Skip to content

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)

Trivy Image Scan

  • Image: docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04)
  • Scan date: 2025-02-19

docker.io/paketobuildpacks/builder-jammy-base:latest (ubuntu 22.04) (ubuntu)

Package Vulnerability ID Severity Installed Version Fixed Version Links
binutils CVE-2017-13716 LOW 2.38-4ubuntu2.6 no fix available
binutils CVE-2019-1010204 LOW 2.38-4ubuntu2.6 no fix available
binutils CVE-2022-27943 LOW 2.38-4ubuntu2.6 no fix available
binutils CVE-2022-48064 LOW 2.38-4ubuntu2.6 no fix available
binutils-common CVE-2017-13716 LOW 2.38-4ubuntu2.6 no fix available
binutils-common CVE-2019-1010204 LOW 2.38-4ubuntu2.6 no fix available
binutils-common CVE-2022-27943 LOW 2.38-4ubuntu2.6 no fix available
binutils-common CVE-2022-48064 LOW 2.38-4ubuntu2.6 no fix available
binutils-x86-64-linux-gnu CVE-2017-13716 LOW 2.38-4ubuntu2.6 no fix available
binutils-x86-64-linux-gnu CVE-2019-1010204 LOW 2.38-4ubuntu2.6 no fix available
binutils-x86-64-linux-gnu CVE-2022-27943 LOW 2.38-4ubuntu2.6 no fix available
binutils-x86-64-linux-gnu CVE-2022-48064 LOW 2.38-4ubuntu2.6 no fix available
coreutils CVE-2016-2781 LOW 8.32-4.1ubuntu1.2 no fix available
cpp-11 CVE-2023-4039 MEDIUM 11.4.0-1ubuntu1~22.04 no fix available
cpp-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04 no fix available
cpp-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04 no fix available
cpp-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04 no fix available
curl CVE-2025-0167 LOW 7.81.0-1ubuntu1.20 no fix available
g++-11 CVE-2023-4039 MEDIUM 11.4.0-1ubuntu1~22.04 no fix available
g++-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04 no fix available
g++-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04 no fix available
g++-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-11 CVE-2023-4039 MEDIUM 11.4.0-1ubuntu1~22.04 no fix available
gcc-11 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-11 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-11 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-11-base CVE-2023-4039 MEDIUM 11.4.0-1ubuntu1~22.04 no fix available
gcc-11-base CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-11-base CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-11-base CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04 no fix available
gcc-12-base CVE-2023-4039 MEDIUM 12.3.0-1ubuntu1~22.04 no fix available
gcc-12-base CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04 no fix available
gpgv CVE-2022-3219 LOW 2.2.27-3ubuntu2.1 no fix available
libasan6 CVE-2023-4039 MEDIUM 11.4.0-1ubuntu1~22.04 no fix available
libasan6 CVE-2021-3826 LOW 11.4.0-1ubuntu1~22.04 no fix available
libasan6 CVE-2021-46195 LOW 11.4.0-1ubuntu1~22.04 no fix available
libasan6 CVE-2022-27943 LOW 11.4.0-1ubuntu1~22.04 no fix available
libatomic1 CVE-2023-4039 MEDIUM 12.3.0-1ubuntu1~22.04 no fix available
libatomic1 CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04 no fix available
libbinutils CVE-2017-13716 LOW 2.38-4ubuntu2.6 no fix available
libbinutils CVE-2019-1010204 LOW 2.38-4ubuntu2.6 no fix available
libbinutils CVE-2022-27943 LOW 2.38-4ubuntu2.6 no fix available
libbinutils CVE-2022-48064 LOW 2.38-4ubuntu2.6 no fix available
libc-bin CVE-2016-20013 LOW 2.35-0ubuntu3.9 no fix available
libc-dev-bin CVE-2016-20013 LOW 2.35-0ubuntu3.9 no fix available
libc6 CVE-2016-20013 LOW 2.35-0ubuntu3.9 no fix available
libc6-dev CVE-2016-20013 LOW 2.35-0ubuntu3.9 no fix available
libcc1-0 CVE-2023-4039 MEDIUM 12.3.0-1ubuntu1~22.04 no fix available
libcc1-0 CVE-2022-27943 LOW 12.3.0-1ubuntu1~22.04 no fix available
libctf-nobfd0 CVE-2017-13716 LOW 2.38-4ubuntu2.6 no fix available
753 other vulnerabilities found...
No Misconfigurations found

(gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/docker/docker CVE-2024-41110 CRITICAL v27.0.3+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/golang-jwt/jwt/v4 CVE-2024-51744 LOW v4.5.0 4.5.1
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM 1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM 1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM 1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.4.1/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomcat/8.4.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.11.0/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_apache-tomee/1.11.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/5.23.0/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_azure-application-insights/5.23.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.0.4/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bellsoft-liberica/11.0.4/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundle-install/0.8.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.11.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.11.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.22.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.23.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_bundler/0.8.25/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.8.5/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-34156 HIGH v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.6 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.8.5/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-34156 HIGH v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.6 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.9.0/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_ca-certificates/3.9.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_clojure-tools/2.14.3/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_conda-env-update/0.7.14/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/cloudflare/circl GHSA-9763-4f94-gfch HIGH v1.3.6 1.3.7
github.com/containerd/containerd GHSA-7ww5-4wqc-m92c MEDIUM v1.7.10 1.6.26, 1.7.11
github.com/docker/docker CVE-2024-41110 CRITICAL v24.0.7+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/docker/docker CVE-2024-24557 MEDIUM v24.0.7+incompatible 24.0.9, 25.0.2
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.11.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.11.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.16.0 0.31.0
golang.org/x/crypto CVE-2023-48795 MEDIUM v0.16.0 0.17.0
golang.org/x/net CVE-2024-45338 HIGH v0.19.0 0.33.0
golang.org/x/net CVE-2023-45288 MEDIUM v0.19.0 0.23.0
google.golang.org/protobuf CVE-2024-24786 MEDIUM v1.31.0 1.33.0
stdlib CVE-2024-34156 HIGH v1.22.4 1.22.7, 1.23.1
stdlib CVE-2024-24791 MEDIUM v1.22.4 1.21.12, 1.22.5
stdlib CVE-2024-34155 MEDIUM v1.22.4 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.4 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.13.21/bin/env (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_cpython/1.13.21/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/cloudflare/circl GHSA-9763-4f94-gfch HIGH v1.3.6 1.3.7
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.11.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.11.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.21.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.23.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/5.28.2/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_datadog/5.28.2/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dist-zip/5.9.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-aspnet-runtime/1.0.5/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
google.golang.org/grpc GHSA-xr7q-jx4m-x55m LOW v1.64.0 1.64.1
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-core-sdk/1.0.5/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.0.5/bin/port-chooser (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-execute/1.0.5/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_dotnet-publish/1.0.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.8.5/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_encrypt-at-rest/4.8.5/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.7.2/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-34156 HIGH v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.6 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_environment-variables/4.8.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_executable-jar/6.12.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_git/1.0.32/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-build/2.2.21/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/net CVE-2024-45338 HIGH v0.25.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-dist/2.6.13/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/net CVE-2024-45338 HIGH v0.25.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_go-mod-vendor/1.0.49/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/9.3.1/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_google-stackdriver/9.3.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_gradle/7.16.1/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_httpd/0.7.39/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_icu/0.7.33/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.7.2/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-34156 HIGH v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.6 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.6 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.6 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_image-labels/4.8.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_jattach/1.9.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.7.0/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_java-memory-assistant/1.7.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_leiningen/4.11.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.0.0/bin/helper (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_liberty/5.0.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_maven/6.19.2/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_miniconda/0.10.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.11.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.11.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.23.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.25.0 0.33.0
stdlib CVE-2024-34156 HIGH v1.22.5 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.22.5 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.5 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.5 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.5 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_mri/0.17.15/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_native-image/5.15.0/bin/main (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/0.17.16/bin/configure (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_nginx/0.17.16/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/4.1.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.26.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.28.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.1.3/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.1.3/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.1.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/net CVE-2024-45338 HIGH v0.28.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.1.4/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.1.4/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.1.4/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/net CVE-2024-45338 HIGH v0.28.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.2.2/bin/inspector (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.2.2/bin/optimize-memory (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.2.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
stdlib CVE-2025-22866 MEDIUM v1.23.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.2.3/bin/inspector (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.2.3/bin/optimize-memory (gobinary)

No Vulnerabilities found
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-engine/5.2.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.0.3/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-run-script/2.0.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_node-start/2.1.18/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/1.6.8/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.26.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.28.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.26.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.28.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-install/1.8.2/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
No Misconfigurations found
Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_npm-start/2.1.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
stdlib CVE-2024-45336 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.4 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.4 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_passenger/0.14.11/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.12.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.12.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.24.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.26.0 0.33.0
google.golang.org/grpc GHSA-xr7q-jx4m-x55m LOW v1.64.0 1.64.1
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.1 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip-install/0.6.6/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2023-49569 CRITICAL v5.10.1 5.11.0
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.10.1 5.13.0
github.com/go-git/go-git/v5 CVE-2023-49568 HIGH v5.10.1 5.11.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.10.1 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.23.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.25.0 0.33.0
stdlib CVE-2024-34156 HIGH v1.22.5 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.22.5 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.22.5 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.22.5 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.22.5 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.22.5 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pip/0.22.1/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/cloudflare/circl GHSA-9763-4f94-gfch HIGH v1.3.6 1.3.7
github.com/docker/docker CVE-2024-41110 CRITICAL v24.0.9+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.11.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.11.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.22.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.24.0 0.33.0
stdlib CVE-2024-34156 HIGH v1.23.0 1.22.7, 1.23.1
stdlib CVE-2024-34155 MEDIUM v1.23.0 1.22.7, 1.23.1
stdlib CVE-2024-34158 MEDIUM v1.23.0 1.22.7, 1.23.1
stdlib CVE-2024-45336 MEDIUM v1.23.0 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2024-45341 MEDIUM v1.23.0 1.22.11, 1.23.5, 1.24.0-rc.2
stdlib CVE-2025-22866 MEDIUM v1.23.0 1.22.12, 1.23.6, 1.24.0-rc.3
No Misconfigurations found

cnb/buildpacks/paketo-buildpacks_pipenv-install/0.6.24/bin/run (gobinary)

Package Vulnerability ID Severity Installed Version Fixed Version Links
github.com/anchore/stereoscope CVE-2024-24579 MEDIUM v0.0.0-20230412183729-8602f1afc574 0.0.1
github.com/cloudflare/circl GHSA-9763-4f94-gfch HIGH v1.3.6 1.3.7
github.com/docker/docker CVE-2024-41110 CRITICAL v26.1.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6
github.com/go-git/go-git/v5 CVE-2025-21613 CRITICAL v5.11.0 5.13.0
github.com/go-git/go-git/v5 CVE-2025-21614 HIGH v5.11.0 5.13.0
github.com/mholt/archiver/v3 CVE-2024-0406 MEDIUM v3.5.1 no fix available
golang.org/x/crypto CVE-2024-45337 CRITICAL v0.22.0 0.31.0
golang.org/x/net CVE-2024-45338 HIGH v0.23.0 0.33.0
stdlib CVE-2024-45336 MEDIUM v1.23.1 1.22.11, 1.23.5, 1.24.0-rc.2