017-18018) | | coreutils | LOW | 9.1-1 | | affected | [CVE-2025-5278](https://avd.aquasec.com/nvd/cve-2025-5278) | | dpkg | LOW | 1.21.22 | | affected | [CVE-2025-6297](https://avd.aquasec.com/nvd/cve-2025-6297) | | dpkg | UNKNOWN | 1.21.22 | | affected | [CVE-2026-2219](https://avd.aquasec.com/nvd/cve-2026-2219) | | gcc-12-base | LOW | 12.2.0-14+deb12u1 | | affected | [CVE-2022-27943](https://avd.aquasec.com/nvd/cve-2022-27943) | | git | LOW | 1:2.39.5-0+deb12u3 | | affected | [CVE-2018-1000021](https://avd.aquasec.com/nvd/cve-2018-1000021) | | git | LOW | 1:2.39.5-0+deb12u3 | | affected | [CVE-2022-24975](https://avd.aquasec.com/nvd/cve-2022-24975) | | git | LOW | 1:2.39.5-0+deb12u3 | | affected | [CVE-2024-52005](https://avd.aquasec.com/nvd/cve-2024-52005) | | git-man | LOW | 1:2.39.5-0+deb12u3 | | affected | [CVE-2018-1000021](https://avd.aquasec.com/nvd/cve-2018-1000021) | | git-man | LOW | 1:2.39.5-0+deb12u3 | | affected | [CVE-2022-24975](https://avd.aquasec.com/nvd/cve-2022-24975) | | git-man | LOW | 1:2.39.5-0+deb12u3 | | affected | [CVE-2024-52005](https://avd.aquasec.com/nvd/cve-2024-52005) | | gpgv | MEDIUM | 2.2.40-1.1+deb12u2 | | affected | [CVE-2025-30258](https://avd.aquasec.com/nvd/cve-2025-30258) | | gpgv | MEDIUM | 2.2.40-1.1+deb12u2 | | affected | [CVE-2025-68972](https://avd.aquasec.com/nvd/cve-2025-68972) | | gpgv | LOW | 2.2.40-1.1+deb12u2 | | affected | [CVE-2022-3219](https://avd.aquasec.com/nvd/cve-2022-3219) | | libapt-pkg6.0 | LOW | 2.6.1 | | affected | [CVE-2011-3374](https://avd.aquasec.com/nvd/cve-2011-3374) | | libblkid1 | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | libblkid1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | libblkid1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | libblkid1 | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | libc-bin | HIGH | 2.36-9+deb12u13 | | affected | [CVE-2026-0861](https://avd.aquasec.com/nvd/cve-2026-0861) | | libc-bin | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2025-15281](https://avd.aquasec.com/nvd/cve-2025-15281) | | libc-bin | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2026-0915](https://avd.aquasec.com/nvd/cve-2026-0915) | | libc-bin | MEDIUM | 2.36-9+deb12u13 | | fix_deferred | [CVE-2026-4046](https://avd.aquasec.com/nvd/cve-2026-4046) | | libc-bin | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2026-4437](https://avd.aquasec.com/nvd/cve-2026-4437) | | libc-bin | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2026-4438](https://avd.aquasec.com/nvd/cve-2026-4438) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2010-4756](https://avd.aquasec.com/nvd/cve-2010-4756) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2018-20796](https://avd.aquasec.com/nvd/cve-2018-20796) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010022](https://avd.aquasec.com/nvd/cve-2019-1010022) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010023](https://avd.aquasec.com/nvd/cve-2019-1010023) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010024](https://avd.aquasec.com/nvd/cve-2019-1010024) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010025](https://avd.aquasec.com/nvd/cve-2019-1010025) | | libc-bin | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-9192](https://avd.aquasec.com/nvd/cve-2019-9192) | | libc6 | HIGH | 2.36-9+deb12u13 | | affected | [CVE-2026-0861](https://avd.aquasec.com/nvd/cve-2026-0861) | | libc6 | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2025-15281](https://avd.aquasec.com/nvd/cve-2025-15281) | | libc6 | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2026-0915](https://avd.aquasec.com/nvd/cve-2026-0915) | | libc6 | MEDIUM | 2.36-9+deb12u13 | | fix_deferred | [CVE-2026-4046](https://avd.aquasec.com/nvd/cve-2026-4046) | | libc6 | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2026-4437](https://avd.aquasec.com/nvd/cve-2026-4437) | | libc6 | MEDIUM | 2.36-9+deb12u13 | | affected | [CVE-2026-4438](https://avd.aquasec.com/nvd/cve-2026-4438) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2010-4756](https://avd.aquasec.com/nvd/cve-2010-4756) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2018-20796](https://avd.aquasec.com/nvd/cve-2018-20796) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010022](https://avd.aquasec.com/nvd/cve-2019-1010022) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010023](https://avd.aquasec.com/nvd/cve-2019-1010023) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010024](https://avd.aquasec.com/nvd/cve-2019-1010024) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-1010025](https://avd.aquasec.com/nvd/cve-2019-1010025) | | libc6 | LOW | 2.36-9+deb12u13 | | affected | [CVE-2019-9192](https://avd.aquasec.com/nvd/cve-2019-9192) | | libcap2 | MEDIUM | 1:2.66-4+deb12u2+b2 | | affected | [CVE-2026-4878](https://avd.aquasec.com/nvd/cve-2026-4878) | | libcurl3-gnutls | MEDIUM | 7.88.1-10+deb12u14 | | will_not_fix | [CVE-2025-10148](https://avd.aquasec.com/nvd/cve-2025-10148) | | libcurl3-gnutls | MEDIUM | 7.88.1-10+deb12u14 | | affected | [CVE-2025-14524](https://avd.aquasec.com/nvd/cve-2025-14524) | | libcurl3-gnutls | MEDIUM | 7.88.1-10+deb12u14 | | affected | [CVE-2025-14819](https://avd.aquasec.com/nvd/cve-2025-14819) | | libcurl3-gnutls | MEDIUM | 7.88.1-10+deb12u14 | | affected | [CVE-2026-1965](https://avd.aquasec.com/nvd/cve-2026-1965) | | libcurl3-gnutls | MEDIUM | 7.88.1-10+deb12u14 | | affected | [CVE-2026-3783](https://avd.aquasec.com/nvd/cve-2026-3783) | | libcurl3-gnutls | MEDIUM | 7.88.1-10+deb12u14 | | affected | [CVE-2026-3784](https://avd.aquasec.com/nvd/cve-2026-3784) | | libcurl3-gnutls | LOW | 7.88.1-10+deb12u14 | | affected | [CVE-2024-2379](https://avd.aquasec.com/nvd/cve-2024-2379) | | libcurl3-gnutls | LOW | 7.88.1-10+deb12u14 | | affected | [CVE-2025-0725](https://avd.aquasec.com/nvd/cve-2025-0725) | | libcurl3-gnutls | LOW | 7.88.1-10+deb12u14 | | affected | [CVE-2025-10966](https://avd.aquasec.com/nvd/cve-2025-10966) | | libcurl3-gnutls | LOW | 7.88.1-10+deb12u14 | | affected | [CVE-2025-14017](https://avd.aquasec.com/nvd/cve-2025-14017) | | libcurl3-gnutls | LOW | 7.88.1-10+deb12u14 | | affected | [CVE-2025-15079](https://avd.aquasec.com/nvd/cve-2025-15079) | | libcurl3-gnutls | LOW | 7.88.1-10+deb12u14 | | affected | [CVE-2025-15224](https://avd.aquasec.com/nvd/cve-2025-15224) | | libexpat1 | HIGH | 2.5.0-1+deb12u2 | | affected | [CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210) | | libexpat1 | MEDIUM | 2.5.0-1+deb12u2 | | will_not_fix | [CVE-2025-59375](https://avd.aquasec.com/nvd/cve-2025-59375) | | libexpat1 | MEDIUM | 2.5.0-1+deb12u2 | | fix_deferred | [CVE-2025-66382](https://avd.aquasec.com/nvd/cve-2025-66382) | | libexpat1 | MEDIUM | 2.5.0-1+deb12u2 | | affected | [CVE-2026-32776](https://avd.aquasec.com/nvd/cve-2026-32776) | | libexpat1 | MEDIUM | 2.5.0-1+deb12u2 | | affected | [CVE-2026-32777](https://avd.aquasec.com/nvd/cve-2026-32777) | | libexpat1 | MEDIUM | 2.5.0-1+deb12u2 | | affected | [CVE-2026-32778](https://avd.aquasec.com/nvd/cve-2026-32778) | | libexpat1 | LOW | 2.5.0-1+deb12u2 | | affected | [CVE-2023-52426](https://avd.aquasec.com/nvd/cve-2023-52426) | | libexpat1 | LOW | 2.5.0-1+deb12u2 | | affected | [CVE-2024-28757](https://avd.aquasec.com/nvd/cve-2024-28757) | | libexpat1 | LOW | 2.5.0-1+deb12u2 | | affected | [CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515) | | libgcc-s1 | LOW | 12.2.0-14+deb12u1 | | affected | [CVE-2022-27943](https://avd.aquasec.com/nvd/cve-2022-27943) | | libgcrypt20 | LOW | 1.10.1-3 | | affected | [CVE-2018-6829](https://avd.aquasec.com/nvd/cve-2018-6829) | | libgcrypt20 | LOW | 1.10.1-3 | | affected | [CVE-2024-2236](https://avd.aquasec.com/nvd/cve-2024-2236) | | libgnutls30 | LOW | 3.7.9-2+deb12u6 | | affected | [CVE-2011-3389](https://avd.aquasec.com/nvd/cve-2011-3389) | | libgssapi-krb5-2 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2018-5709](https://avd.aquasec.com/nvd/cve-2018-5709) | | libgssapi-krb5-2 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26458](https://avd.aquasec.com/nvd/cve-2024-26458) | | libgssapi-krb5-2 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26461](https://avd.aquasec.com/nvd/cve-2024-26461) | | libk5crypto3 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2018-5709](https://avd.aquasec.com/nvd/cve-2018-5709) | | libk5crypto3 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26458](https://avd.aquasec.com/nvd/cve-2024-26458) | | libk5crypto3 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26461](https://avd.aquasec.com/nvd/cve-2024-26461) | | libkrb5-3 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2018-5709](https://avd.aquasec.com/nvd/cve-2018-5709) | | libkrb5-3 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26458](https://avd.aquasec.com/nvd/cve-2024-26458) | | libkrb5-3 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26461](https://avd.aquasec.com/nvd/cve-2024-26461) | | libkrb5support0 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2018-5709](https://avd.aquasec.com/nvd/cve-2018-5709) | | libkrb5support0 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26458](https://avd.aquasec.com/nvd/cve-2024-26458) | | libkrb5support0 | LOW | 1.20.1-2+deb12u4 | | affected | [CVE-2024-26461](https://avd.aquasec.com/nvd/cve-2024-26461) | | libldap-2.5-0 | HIGH | 2.5.13+dfsg-5 | | affected | [CVE-2023-2953](https://avd.aquasec.com/nvd/cve-2023-2953) | | libldap-2.5-0 | LOW | 2.5.13+dfsg-5 | | affected | [CVE-2015-3276](https://avd.aquasec.com/nvd/cve-2015-3276) | | libldap-2.5-0 | LOW | 2.5.13+dfsg-5 | | affected | [CVE-2017-14159](https://avd.aquasec.com/nvd/cve-2017-14159) | | libldap-2.5-0 | LOW | 2.5.13+dfsg-5 | | affected | [CVE-2017-17740](https://avd.aquasec.com/nvd/cve-2017-17740) | | libldap-2.5-0 | LOW | 2.5.13+dfsg-5 | | affected | [CVE-2020-15719](https://avd.aquasec.com/nvd/cve-2020-15719) | | libldap-2.5-0 | LOW | 2.5.13+dfsg-5 | | affected | [CVE-2026-22185](https://avd.aquasec.com/nvd/cve-2026-22185) | | liblzma5 | MEDIUM | 5.4.1-1 | | affected | [CVE-2026-34743](https://avd.aquasec.com/nvd/cve-2026-34743) | | libmount1 | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | libmount1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | libmount1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | libmount1 | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | libnghttp2-14 | HIGH | 1.52.0-1+deb12u2 | | affected | [CVE-2026-27135](https://avd.aquasec.com/nvd/cve-2026-27135) | | libpam-modules | MEDIUM | 1.5.2-6+deb12u2 | | will_not_fix | [CVE-2024-10041](https://avd.aquasec.com/nvd/cve-2024-10041) | | libpam-modules-bin | MEDIUM | 1.5.2-6+deb12u2 | | will_not_fix | [CVE-2024-10041](https://avd.aquasec.com/nvd/cve-2024-10041) | | libpam-runtime | MEDIUM | 1.5.2-6+deb12u2 | | will_not_fix | [CVE-2024-10041](https://avd.aquasec.com/nvd/cve-2024-10041) | | libpam0g | MEDIUM | 1.5.2-6+deb12u2 | | will_not_fix | [CVE-2024-10041](https://avd.aquasec.com/nvd/cve-2024-10041) | | libperl5.36 | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2011-4116](https://avd.aquasec.com/nvd/cve-2011-4116) | | libperl5.36 | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2023-31486](https://avd.aquasec.com/nvd/cve-2023-31486) | | libsmartcols1 | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | libsmartcols1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | libsmartcols1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | libsmartcols1 | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | libssl3 | LOW | 3.0.19-1~deb12u2 | | affected | [CVE-2025-27587](https://avd.aquasec.com/nvd/cve-2025-27587) | | libstdc++6 | LOW | 12.2.0-14+deb12u1 | | affected | [CVE-2022-27943](https://avd.aquasec.com/nvd/cve-2022-27943) | | libsystemd0 | HIGH | 252.39-1~deb12u1 | | affected | [CVE-2026-29111](https://avd.aquasec.com/nvd/cve-2026-29111) | | libsystemd0 | MEDIUM | 252.39-1~deb12u1 | | affected | [CVE-2026-40225](https://avd.aquasec.com/nvd/cve-2026-40225) | | libsystemd0 | MEDIUM | 252.39-1~deb12u1 | | affected | [CVE-2026-40226](https://avd.aquasec.com/nvd/cve-2026-40226) | | libsystemd0 | MEDIUM | 252.39-1~deb12u1 | | affected | [CVE-2026-4105](https://avd.aquasec.com/nvd/cve-2026-4105) | | libsystemd0 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2013-4392](https://avd.aquasec.com/nvd/cve-2013-4392) | | libsystemd0 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2023-31437](https://avd.aquasec.com/nvd/cve-2023-31437) | | libsystemd0 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2023-31438](https://avd.aquasec.com/nvd/cve-2023-31438) | | libsystemd0 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2023-31439](https://avd.aquasec.com/nvd/cve-2023-31439) | | libsystemd0 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2026-40228](https://avd.aquasec.com/nvd/cve-2026-40228) | | libtasn1-6 | MEDIUM | 4.19.0-2+deb12u1 | | affected | [CVE-2025-13151](https://avd.aquasec.com/nvd/cve-2025-13151) | | libtinfo6 | HIGH | 6.4-4 | | affected | [CVE-2025-69720](https://avd.aquasec.com/nvd/cve-2025-69720) | | libtinfo6 | MEDIUM | 6.4-4 | | affected | [CVE-2023-50495](https://avd.aquasec.com/nvd/cve-2023-50495) | | libtinfo6 | LOW | 6.4-4 | | affected | [CVE-2025-6141](https://avd.aquasec.com/nvd/cve-2025-6141) | | libudev1 | HIGH | 252.39-1~deb12u1 | | affected | [CVE-2026-29111](https://avd.aquasec.com/nvd/cve-2026-29111) | | libudev1 | MEDIUM | 252.39-1~deb12u1 | | affected | [CVE-2026-40225](https://avd.aquasec.com/nvd/cve-2026-40225) | | libudev1 | MEDIUM | 252.39-1~deb12u1 | | affected | [CVE-2026-40226](https://avd.aquasec.com/nvd/cve-2026-40226) | | libudev1 | MEDIUM | 252.39-1~deb12u1 | | affected | [CVE-2026-4105](https://avd.aquasec.com/nvd/cve-2026-4105) | | libudev1 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2013-4392](https://avd.aquasec.com/nvd/cve-2013-4392) | | libudev1 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2023-31437](https://avd.aquasec.com/nvd/cve-2023-31437) | | libudev1 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2023-31438](https://avd.aquasec.com/nvd/cve-2023-31438) | | libudev1 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2023-31439](https://avd.aquasec.com/nvd/cve-2023-31439) | | libudev1 | LOW | 252.39-1~deb12u1 | | affected | [CVE-2026-40228](https://avd.aquasec.com/nvd/cve-2026-40228) | | libuuid1 | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | libuuid1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | libuuid1 | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | libuuid1 | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | login | LOW | 1:4.13+dfsg1-1+deb12u2 | | affected | [CVE-2007-5686](https://avd.aquasec.com/nvd/cve-2007-5686) | | login | LOW | 1:4.13+dfsg1-1+deb12u2 | | affected | [CVE-2024-56433](https://avd.aquasec.com/nvd/cve-2024-56433) | | login | LOW | 1:4.13+dfsg1-1+deb12u2 | | affected | [TEMP-0628843-DBAD28](https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28) | | mount | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | mount | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | mount | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | mount | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | ncurses-base | HIGH | 6.4-4 | | affected | [CVE-2025-69720](https://avd.aquasec.com/nvd/cve-2025-69720) | | ncurses-base | MEDIUM | 6.4-4 | | affected | [CVE-2023-50495](https://avd.aquasec.com/nvd/cve-2023-50495) | | ncurses-base | LOW | 6.4-4 | | affected | [CVE-2025-6141](https://avd.aquasec.com/nvd/cve-2025-6141) | | ncurses-bin | HIGH | 6.4-4 | | affected | [CVE-2025-69720](https://avd.aquasec.com/nvd/cve-2025-69720) | | ncurses-bin | MEDIUM | 6.4-4 | | affected | [CVE-2023-50495](https://avd.aquasec.com/nvd/cve-2023-50495) | | ncurses-bin | LOW | 6.4-4 | | affected | [CVE-2025-6141](https://avd.aquasec.com/nvd/cve-2025-6141) | | openssl | LOW | 3.0.19-1~deb12u2 | | affected | [CVE-2025-27587](https://avd.aquasec.com/nvd/cve-2025-27587) | | passwd | LOW | 1:4.13+dfsg1-1+deb12u2 | | affected | [CVE-2007-5686](https://avd.aquasec.com/nvd/cve-2007-5686) | | passwd | LOW | 1:4.13+dfsg1-1+deb12u2 | | affected | [CVE-2024-56433](https://avd.aquasec.com/nvd/cve-2024-56433) | | passwd | LOW | 1:4.13+dfsg1-1+deb12u2 | | affected | [TEMP-0628843-DBAD28](https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28) | | perl | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2011-4116](https://avd.aquasec.com/nvd/cve-2011-4116) | | perl | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2023-31486](https://avd.aquasec.com/nvd/cve-2023-31486) | | perl-base | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2011-4116](https://avd.aquasec.com/nvd/cve-2011-4116) | | perl-base | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2023-31486](https://avd.aquasec.com/nvd/cve-2023-31486) | | perl-modules-5.36 | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2011-4116](https://avd.aquasec.com/nvd/cve-2011-4116) | | perl-modules-5.36 | LOW | 5.36.0-7+deb12u3 | | affected | [CVE-2023-31486](https://avd.aquasec.com/nvd/cve-2023-31486) | | sysvinit-utils | LOW | 3.06-4 | | affected | [TEMP-0517018-A83CE6](https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6) | | tar | MEDIUM | 1.34+dfsg-1.2+deb12u1 | | affected | [CVE-2026-5704](https://avd.aquasec.com/nvd/cve-2026-5704) | | tar | LOW | 1.34+dfsg-1.2+deb12u1 | | affected | [CVE-2005-2541](https://avd.aquasec.com/nvd/cve-2005-2541) | | tar | LOW | 1.34+dfsg-1.2+deb12u1 | | affected | [TEMP-0290435-0B57B5](https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5) | | util-linux | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | util-linux | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | util-linux | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | util-linux | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | util-linux-extra | MEDIUM | 2.38.1-5+deb12u3 | | affected | [CVE-2026-27456](https://avd.aquasec.com/nvd/cve-2026-27456) | | util-linux-extra | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2022-0563](https://avd.aquasec.com/nvd/cve-2022-0563) | | util-linux-extra | LOW | 2.38.1-5+deb12u3 | | affected | [CVE-2025-14104](https://avd.aquasec.com/nvd/cve-2025-14104) | | util-linux-extra | LOW | 2.38.1-5+deb12u3 | | will_not_fix | [CVE-2026-3184](https://avd.aquasec.com/nvd/cve-2026-3184) | | zlib1g | MEDIUM | 1:1.2.13.dfsg-1 | | affected | [CVE-2026-27171](https://avd.aquasec.com/nvd/cve-2026-27171) | </details>

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.0.0

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.0

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pandora/renovate.woodpecker#9

No description provided.