Skip to content

Weekly audit refresh: 27937554468#63

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
chore/weekly-audit-refresh
Open

Weekly audit refresh: 27937554468#63
github-actions[bot] wants to merge 1 commit into
mainfrom
chore/weekly-audit-refresh

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

CVE delta

Net change

Severity Added Removed Net
Critical 6 1 +5
High 118 4 +114
Medium 129 30 +99
Low 61 12 +49

Changed images: 25 of 44

Per-image detail

baserow-baserow-2.2.2

  • Added: C:0 H:11 M:13 L:6
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-12143 (HIGH) — form-data
      • CVE-2026-48526 (HIGH) — PyJWT
      • CVE-2026-48818 (HIGH) — starlette
      • CVE-2026-49853 (HIGH) — tornado
      • CVE-2026-49855 (HIGH) — tornado
      • CVE-2026-52844 (HIGH) — github.com/caddyserver/caddy/v2
      • CVE-2026-52845 (HIGH) — github.com/caddyserver/caddy/v2
      • CVE-2026-53539 (HIGH) — python-multipart
      • ...and 22 more

deluan-navidrome-0.61.2

  • Added: C:0 H:1 M:0 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-45186 (HIGH) — libexpat
      • CVE-2026-41080 (LOW) — libexpat

docker.io-caddy-2.11.3

  • Added: C:0 H:2 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-52844 (HIGH) — github.com/caddyserver/caddy/v2
      • CVE-2026-52845 (HIGH) — github.com/caddyserver/caddy/v2
      • CVE-2026-52846 (MEDIUM) — github.com/caddyserver/caddy/v2

docker.io-library-postgres-18.4-alpine3.23

  • Added: C:0 H:0 M:0 L:0
  • Removed: C:0 H:2 M:9 L:12
    • [FIXED]:
      • CVE-2026-45447 (HIGH) — libcrypto3
      • CVE-2026-6732 (HIGH) — libxml2
      • CVE-2025-14017 (MEDIUM) — libcurl
      • CVE-2026-1965 (MEDIUM) — libcurl
      • CVE-2026-34182 (MEDIUM) — libcrypto3
      • CVE-2026-34183 (MEDIUM) — libcrypto3
      • CVE-2026-3783 (MEDIUM) — libcurl
      • CVE-2026-3784 (MEDIUM) — libcurl
      • ...and 15 more

docker.io-louislam-uptime-kuma-2.3.2

  • Added: C:2 H:44 M:23 L:3
  • Removed: C:0 H:0 M:2 L:0
    • [NEW]:
      • CVE-2026-44170 (CRITICAL) — libmariadb3
      • CVE-2026-44172 (CRITICAL) — libmariadb3
      • CVE-2026-12007 (HIGH) — chromium
      • CVE-2026-12008 (HIGH) — chromium
      • CVE-2026-12009 (HIGH) — chromium
      • CVE-2026-12011 (HIGH) — chromium
      • CVE-2026-12012 (HIGH) — chromium
      • CVE-2026-12014 (HIGH) — chromium
      • ...and 64 more
    • [FIXED]:
      • CVE-2026-7936 (MEDIUM) — chromium
      • CVE-2026-8568 (MEDIUM) — chromium

docker.io-mariadb-12.2.2

  • Added: C:0 H:0 M:1 L:0
  • Removed: C:0 H:0 M:1 L:0
    • [NEW]:
      • CVE-2026-11527 (MEDIUM) — libconfig-inifiles-perl
    • [FIXED]:
      • CVE-2026-5704 (MEDIUM) — tar

docker.io-mongo-8.3.2

  • Added: C:0 H:0 M:1 L:0
  • Removed: C:0 H:0 M:1 L:0
    • [NEW]:
      • CVE-2026-53550 (MEDIUM) — js-yaml
    • [FIXED]:
      • CVE-2026-5704 (MEDIUM) — tar

docuseal-docuseal-3.0.0

  • Added: C:0 H:13 M:2 L:10
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-45186 (HIGH) — libexpat
      • CVE-2026-54297 (HIGH) — faraday
      • CVE-2026-54502 (HIGH) — oj
      • CVE-2026-54592 (HIGH) — oj
      • CVE-2026-54896 (HIGH) — oj
      • CVE-2026-54897 (HIGH) — oj
      • CVE-2026-54898 (HIGH) — oj
      • CVE-2026-54899 (HIGH) — oj
      • ...and 17 more

fnsys-dockhand-v1.0.29

  • Added: C:1 H:6 M:11 L:13
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-53488 (CRITICAL) — docker-compose
      • CVE-2026-12151 (HIGH) — undici
      • CVE-2026-45447 (HIGH) — libcrypto3
      • CVE-2026-48779 (HIGH) — ws
      • CVE-2026-6734 (HIGH) — undici
      • CVE-2026-9697 (HIGH) — undici
      • GHSA-p6gq-j5cr-w38f (HIGH) — nodemailer
      • CVE-2026-34182 (MEDIUM) — libcrypto3
      • ...and 23 more

freshrss-freshrss-1.29.1-alpine

  • Added: C:0 H:1 M:0 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-45186 (HIGH) — libexpat
      • CVE-2026-41080 (LOW) — libexpat

ghcr.io-goauthentik-server-2026.2.3

  • Added: C:0 H:5 M:12 L:5
  • Removed: C:0 H:1 M:1 L:0
    • [NEW]:
      • CVE-2025-22069 (HIGH) — linux-libc-dev
      • CVE-2026-46331 (HIGH) — linux-libc-dev
      • CVE-2026-48526 (HIGH) — PyJWT
      • GHSA-537c-gmf6-5ccf (HIGH) — cryptography
      • GHSA-6v7p-g79w-8964 (HIGH) — msgpack
      • CVE-2026-12087 (MEDIUM) — libperl5.40
      • CVE-2026-2303 (MEDIUM) — go.mongodb.org/mongo-driver
      • CVE-2026-48522 (MEDIUM) — PyJWT
      • ...and 14 more
    • [FIXED]:
      • CVE-2026-31688 (HIGH) — linux-libc-dev
      • CVE-2026-31456 (MEDIUM) — linux-libc-dev

ghcr.io-open-webui-open-webui-0.9.5

  • Added: C:2 H:17 M:28 L:10
  • Removed: C:0 H:1 M:1 L:0
    • [NEW]:
      • CVE-2026-44170 (CRITICAL) — libmariadb-dev
      • CVE-2026-44172 (CRITICAL) — libmariadb-dev
      • CVE-2026-44168 (HIGH) — libmariadb-dev
      • CVE-2026-44171 (HIGH) — libmariadb-dev
      • CVE-2026-45852 (HIGH) — linux-libc-dev
      • CVE-2026-46331 (HIGH) — linux-libc-dev
      • CVE-2026-48163 (HIGH) — libmariadb-dev
      • CVE-2026-48165 (HIGH) — libmariadb-dev
      • ...and 49 more
    • [FIXED]:
      • CVE-2026-31688 (HIGH) — linux-libc-dev
      • CVE-2024-56647 (MEDIUM) — linux-libc-dev

ghcr.io-stoatchat-for-web-0b94704

  • Added: C:0 H:0 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-53655 (MEDIUM) — tar

ghcr.io-wg-easy-wg-easy-15.3.0

  • Added: C:0 H:1 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-48779 (HIGH) — ws
      • CVE-2026-53655 (MEDIUM) — tar

ghcr.io-ylianst-meshcentral-1.1.59-mongodb

  • Added: C:0 H:2 M:2 L:2
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-12151 (HIGH) — undici
      • CVE-2026-48779 (HIGH) — ws
      • CVE-2026-53655 (MEDIUM) — tar
      • CVE-2026-9679 (MEDIUM) — undici
      • CVE-2026-11525 (LOW) — undici
      • CVE-2026-6733 (LOW) — undici

ghcr.io-zulip-zulip-server-12.0-0

  • Added: C:1 H:5 M:15 L:5
  • Removed: C:1 H:0 M:12 L:0
    • [NEW]:
      • CVE-2026-49468 (CRITICAL) — litellm
      • CVE-2026-48526 (HIGH) — PyJWT
      • CVE-2026-49853 (HIGH) — tornado
      • CVE-2026-49855 (HIGH) — tornado
      • GHSA-537c-gmf6-5ccf (HIGH) — cryptography
      • GHSA-6v7p-g79w-8964 (HIGH) — msgpack
      • CVE-2026-42246 (MEDIUM) — libruby3.2
      • CVE-2026-42257 (MEDIUM) — libruby3.2
      • ...and 18 more
    • [FIXED]:
      • CVE-2026-43125 (CRITICAL) — linux-libc-dev
      • CVE-2025-38486 (MEDIUM) — linux-libc-dev
      • CVE-2025-38669 (MEDIUM) — linux-libc-dev
      • CVE-2025-38672 (MEDIUM) — linux-libc-dev
      • CVE-2025-38673 (MEDIUM) — linux-libc-dev
      • CVE-2025-38674 (MEDIUM) — linux-libc-dev
      • CVE-2025-38689 (MEDIUM) — linux-libc-dev
      • CVE-2025-40222 (MEDIUM) — linux-libc-dev
      • ...and 5 more

lscr.io-linuxserver-jellyfin-10.11.9

  • Added: C:0 H:0 M:1 L:0
  • Removed: C:0 H:0 M:1 L:0
    • [NEW]:
      • CVE-2026-40393 (MEDIUM) — mesa-libgallium
    • [FIXED]:
      • CVE-2026-5704 (MEDIUM) — tar

mongo-8.3.2

  • Added: C:0 H:0 M:1 L:0
  • Removed: C:0 H:0 M:1 L:0
    • [NEW]:
      • CVE-2026-53550 (MEDIUM) — js-yaml
    • [FIXED]:
      • CVE-2026-5704 (MEDIUM) — tar

n8nio-runners-2.22.1

  • Added: C:0 H:2 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-12143 (HIGH) — form-data
      • CVE-2026-48779 (HIGH) — ws
      • CVE-2026-54285 (MEDIUM) — @opentelemetry/core

nextcloud-33.0.3-fpm-alpine

  • Added: C:0 H:1 M:6 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-45186 (HIGH) — libexpat
      • CVE-2026-48736 (MEDIUM) — symfony/http-foundation
      • CVE-2026-48784 (MEDIUM) — symfony/routing
      • CVE-2026-55568 (MEDIUM) — guzzlehttp/guzzle
      • CVE-2026-55766 (MEDIUM) — guzzlehttp/psr7
      • CVE-2026-55767 (MEDIUM) — guzzlehttp/guzzle
      • GHSA-m557-wrgg-6rp4 (MEDIUM) — phpseclib/phpseclib
      • CVE-2026-41080 (LOW) — libexpat

nginx-1.31.0-alpine3.23

  • Added: C:0 H:1 M:0 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-45186 (HIGH) — libexpat
      • CVE-2026-41080 (LOW) — libexpat

postgres-18.4

  • Added: C:0 H:0 M:3 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-12087 (MEDIUM) — libperl5.40
      • CVE-2026-48961 (MEDIUM) — libperl5.40
      • CVE-2026-54411 (MEDIUM) — libpam-modules

qbittorrentofficial-qbittorrent-nox-5.2.0-1

  • Added: C:0 H:1 M:0 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-45186 (HIGH) — libexpat
      • CVE-2026-41080 (LOW) — libexpat

rabbitmq-4.3.0

  • Added: C:0 H:0 M:0 L:0
  • Removed: C:0 H:0 M:1 L:0
    • [FIXED]:
      • CVE-2026-5704 (MEDIUM) — tar

towfiqi-serpbear-3.1.0

  • Added: C:0 H:5 M:6 L:2
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-12143 (HIGH) — form-data
      • CVE-2026-12151 (HIGH) — undici
      • CVE-2026-6734 (HIGH) — undici
      • CVE-2026-9697 (HIGH) — undici
      • GHSA-p6gq-j5cr-w38f (HIGH) — nodemailer
      • CVE-2026-53655 (MEDIUM) — tar
      • CVE-2026-9678 (MEDIUM) — undici
      • CVE-2026-9679 (MEDIUM) — undici
      • ...and 5 more

@github-actions github-actions Bot enabled auto-merge (squash) June 15, 2026 07:46
@github-actions github-actions Bot changed the title Weekly audit refresh: 27531642510 Weekly audit refresh: 27937554468 Jun 22, 2026
@github-actions github-actions Bot force-pushed the chore/weekly-audit-refresh branch from abd8448 to b731738 Compare June 22, 2026 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

audit automated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wnstfy