Vulnerability dashboard #1

New issue

Open

opened 2026-04-10 01:26:14 +00:00 by bot-ci · 0 comments

bot-ci commented

2026-04-10 01:26:14 +00:00

Owner

This issue list updates about vulnerabilities that are detected by trivy.woodpecker plugin.

Summary

Severity	Count
CRITICAL	0
HIGH	1
MEDIUM	2
LOW	0
UNKNOWN	0

Detected packages and vulnerabilities

Packages

code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest (debian 13.5)

code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest

Name	Version
base-files	13.8+deb13u5
media-types	13.0.0
netbase	6.5
tzdata	2026b
tzdata-legacy	2026b

go.mod

https://code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp

Name	Version
code.thinkaboutit.tech/pandora/woodpecker-config-server.app
code.thinkaboutit.tech/pandora/woodpecker-utils.gopack	v1.4.0
github.com/alecthomas/kong	v1.15.0
github.com/go-git/go-git/v6	v6.0.0-alpha.4
github.com/gorilla/mux	v1.8.1
github.com/oklog/ulid/v2	v2.1.1
github.com/yaronf/httpsign	v0.5.1
go.woodpecker-ci.org/woodpecker/v3	v3.15.0
github.com/Microsoft/go-winio	v0.6.2
github.com/ProtonMail/go-crypto	v1.4.1
github.com/cloudflare/circl	v1.6.3
github.com/decred/dcrd/dcrec/secp256k1/v4	v4.4.1
github.com/drone/envsubst	v1.0.3
github.com/dunglas/httpsfv	v1.1.0
github.com/emirpasic/gods	v1.18.1
github.com/gdgvda/cron	v0.7.0
github.com/go-git/gcfg/v2	v2.0.2
github.com/go-git/go-billy/v6	v6.0.0-alpha.1
github.com/goccy/go-json	v0.10.6
github.com/kevinburke/ssh_config	v1.6.0
github.com/klauspost/cpuid/v2	v2.3.0
github.com/lestrrat-go/blackmagic	v1.0.4
github.com/lestrrat-go/dsig	v1.3.0
github.com/lestrrat-go/dsig-secp256k1	v1.0.0
github.com/lestrrat-go/httpcc	v1.0.1
github.com/lestrrat-go/httprc	v1.0.6
github.com/lestrrat-go/httprc/v3	v3.0.5
github.com/lestrrat-go/iter	v1.0.2
github.com/lestrrat-go/jwx/v2	v2.1.6
github.com/lestrrat-go/jwx/v3	v3.1.1
github.com/lestrrat-go/option	v1.0.1
github.com/lestrrat-go/option/v2	v2.0.0
github.com/mattn/go-colorable	v0.1.14
github.com/mattn/go-isatty	v0.0.22
github.com/pjbgf/sha1cd	v0.6.0
github.com/rs/zerolog	v1.35.1
github.com/segmentio/asm	v1.2.1
github.com/sergi/go-diff	v1.4.0
github.com/tink-crypto/tink-go/v2	v2.6.0
github.com/urfave/cli/v3	v3.9.0
github.com/valyala/fastjson	v1.6.10
go.uber.org/multierr	v1.11.0
golang.org/x/crypto	v0.52.0
golang.org/x/net	v0.55.0
golang.org/x/sync	v0.20.0
golang.org/x/sys	v0.45.0

usr/local/bin/woodpecker-config-server.goapp

code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest

Name	Version
code.thinkaboutit.tech/pandora/woodpecker-config-server.app	2.1.1-SNAPSHOT-a310582
stdlib	v1.26.3
code.thinkaboutit.tech/pandora/woodpecker-utils.gopack	v1.4.0
github.com/ProtonMail/go-crypto	v1.4.1
github.com/alecthomas/kong	v1.15.0
github.com/cloudflare/circl	v1.6.3
github.com/drone/envsubst	v1.0.3
github.com/dunglas/httpsfv	v1.1.0
github.com/emirpasic/gods	v1.18.1
github.com/gdgvda/cron	v0.7.0
github.com/go-git/gcfg/v2	v2.0.2
github.com/go-git/go-billy/v6	v6.0.0-alpha.1
github.com/go-git/go-git/v6	v6.0.0-alpha.4
github.com/gorilla/mux	v1.8.1
github.com/kevinburke/ssh_config	v1.6.0
github.com/klauspost/cpuid/v2	v2.3.0
github.com/lestrrat-go/blackmagic	v1.0.4
github.com/lestrrat-go/dsig	v1.3.0
github.com/lestrrat-go/httpcc	v1.0.1
github.com/lestrrat-go/httprc	v1.0.6
github.com/lestrrat-go/httprc/v3	v3.0.5
github.com/lestrrat-go/iter	v1.0.2
github.com/lestrrat-go/jwx/v2	v2.1.6
github.com/lestrrat-go/jwx/v3	v3.1.1
github.com/lestrrat-go/option	v1.0.1
github.com/lestrrat-go/option/v2	v2.0.0
github.com/mattn/go-colorable	v0.1.14
github.com/mattn/go-isatty	v0.0.22
github.com/oklog/ulid/v2	v2.1.1
github.com/pjbgf/sha1cd	v0.6.0
github.com/rs/zerolog	v1.35.1
github.com/sergi/go-diff	v1.4.0
github.com/tink-crypto/tink-go/v2	v2.6.0
github.com/urfave/cli/v3	v3.9.0
github.com/valyala/fastjson	v1.6.10
github.com/yaronf/httpsign	v0.5.1
go.uber.org/multierr	v1.11.0
go.woodpecker-ci.org/woodpecker/v3	v3.15.0
golang.org/x/crypto	v0.52.0
golang.org/x/net	v0.55.0
golang.org/x/sync	v0.20.0
golang.org/x/sys	v0.45.0

Vulnerabilities

usr/local/bin/woodpecker-config-server.goapp

code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest

Package Name	Severity	Installed version	Fixed Version	Status	Link
stdlib	HIGH	v1.26.3	1.25.11, 1.26.4	fixed	CVE-2026-42504
stdlib	MEDIUM	v1.26.3	1.25.11, 1.26.4	fixed	CVE-2026-27145
stdlib	MEDIUM	v1.26.3	1.25.11, 1.26.4	fixed	CVE-2026-42507

This issue list updates about vulnerabilities that are detected by [trivy.woodpecker](https://code.thinkaboutit.tech/pandora/trivy.woodpecker) plugin. ## Summary | Severity | Count | | -------- | ----- | | CRITICAL | 0 | | HIGH | 1 | | MEDIUM | 2 | | LOW | 0 | | UNKNOWN | 0 | ## Detected packages and vulnerabilities <details><summary>Packages</summary> ### code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest (debian 13.5) **code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest** | Name | Version | | ---- | ------- | | base-files | 13.8+deb13u5 | | media-types | 13.0.0 | | netbase | 6.5 | | tzdata | 2026b | | tzdata-legacy | 2026b | ### go.mod **https://code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp** | Name | Version | | ---- | ------- | | code.thinkaboutit.tech/pandora/woodpecker-config-server.app | | | code.thinkaboutit.tech/pandora/woodpecker-utils.gopack | v1.4.0 | | github.com/alecthomas/kong | v1.15.0 | | github.com/go-git/go-git/v6 | v6.0.0-alpha.4 | | github.com/gorilla/mux | v1.8.1 | | github.com/oklog/ulid/v2 | v2.1.1 | | github.com/yaronf/httpsign | v0.5.1 | | go.woodpecker-ci.org/woodpecker/v3 | v3.15.0 | | github.com/Microsoft/go-winio | v0.6.2 | | github.com/ProtonMail/go-crypto | v1.4.1 | | github.com/cloudflare/circl | v1.6.3 | | github.com/decred/dcrd/dcrec/secp256k1/v4 | v4.4.1 | | github.com/drone/envsubst | v1.0.3 | | github.com/dunglas/httpsfv | v1.1.0 | | github.com/emirpasic/gods | v1.18.1 | | github.com/gdgvda/cron | v0.7.0 | | github.com/go-git/gcfg/v2 | v2.0.2 | | github.com/go-git/go-billy/v6 | v6.0.0-alpha.1 | | github.com/goccy/go-json | v0.10.6 | | github.com/kevinburke/ssh_config | v1.6.0 | | github.com/klauspost/cpuid/v2 | v2.3.0 | | github.com/lestrrat-go/blackmagic | v1.0.4 | | github.com/lestrrat-go/dsig | v1.3.0 | | github.com/lestrrat-go/dsig-secp256k1 | v1.0.0 | | github.com/lestrrat-go/httpcc | v1.0.1 | | github.com/lestrrat-go/httprc | v1.0.6 | | github.com/lestrrat-go/httprc/v3 | v3.0.5 | | github.com/lestrrat-go/iter | v1.0.2 | | github.com/lestrrat-go/jwx/v2 | v2.1.6 | | github.com/lestrrat-go/jwx/v3 | v3.1.1 | | github.com/lestrrat-go/option | v1.0.1 | | github.com/lestrrat-go/option/v2 | v2.0.0 | | github.com/mattn/go-colorable | v0.1.14 | | github.com/mattn/go-isatty | v0.0.22 | | github.com/pjbgf/sha1cd | v0.6.0 | | github.com/rs/zerolog | v1.35.1 | | github.com/segmentio/asm | v1.2.1 | | github.com/sergi/go-diff | v1.4.0 | | github.com/tink-crypto/tink-go/v2 | v2.6.0 | | github.com/urfave/cli/v3 | v3.9.0 | | github.com/valyala/fastjson | v1.6.10 | | go.uber.org/multierr | v1.11.0 | | golang.org/x/crypto | v0.52.0 | | golang.org/x/net | v0.55.0 | | golang.org/x/sync | v0.20.0 | | golang.org/x/sys | v0.45.0 | ### usr/local/bin/woodpecker-config-server.goapp **code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest** | Name | Version | | ---- | ------- | | code.thinkaboutit.tech/pandora/woodpecker-config-server.app | 2.1.1-SNAPSHOT-a310582 | | stdlib | v1.26.3 | | code.thinkaboutit.tech/pandora/woodpecker-utils.gopack | v1.4.0 | | github.com/ProtonMail/go-crypto | v1.4.1 | | github.com/alecthomas/kong | v1.15.0 | | github.com/cloudflare/circl | v1.6.3 | | github.com/drone/envsubst | v1.0.3 | | github.com/dunglas/httpsfv | v1.1.0 | | github.com/emirpasic/gods | v1.18.1 | | github.com/gdgvda/cron | v0.7.0 | | github.com/go-git/gcfg/v2 | v2.0.2 | | github.com/go-git/go-billy/v6 | v6.0.0-alpha.1 | | github.com/go-git/go-git/v6 | v6.0.0-alpha.4 | | github.com/gorilla/mux | v1.8.1 | | github.com/kevinburke/ssh_config | v1.6.0 | | github.com/klauspost/cpuid/v2 | v2.3.0 | | github.com/lestrrat-go/blackmagic | v1.0.4 | | github.com/lestrrat-go/dsig | v1.3.0 | | github.com/lestrrat-go/httpcc | v1.0.1 | | github.com/lestrrat-go/httprc | v1.0.6 | | github.com/lestrrat-go/httprc/v3 | v3.0.5 | | github.com/lestrrat-go/iter | v1.0.2 | | github.com/lestrrat-go/jwx/v2 | v2.1.6 | | github.com/lestrrat-go/jwx/v3 | v3.1.1 | | github.com/lestrrat-go/option | v1.0.1 | | github.com/lestrrat-go/option/v2 | v2.0.0 | | github.com/mattn/go-colorable | v0.1.14 | | github.com/mattn/go-isatty | v0.0.22 | | github.com/oklog/ulid/v2 | v2.1.1 | | github.com/pjbgf/sha1cd | v0.6.0 | | github.com/rs/zerolog | v1.35.1 | | github.com/sergi/go-diff | v1.4.0 | | github.com/tink-crypto/tink-go/v2 | v2.6.0 | | github.com/urfave/cli/v3 | v3.9.0 | | github.com/valyala/fastjson | v1.6.10 | | github.com/yaronf/httpsign | v0.5.1 | | go.uber.org/multierr | v1.11.0 | | go.woodpecker-ci.org/woodpecker/v3 | v3.15.0 | | golang.org/x/crypto | v0.52.0 | | golang.org/x/net | v0.55.0 | | golang.org/x/sync | v0.20.0 | | golang.org/x/sys | v0.45.0 | </details> <details><summary>Vulnerabilities</summary> ### usr/local/bin/woodpecker-config-server.goapp **code.thinkaboutit.tech/pandora/woodpecker-config-server.goapp:latest** | Package Name | Severity | Installed version | Fixed Version | Status | Link | | ------------ | -------- | ----------------- | ------------- | ------ | ---- | | stdlib | HIGH | v1.26.3 | 1.25.11, 1.26.4 | fixed | [CVE-2026-42504](https://avd.aquasec.com/nvd/cve-2026-42504) | | stdlib | MEDIUM | v1.26.3 | 1.25.11, 1.26.4 | fixed | [CVE-2026-27145](https://avd.aquasec.com/nvd/cve-2026-27145) | | stdlib | MEDIUM | v1.26.3 | 1.25.11, 1.26.4 | fixed | [CVE-2026-42507](https://avd.aquasec.com/nvd/cve-2026-42507) | </details>

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pandora/woodpecker-config-server.goapp#1

No description provided.

Rows
Columns