Skip to content

Releases: PrPlanIT/PolySieve

v0.0.2

Choose a tag to compare

@SoFMeRight SoFMeRight released this 17 Jul 01:55

📦 release — v0.0.2

Release type: latest • Commit: 2943723

Security: 🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected

Image Availability

Registry Image Tags
Docker Hub docker.io/prplanit/polysieve v0.0.2 latest
cr.pcfae.com cr.pcfae.com/prplanit/polysieve v0.0.2 latest
Digest pull commands & supply chain artifacts

docker.io/prplanit/polysieve

docker pull docker.io/prplanit/polysieve@sha256:81ed9787432ea247f2f5939aa57aa1eedcd9437cfa452c8a1def90a31d30c557

cr.pcfae.com/prplanit/polysieve

docker pull cr.pcfae.com/prplanit/polysieve@sha256:81ed9787432ea247f2f5939aa57aa1eedcd9437cfa452c8a1def90a31d30c557

Downloads

Platform File Size SHA-256
linux/amd64 polysieve-0.0.2-linux-amd64.tar.gz 1.4 MB 031857e296e8…
linux/arm64 polysieve-0.0.2-linux-arm64.tar.gz 1.3 MB 3787d6453056…
Full checksums
031857e296e80973b9f2e00eb986c932bc10b3be257cb33f0f1d37a8e3f6dbf2  polysieve-0.0.2-linux-amd64.tar.gz
3787d645305602d7d9d8af174e3311e10985068441f3ff04a1431d36057b31e2  polysieve-0.0.2-linux-arm64.tar.gz

Highlights

  • helm: best-effort HelmRelease rendering for cluster-absent runs
  • cluster: best-effort live-cluster augmentation for blind backends
  • honesty-gate: never prune a port PolySieve cannot account for

Notable Changes

Features

  • helm: best-effort HelmRelease rendering for cluster-absent runs (SoFMeRight)
  • cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
  • honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)

Documentation

  • refresh generated docs and badges (stagefreight) ×3

Security

🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected

Vulnerability details (15 critical, 87 high, 102 medium, 8 low)
Severity CVE Package Installed Fixed Description
Critical CVE-2026-33186 google.golang.org/grpc v1.65.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/au...
Critical CVE-2025-68121 stdlib v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 During session resumption in crypto/tls, if the underlyin...
Critical GO-2026-4337 stdlib go1.24.6 1.24.13 During session resumption in crypto/tls, if the underlyin...
Critical CVE-2026-27143 stdlib go1.24.6 1.25.9 Arithmetic over induction variables in loops were not cor...
Critical GHSA-vgwf-h737-ff37 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto: Invoking client can cause server dea...
Critical GHSA-f5wc-c3c7-36mc golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto doesn't drop invoking agent constrain...
Critical GHSA-p77j-4mvh-x3m3 google.golang.org/grpc v1.65.0 1.79.3 gRPC-Go has an authorization bypass via missing leading s...
Critical GHSA-5cgq-3rg8-m6cv golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto vulnerable to auth bypass via unenfor...
Critical GHSA-rm3j-f69w-wqmq golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto vulnerable to infinite loop on large ...
Critical GO-2026-5020 golang.org/x/crypto v0.31.0 0.52.0 When writing data larger than 4GB in a single Write call ...
Critical GHSA-x527-x647-q7gg golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto: Invoking VerifiedPublicKeyCallback p...
Critical GHSA-89gr-r52h-f8rx golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto: FIDO/U2F security key physical prese...
Critical GO-2026-5019 golang.org/x/crypto v0.31.0 0.52.0 The Verify() method for FIDO/U2F security key types (sk-e...
Critical GHSA-jppx-rxg9-jmrx golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto doesn't enforce invoking key constraints
Critical GO-2026-5005 golang.org/x/crypto v0.31.0 0.52.0 The in-memory keyring returned by NewKeyring() silently a...
High CVE-2024-25621 github.com/containerd/containerd v1.7.23 1.7.29 github.com/containerd/containerd: containerd local privil...
High CVE-2026-53488 github.com/containerd/containerd v1.7.23 1.7.33 github.com/containerd/containerd: containerd: Host-root c...
High CVE-2025-15558 github.com/docker/cli v25.0.1+incompatible 29.2.0 docker/cli: Docker CLI for Windows: Privilege escalation ...
High CVE-2026-34040 github.com/docker/docker v25.0.6+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability
High CVE-2026-41567 github.com/docker/docker v25.0.6+incompatible docker: Moby/Docker Engine: Arbitrary Code Execution via ...
High CVE-2026-42306 github.com/docker/docker v25.0.6+incompatible Moby is an open source container framework. In Docker Eng...
High CVE-2026-35469 github.com/moby/spdystream v0.4.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis...
High CVE-2025-22869 golang.org/x/crypto v0.31.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exc...
High CVE-2025-47913 golang.org/x/crypto v0.31.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag...
High CVE-2026-39828 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unautho...
High CVE-2026-39829 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ...
High CVE-2026-39830 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ...
High CVE-2026-39831 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Securit...
High CVE-2026-39832 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag...
High CVE-2026-39835 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:...
High CVE-2026-42508 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/...
High CVE-2026-46595 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authori...
High CVE-2026-46597 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ...
High CVE-2024-45338 golang.org/x/net v0.26.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensi...
High CVE-2026-25681 golang.org/x/net v0.26.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary c...
High CVE-2026-27136 golang.org/x/net v0.26.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cro...
High CVE-2026-33814 golang.org/x/net v0.26.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39821 golang.org/x/net v0.26.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri...
High CVE-2025-22868 golang.org/x/oauth2 v0.21.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption du...
High CVE-2025-53547 helm.sh/helm/v3 v3.16.4 3.18.4, 3.17.4 helm.sh/helm/v3: Helm Chart Code Execution
High CVE-2025-61726 stdlib v1.24.6 1.24.12, 1.25.6 The net/url package does not set a limit on the number of...
High CVE-2025-61729 stdlib v1.24.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive r...
High CVE-2026-25679 stdlib v1.24.6 1.25.8, 1.26.1 url.Parse insufficiently validated the host/authority com...
High CVE-2026-27145 stdlib v1.24.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Servic...
High CVE-2026-32280 stdlib v1.24.6 1.25.9, 1.26.2 During chain building, the amount of work that is done is...
High CVE-2026-32281 stdlib v1.24.6 1.25.9, 1.26.2 Validating certificate chains which use policies is unexp...
High CVE-2026-32283 stdlib v1.24.6 1.25.9, 1.26.2 If one side of the TLS connection sends multiple key upda...
High CVE-2026-33811 stdlib v1.24.6 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very ...
High CVE-2026-33814 stdlib v1.24.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39820 stdlib v1.24.6 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressLi...
High CVE-2026-39822 stdlib v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 On Unix systems, opening a file in an os.Root improperly ...
High CVE-2026-39836 stdlib v1.24.6 1.25.10, 1.26.3 The Dial and LookupPort functions panic on Windows when p...
High CVE-2026-42499 stdlib v1.24.6 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase...
High CVE-2026-42504 stdlib v1.24.6 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing man...
High GHSA-x744-4wpc-v9h2 github.com/docker/docker v25.0.6+incompatible 29.3.1 Moby has AuthZ plugin bypass when provided oversized requ...
High GO-2026-5037 stdlib go1.24.6 1.25.11 (*x509.Certificate).VerifyHostname previously called matc...
High GHSA-hcg3-q754-cr77 golang.org/x/crypto v0.31.0 0.35.0 golang.org/x/crypto Vulnerable to Denial ...
Read more

latest-dev

latest-dev Pre-release
Pre-release

Choose a tag to compare

@SoFMeRight SoFMeRight released this 15 Jul 04:27

📦 release — v0.0.1-dev+c154158

Release type: prerelease • Commit: c154158

Security: 🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)

Image Availability

Registry Image Tags
Docker Hub docker.io/prplanit/polysieve dev-c154158 latest-dev
cr.pcfae.com cr.pcfae.com/prplanit/polysieve dev-c154158 latest-dev
Digest pull commands & supply chain artifacts

docker.io/prplanit/polysieve

docker pull docker.io/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314

cr.pcfae.com/prplanit/polysieve

docker pull cr.pcfae.com/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314

Downloads

Platform File Size SHA-256
linux/amd64 polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz 1.3 MB 1a9dac1a335c…
linux/arm64 polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz 1.2 MB 2716992f7e1c…
Full checksums
1a9dac1a335cc52bc4a401b9eab37bf851a630481010d6ae6ceca506b5f9d4f4  polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz
2716992f7e1ca4e6249d8344fdad1b081733738811c49bb70c3abe66b25dcb5c  polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz

Notable Changes

Features

  • honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)

Documentation

  • refresh generated docs and badges (stagefreight)

Security

🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)

Vulnerability details (3 medium)
Severity CVE Package Installed Fixed Description
Medium CVE-2025-60876 busybox 1.37.0-r31 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium CVE-2025-60876 busybox-binsh 1.37.0-r31 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium CVE-2025-60876 ssl_client 1.37.0-r31 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
---
Full changelog
  • [c154158] never prune a port PolySieve cannot account for (SoFMeRight)
  • [392598d] refresh generated docs and badges (stagefreight)

dev-c154158

dev-c154158 Pre-release
Pre-release

Choose a tag to compare

@SoFMeRight SoFMeRight released this 15 Jul 04:27

📦 release — v0.0.1-dev+c154158

Release type: prerelease • Commit: c154158

Security: 🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)

Image Availability

Registry Image Tags
Docker Hub docker.io/prplanit/polysieve dev-c154158 latest-dev
cr.pcfae.com cr.pcfae.com/prplanit/polysieve dev-c154158 latest-dev
Digest pull commands & supply chain artifacts

docker.io/prplanit/polysieve

docker pull docker.io/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314

cr.pcfae.com/prplanit/polysieve

docker pull cr.pcfae.com/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314

Downloads

Platform File Size SHA-256
linux/amd64 polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz 1.3 MB 1a9dac1a335c…
linux/arm64 polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz 1.2 MB 2716992f7e1c…
Full checksums
1a9dac1a335cc52bc4a401b9eab37bf851a630481010d6ae6ceca506b5f9d4f4  polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz
2716992f7e1ca4e6249d8344fdad1b081733738811c49bb70c3abe66b25dcb5c  polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz

Notable Changes

Features

  • honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)

Documentation

  • refresh generated docs and badges (stagefreight)

Security

🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)

Vulnerability details (3 medium)
Severity CVE Package Installed Fixed Description
Medium CVE-2025-60876 busybox 1.37.0-r31 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium CVE-2025-60876 busybox-binsh 1.37.0-r31 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium CVE-2025-60876 ssl_client 1.37.0-r31 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
---
Full changelog
  • [c154158] never prune a port PolySieve cannot account for (SoFMeRight)
  • [392598d] refresh generated docs and badges (stagefreight)

dev-af24b4a

dev-af24b4a Pre-release
Pre-release

Choose a tag to compare

@SoFMeRight SoFMeRight released this 15 Jul 04:36

📦 release — v0.0.1-dev+af24b4a

Release type: prerelease • Commit: af24b4a

Security: 🛡️ ❌ Critical — 3 critical and 45 high vulnerabilities detected

Image Availability

Registry Image Tags
Docker Hub docker.io/prplanit/polysieve dev-af24b4a latest-dev
cr.pcfae.com cr.pcfae.com/prplanit/polysieve dev-af24b4a latest-dev
Digest pull commands & supply chain artifacts

docker.io/prplanit/polysieve

docker pull docker.io/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583

cr.pcfae.com/prplanit/polysieve

docker pull cr.pcfae.com/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583

Downloads

Platform File Size SHA-256
linux/amd64 polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz 1.3 MB b69696c75c4d…
linux/arm64 polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz 1.2 MB 00aa992bd35c…
Full checksums
b69696c75c4dd35e05b33d58efe5dfeedfdb3dc7ffe555c3a739a36cbd9bed49  polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz
00aa992bd35c1540ce8f6cfc56c89f0810d55883d0c1447377718ae3ee74d287  polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz

Notable Changes

Features

  • cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
  • honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)

Documentation

  • refresh generated docs and badges (stagefreight) ×2

Security

🛡️ ❌ Critical — 3 critical and 45 high vulnerabilities detected

Vulnerability details (3 critical, 45 high, 59 medium, 4 low)
Severity CVE Package Installed Fixed Description
Critical CVE-2025-68121 stdlib v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 During session resumption in crypto/tls, if the underlyin...
Critical GO-2026-4337 stdlib go1.24.6 1.24.13 During session resumption in crypto/tls, if the underlyin...
Critical CVE-2026-27143 stdlib go1.24.6 1.25.9 Arithmetic over induction variables in loops were not cor...
High CVE-2026-35469 github.com/moby/spdystream v0.5.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis...
High CVE-2026-25681 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary c...
High CVE-2026-27136 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cro...
High CVE-2026-33814 golang.org/x/net v0.38.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39821 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri...
High CVE-2025-61726 stdlib v1.24.6 1.24.12, 1.25.6 The net/url package does not set a limit on the number of...
High CVE-2025-61729 stdlib v1.24.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive r...
High CVE-2026-25679 stdlib v1.24.6 1.25.8, 1.26.1 url.Parse insufficiently validated the host/authority com...
High CVE-2026-27145 stdlib v1.24.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Servic...
High CVE-2026-32280 stdlib v1.24.6 1.25.9, 1.26.2 During chain building, the amount of work that is done is...
High CVE-2026-32281 stdlib v1.24.6 1.25.9, 1.26.2 Validating certificate chains which use policies is unexp...
High CVE-2026-32283 stdlib v1.24.6 1.25.9, 1.26.2 If one side of the TLS connection sends multiple key upda...
High CVE-2026-33811 stdlib v1.24.6 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very ...
High CVE-2026-33814 stdlib v1.24.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39820 stdlib v1.24.6 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressLi...
High CVE-2026-39822 stdlib v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 On Unix systems, opening a file in an os.Root improperly ...
High CVE-2026-39836 stdlib v1.24.6 1.25.10, 1.26.3 The Dial and LookupPort functions panic on Windows when p...
High CVE-2026-42499 stdlib v1.24.6 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase...
High CVE-2026-42504 stdlib v1.24.6 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing man...
High GO-2026-4341 stdlib go1.24.6 1.24.12 The net/url package does not set a limit on the number of...
High GO-2026-5037 stdlib go1.24.6 1.25.11 (*x509.Certificate).VerifyHostname previously called matc...
High GO-2026-4981 stdlib go1.24.6 1.25.10 When using LookupCNAME with the cgo DNS resolver, a very ...
High GO-2026-4977 stdlib go1.24.6 1.25.10 Pathological inputs could cause DoS through consumePhrase...
High GO-2026-4986 stdlib go1.24.6 1.25.10 Well-crafted inputs reaching ParseAddress, ParseAddressLi...
High GO-2026-4918 golang.org/x/net v0.38.0 0.53.0 When processing HTTP/2 SETTINGS frames, transport will en...
High GO-2026-4918 stdlib go1.24.6 1.25.10 When processing HTTP/2 SETTINGS frames, transport will en...
High GO-2026-4601 stdlib go1.24.6 1.25.8 url.Parse insufficiently validated the host/authority com...
High CVE-2026-27140 stdlib go1.24.6 1.25.9 SWIG file names containing 'cgo' and well-crafted payload...
High GHSA-pc3f-x583-g7j2 github.com/moby/spdystream v0.5.0 0.5.1 SpdyStream: DOS on CRI
High GO-2025-4009 stdlib go1.24.6 1.24.8 The processing time for parsing some invalid inputs scale...
High GO-2026-4870 stdlib go1.24.6 1.25.9 If one side of the TLS connection sends multiple key upda...
High GO-2026-4947 stdlib go1.24.6 1.25.9 During chain building, the amount of work that is done is...
High GO-2025-4006 stdlib go1.24.6 1.24.8 The ParseAddress function constructs domain-literal addre...
High GO-2026-4971 stdlib go1.24.6 1.25.10 The Dial and LookupPort functions panic on Windows when p...
High GO-2026-5038 stdlib go1.24.6 1.25.11 Decoding a maliciously-crafted MIME header containing man...
High CVE-2025-61731 stdlib go1.24.6 1.24.12 Building a malicious file with cmd/go can cause can cause...
High GO-2026-5026 golang.org/x/net v0.38.0 0.55.0 The ToASCII and ToUnicode functions incorrectly accept Pu...
High CVE-2025-61732 stdlib go1.24.6 1.24.13 A discrepancy between how Go and C/C++ comments were pars...
High GO-2025-4155 stdlib go1.24.6 1.24.11 Within HostnameError.Error(), when constructing an error ...
High GO-2025-4007 stdlib go1.24.6 1.24.9 Due to the design of the name constraint checking algorit...
High GO-2025-4013 stdlib go1.24.6 1.24.8 Validating certificate chains which contain DSA public ke...
High GO-2026-4946 stdlib go1.24.6 1.25.9 Validating certificate chains which use policies is unexp...
High CVE-2026-27144 stdlib go1.24.6 1.25.9 The compiler is meant to unwrap pointers which are the op...
High CVE-2026-42501 stdlib go1.24.6 1.25.10 A malicious module proxy can exploit a flaw in the go com...
High GO-2026-4970 stdlib go1.24.6 1.25.12 On Unix systems, opening a file in an os.Root improperly ...
Medium CVE-2025-47911 golang.org/x/net v0.38.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in go...
Medium CVE-2025-58190 golang.org/x/net v0.38.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.or...
Medium CVE-2026-25680 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of S...
Medium CVE-2026-42502 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cro...
Medium CVE-2026-42506 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site ...
Medium CVE-2025-13281 k8s.io/kubernetes v1.34.0 1.32.10, 1.33.6, 1.34.2 kube-controller-manager: Portworx Half-Blind SSRF in kube...
Medium CVE-2025-47912 stdlib v1.24.6 1.24.8, 1.25.2 The Parse function permits values other than IPv6 address...
Medium CVE-2025-58183 stdlib v1.24.6 1.24.8, 1.25.2 tar.Reader does not set a maximum size on the number of s...
Medium CVE-2025-58185 stdlib v1.24.6 1.24.8, 1.25.2 Parsing a maliciously crafted DER payload could allocate ...
Medium CVE-2025-58187 stdlib v1.24.6 1.24.9, 1.25.3 Due to the design of the name constraint checking algorit...
Medium CVE-2025-58188 stdlib v1.24.6 1.24.8, 1.25.2 Validating certificate chains which contain DSA public ke...
Medium CVE-2025-58189 stdlib v1.24.6 1.24.8, 1.25.2 When Conn.Handshake fails during ALPN negotiation the err...
Medium CVE-2025-61723 stdlib v1.24.6 1.24.8, 1.25.2 The processing time for parsing some invalid inputs scale...
Medium CVE-2025-61724 stdlib v1.24.6 1.24.8, 1.25.2 The Reader.ReadResponse function constructs a response st...
Medium CVE-2025-61725 stdlib v1.24.6 1.24.8, 1.25.2 The ParseAddress function c...
Read more

dev-2943723

dev-2943723 Pre-release
Pre-release

Choose a tag to compare

@SoFMeRight SoFMeRight released this 17 Jul 01:28

📦 release — v0.0.2

Release type: prerelease • Commit: 2943723

Security: 🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected

Image Availability

Registry Image Tags
Docker Hub docker.io/prplanit/polysieve dev-2943723 latest-dev
cr.pcfae.com cr.pcfae.com/prplanit/polysieve dev-2943723 latest-dev
Digest pull commands & supply chain artifacts

docker.io/prplanit/polysieve

docker pull docker.io/prplanit/polysieve@sha256:ff3c557541e138d383bef2f99ea6a5e6cfa1d43bbab34ad08dbf81c27ee49848

cr.pcfae.com/prplanit/polysieve

docker pull cr.pcfae.com/prplanit/polysieve@sha256:ff3c557541e138d383bef2f99ea6a5e6cfa1d43bbab34ad08dbf81c27ee49848

Downloads

Platform File Size SHA-256
linux/amd64 polysieve-0.0.2-linux-amd64.tar.gz 1.4 MB 91ada669353e…
linux/arm64 polysieve-0.0.2-linux-arm64.tar.gz 1.3 MB 484bcdf334ac…
Full checksums
91ada669353ee22c0905fba54fb34fc8c6cc24d0c56a025c9e88bbd9ec755f92  polysieve-0.0.2-linux-amd64.tar.gz
484bcdf334ac88cef565f09f33e53e607b0bc89633244900ed72c69bd88e5079  polysieve-0.0.2-linux-arm64.tar.gz

Security

🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected

Vulnerability details (15 critical, 87 high, 102 medium, 8 low)
Severity CVE Package Installed Fixed Description
Critical CVE-2026-33186 google.golang.org/grpc v1.65.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/au...
Critical CVE-2025-68121 stdlib v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 During session resumption in crypto/tls, if the underlyin...
Critical GO-2026-4337 stdlib go1.24.6 1.24.13 During session resumption in crypto/tls, if the underlyin...
Critical CVE-2026-27143 stdlib go1.24.6 1.25.9 Arithmetic over induction variables in loops were not cor...
Critical GHSA-vgwf-h737-ff37 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto: Invoking client can cause server dea...
Critical GHSA-f5wc-c3c7-36mc golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto doesn't drop invoking agent constrain...
Critical GHSA-p77j-4mvh-x3m3 google.golang.org/grpc v1.65.0 1.79.3 gRPC-Go has an authorization bypass via missing leading s...
Critical GHSA-5cgq-3rg8-m6cv golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto vulnerable to auth bypass via unenfor...
Critical GHSA-rm3j-f69w-wqmq golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto vulnerable to infinite loop on large ...
Critical GO-2026-5020 golang.org/x/crypto v0.31.0 0.52.0 When writing data larger than 4GB in a single Write call ...
Critical GHSA-x527-x647-q7gg golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto: Invoking VerifiedPublicKeyCallback p...
Critical GHSA-89gr-r52h-f8rx golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto: FIDO/U2F security key physical prese...
Critical GO-2026-5019 golang.org/x/crypto v0.31.0 0.52.0 The Verify() method for FIDO/U2F security key types (sk-e...
Critical GHSA-jppx-rxg9-jmrx golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto doesn't enforce invoking key constraints
Critical GO-2026-5005 golang.org/x/crypto v0.31.0 0.52.0 The in-memory keyring returned by NewKeyring() silently a...
High CVE-2024-25621 github.com/containerd/containerd v1.7.23 1.7.29 github.com/containerd/containerd: containerd local privil...
High CVE-2026-53488 github.com/containerd/containerd v1.7.23 1.7.33 github.com/containerd/containerd: containerd: Host-root c...
High CVE-2025-15558 github.com/docker/cli v25.0.1+incompatible 29.2.0 docker/cli: Docker CLI for Windows: Privilege escalation ...
High CVE-2026-34040 github.com/docker/docker v25.0.6+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability
High CVE-2026-41567 github.com/docker/docker v25.0.6+incompatible docker: Moby/Docker Engine: Arbitrary Code Execution via ...
High CVE-2026-42306 github.com/docker/docker v25.0.6+incompatible Moby is an open source container framework. In Docker Eng...
High CVE-2026-35469 github.com/moby/spdystream v0.4.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis...
High CVE-2025-22869 golang.org/x/crypto v0.31.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exc...
High CVE-2025-47913 golang.org/x/crypto v0.31.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag...
High CVE-2026-39828 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unautho...
High CVE-2026-39829 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ...
High CVE-2026-39830 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ...
High CVE-2026-39831 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Securit...
High CVE-2026-39832 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag...
High CVE-2026-39835 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:...
High CVE-2026-42508 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/...
High CVE-2026-46595 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authori...
High CVE-2026-46597 golang.org/x/crypto v0.31.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ...
High CVE-2024-45338 golang.org/x/net v0.26.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensi...
High CVE-2026-25681 golang.org/x/net v0.26.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary c...
High CVE-2026-27136 golang.org/x/net v0.26.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cro...
High CVE-2026-33814 golang.org/x/net v0.26.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39821 golang.org/x/net v0.26.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri...
High CVE-2025-22868 golang.org/x/oauth2 v0.21.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption du...
High CVE-2025-53547 helm.sh/helm/v3 v3.16.4 3.18.4, 3.17.4 helm.sh/helm/v3: Helm Chart Code Execution
High CVE-2025-61726 stdlib v1.24.6 1.24.12, 1.25.6 The net/url package does not set a limit on the number of...
High CVE-2025-61729 stdlib v1.24.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive r...
High CVE-2026-25679 stdlib v1.24.6 1.25.8, 1.26.1 url.Parse insufficiently validated the host/authority com...
High CVE-2026-27145 stdlib v1.24.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Servic...
High CVE-2026-32280 stdlib v1.24.6 1.25.9, 1.26.2 During chain building, the amount of work that is done is...
High CVE-2026-32281 stdlib v1.24.6 1.25.9, 1.26.2 Validating certificate chains which use policies is unexp...
High CVE-2026-32283 stdlib v1.24.6 1.25.9, 1.26.2 If one side of the TLS connection sends multiple key upda...
High CVE-2026-33811 stdlib v1.24.6 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very ...
High CVE-2026-33814 stdlib v1.24.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39820 stdlib v1.24.6 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressLi...
High CVE-2026-39822 stdlib v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 On Unix systems, opening a file in an os.Root improperly ...
High CVE-2026-39836 stdlib v1.24.6 1.25.10, 1.26.3 The Dial and LookupPort functions panic on Windows when p...
High CVE-2026-42499 stdlib v1.24.6 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase...
High CVE-2026-42504 stdlib v1.24.6 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing man...
High GHSA-x744-4wpc-v9h2 github.com/docker/docker v25.0.6+incompatible 29.3.1 Moby has AuthZ plugin bypass when provided oversized requ...
High GO-2026-5037 stdlib go1.24.6 1.25.11 (*x509.Certificate).VerifyHostname previously called matc...
High GHSA-hcg3-q754-cr77 golang.org/x/crypto v0.31.0 0.35.0 golang.org/x/crypto Vulnerable to Denial of Service (DoS)...
High GO-2025-3487 golang.org/x/crypto v0.31.0 0.35.0 SSH servers which implement file transfer protocols are v...
High GO-2026-4981 stdlib go1.24.6 1.25.10 When using LookupCNAME with the cgo DNS resolver, a very ...
High GHSA-6v2p-p543-phr9 golang.org/x/oauth2 v0.21.0 0.27.0 golang.org/x/oauth2 Improper Validation of Syntactic Corr...
High GO-2025-3488 golang.org/x/oauth2 v0.21.0 0.27.0 An attacker can pass a malicious malformed token which ca...
High G...
Read more