Releases: PrPlanIT/PolySieve
Release list
v0.0.2
📦 release — v0.0.2
Release type: latest • Commit:
2943723
Security: 🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
v0.0.2 latest |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
v0.0.2 latest |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:81ed9787432ea247f2f5939aa57aa1eedcd9437cfa452c8a1def90a31d30c557
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:81ed9787432ea247f2f5939aa57aa1eedcd9437cfa452c8a1def90a31d30c557
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.2-linux-amd64.tar.gz |
1.4 MB | 031857e296e8… |
linux/arm64 |
polysieve-0.0.2-linux-arm64.tar.gz |
1.3 MB | 3787d6453056… |
Full checksums
031857e296e80973b9f2e00eb986c932bc10b3be257cb33f0f1d37a8e3f6dbf2 polysieve-0.0.2-linux-amd64.tar.gz
3787d645305602d7d9d8af174e3311e10985068441f3ff04a1431d36057b31e2 polysieve-0.0.2-linux-arm64.tar.gz
Highlights
- helm: best-effort HelmRelease rendering for cluster-absent runs
- cluster: best-effort live-cluster augmentation for blind backends
- honesty-gate: never prune a port PolySieve cannot account for
Notable Changes
Features
- helm: best-effort HelmRelease rendering for cluster-absent runs (SoFMeRight)
- cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
- honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)
Documentation
- refresh generated docs and badges (stagefreight) ×3
Security
🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected
Vulnerability details (15 critical, 87 high, 102 medium, 8 low)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Critical | CVE-2026-33186 | google.golang.org/grpc | v1.65.0 | 1.79.3 | google.golang.org/grpc/grpc-go: google.golang.org/grpc/au... |
| Critical | CVE-2025-68121 | stdlib | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | During session resumption in crypto/tls, if the underlyin... |
| Critical | GO-2026-4337 | stdlib | go1.24.6 | 1.24.13 | During session resumption in crypto/tls, if the underlyin... |
| Critical | CVE-2026-27143 | stdlib | go1.24.6 | 1.25.9 | Arithmetic over induction variables in loops were not cor... |
| Critical | GHSA-vgwf-h737-ff37 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking client can cause server dea... |
| Critical | GHSA-f5wc-c3c7-36mc | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto doesn't drop invoking agent constrain... |
| Critical | GHSA-p77j-4mvh-x3m3 | google.golang.org/grpc | v1.65.0 | 1.79.3 | gRPC-Go has an authorization bypass via missing leading s... |
| Critical | GHSA-5cgq-3rg8-m6cv | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to auth bypass via unenfor... |
| Critical | GHSA-rm3j-f69w-wqmq | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to infinite loop on large ... |
| Critical | GO-2026-5020 | golang.org/x/crypto | v0.31.0 | 0.52.0 | When writing data larger than 4GB in a single Write call ... |
| Critical | GHSA-x527-x647-q7gg | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking VerifiedPublicKeyCallback p... |
| Critical | GHSA-89gr-r52h-f8rx | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: FIDO/U2F security key physical prese... |
| Critical | GO-2026-5019 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The Verify() method for FIDO/U2F security key types (sk-e... |
| Critical | GHSA-jppx-rxg9-jmrx | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto doesn't enforce invoking key constraints |
| Critical | GO-2026-5005 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The in-memory keyring returned by NewKeyring() silently a... |
| High | CVE-2024-25621 | github.com/containerd/containerd | v1.7.23 | 1.7.29 | github.com/containerd/containerd: containerd local privil... |
| High | CVE-2026-53488 | github.com/containerd/containerd | v1.7.23 | 1.7.33 | github.com/containerd/containerd: containerd: Host-root c... |
| High | CVE-2025-15558 | github.com/docker/cli | v25.0.1+incompatible | 29.2.0 | docker/cli: Docker CLI for Windows: Privilege escalation ... |
| High | CVE-2026-34040 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | Moby: Moby: Authorization bypass vulnerability |
| High | CVE-2026-41567 | github.com/docker/docker | v25.0.6+incompatible | — | docker: Moby/Docker Engine: Arbitrary Code Execution via ... |
| High | CVE-2026-42306 | github.com/docker/docker | v25.0.6+incompatible | — | Moby is an open source container framework. In Docker Eng... |
| High | CVE-2026-35469 | github.com/moby/spdystream | v0.4.0 | 0.5.1 | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis... |
| High | CVE-2025-22869 | golang.org/x/crypto | v0.31.0 | 0.35.0 | golang.org/x/crypto/ssh: Denial of Service in the Key Exc... |
| High | CVE-2025-47913 | golang.org/x/crypto | v0.31.0 | 0.43.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| High | CVE-2026-39828 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unautho... |
| High | CVE-2026-39829 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2026-39830 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2026-39831 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Securit... |
| High | CVE-2026-39832 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| High | CVE-2026-39835 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:... |
| High | CVE-2026-42508 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/... |
| High | CVE-2026-46595 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authori... |
| High | CVE-2026-46597 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2024-45338 | golang.org/x/net | v0.26.0 | 0.33.0 | golang.org/x/net/html: Non-linear parsing of case-insensi... |
| High | CVE-2026-25681 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Arbitrary c... |
| High | CVE-2026-27136 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| High | CVE-2026-33814 | golang.org/x/net | v0.26.0 | 0.53.0 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39821 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri... |
| High | CVE-2025-22868 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | golang.org/x/oauth2/jws: Unexpected memory consumption du... |
| High | CVE-2025-53547 | helm.sh/helm/v3 | v3.16.4 | 3.18.4, 3.17.4 | helm.sh/helm/v3: Helm Chart Code Execution |
| High | CVE-2025-61726 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | The net/url package does not set a limit on the number of... |
| High | CVE-2025-61729 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | crypto/x509: golang: Denial of Service due to excessive r... |
| High | CVE-2026-25679 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27145 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | crypto/x509: golang: golang crypto/x509: Denial of Servic... |
| High | CVE-2026-32280 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | During chain building, the amount of work that is done is... |
| High | CVE-2026-32281 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-32283 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | If one side of the TLS connection sends multiple key upda... |
| High | CVE-2026-33811 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | CVE-2026-33814 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39820 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | CVE-2026-39822 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | On Unix systems, opening a file in an os.Root improperly ... |
| High | CVE-2026-39836 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | The Dial and LookupPort functions panic on Windows when p... |
| High | CVE-2026-42499 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Pathological inputs could cause DoS through consumePhrase... |
| High | CVE-2026-42504 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | Decoding a maliciously-crafted MIME header containing man... |
| High | GHSA-x744-4wpc-v9h2 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | Moby has AuthZ plugin bypass when provided oversized requ... |
| High | GO-2026-5037 | stdlib | go1.24.6 | 1.25.11 | (*x509.Certificate).VerifyHostname previously called matc... |
| High | GHSA-hcg3-q754-cr77 | golang.org/x/crypto | v0.31.0 | 0.35.0 | golang.org/x/crypto Vulnerable to Denial ... |
latest-dev
📦 release — v0.0.1-dev+c154158
Release type: prerelease • Commit:
c154158
Security: 🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
dev-c154158 latest-dev |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
dev-c154158 latest-dev |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz |
1.3 MB | 1a9dac1a335c… |
linux/arm64 |
polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz |
1.2 MB | 2716992f7e1c… |
Full checksums
1a9dac1a335cc52bc4a401b9eab37bf851a630481010d6ae6ceca506b5f9d4f4 polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz
2716992f7e1ca4e6249d8344fdad1b081733738811c49bb70c3abe66b25dcb5c polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz
Notable Changes
Features
- honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)
Documentation
- refresh generated docs and badges (stagefreight)
Security
🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)
Vulnerability details (3 medium)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Medium | CVE-2025-60876 | busybox | 1.37.0-r31 | — | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | busybox-binsh | 1.37.0-r31 | — | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | ssl_client | 1.37.0-r31 | — | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
Full changelog
- [
c154158] never prune a port PolySieve cannot account for (SoFMeRight) - [
392598d] refresh generated docs and badges (stagefreight)
dev-c154158
📦 release — v0.0.1-dev+c154158
Release type: prerelease • Commit:
c154158
Security: 🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
dev-c154158 latest-dev |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
dev-c154158 latest-dev |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:8638280df0b3fd5357747aaf0e8830984f5b55aede0fe57ab293241a44eb5314
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz |
1.3 MB | 1a9dac1a335c… |
linux/arm64 |
polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz |
1.2 MB | 2716992f7e1c… |
Full checksums
1a9dac1a335cc52bc4a401b9eab37bf851a630481010d6ae6ceca506b5f9d4f4 polysieve-0.0.1-dev+c154158-linux-amd64.tar.gz
2716992f7e1ca4e6249d8344fdad1b081733738811c49bb70c3abe66b25dcb5c polysieve-0.0.1-dev+c154158-linux-arm64.tar.gz
Notable Changes
Features
- honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)
Documentation
- refresh generated docs and badges (stagefreight)
Security
🛡️ ✅ Passed — 3 vulnerabilities (3 medium, 0 low)
Vulnerability details (3 medium)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Medium | CVE-2025-60876 | busybox | 1.37.0-r31 | — | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | busybox-binsh | 1.37.0-r31 | — | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | ssl_client | 1.37.0-r31 | — | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
Full changelog
- [
c154158] never prune a port PolySieve cannot account for (SoFMeRight) - [
392598d] refresh generated docs and badges (stagefreight)
dev-af24b4a
📦 release — v0.0.1-dev+af24b4a
Release type: prerelease • Commit:
af24b4a
Security: 🛡️ ❌ Critical — 3 critical and 45 high vulnerabilities detected
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
dev-af24b4a latest-dev |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
dev-af24b4a latest-dev |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz |
1.3 MB | b69696c75c4d… |
linux/arm64 |
polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz |
1.2 MB | 00aa992bd35c… |
Full checksums
b69696c75c4dd35e05b33d58efe5dfeedfdb3dc7ffe555c3a739a36cbd9bed49 polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz
00aa992bd35c1540ce8f6cfc56c89f0810d55883d0c1447377718ae3ee74d287 polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz
Notable Changes
Features
- cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
- honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)
Documentation
- refresh generated docs and badges (stagefreight) ×2
Security
🛡️ ❌ Critical — 3 critical and 45 high vulnerabilities detected
Vulnerability details (3 critical, 45 high, 59 medium, 4 low)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Critical | CVE-2025-68121 | stdlib | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | During session resumption in crypto/tls, if the underlyin... |
| Critical | GO-2026-4337 | stdlib | go1.24.6 | 1.24.13 | During session resumption in crypto/tls, if the underlyin... |
| Critical | CVE-2026-27143 | stdlib | go1.24.6 | 1.25.9 | Arithmetic over induction variables in loops were not cor... |
| High | CVE-2026-35469 | github.com/moby/spdystream | v0.5.0 | 0.5.1 | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis... |
| High | CVE-2026-25681 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Arbitrary c... |
| High | CVE-2026-27136 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| High | CVE-2026-33814 | golang.org/x/net | v0.38.0 | 0.53.0 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39821 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri... |
| High | CVE-2025-61726 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | The net/url package does not set a limit on the number of... |
| High | CVE-2025-61729 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | crypto/x509: golang: Denial of Service due to excessive r... |
| High | CVE-2026-25679 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27145 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | crypto/x509: golang: golang crypto/x509: Denial of Servic... |
| High | CVE-2026-32280 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | During chain building, the amount of work that is done is... |
| High | CVE-2026-32281 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-32283 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | If one side of the TLS connection sends multiple key upda... |
| High | CVE-2026-33811 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | CVE-2026-33814 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39820 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | CVE-2026-39822 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | On Unix systems, opening a file in an os.Root improperly ... |
| High | CVE-2026-39836 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | The Dial and LookupPort functions panic on Windows when p... |
| High | CVE-2026-42499 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Pathological inputs could cause DoS through consumePhrase... |
| High | CVE-2026-42504 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | Decoding a maliciously-crafted MIME header containing man... |
| High | GO-2026-4341 | stdlib | go1.24.6 | 1.24.12 | The net/url package does not set a limit on the number of... |
| High | GO-2026-5037 | stdlib | go1.24.6 | 1.25.11 | (*x509.Certificate).VerifyHostname previously called matc... |
| High | GO-2026-4981 | stdlib | go1.24.6 | 1.25.10 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | GO-2026-4977 | stdlib | go1.24.6 | 1.25.10 | Pathological inputs could cause DoS through consumePhrase... |
| High | GO-2026-4986 | stdlib | go1.24.6 | 1.25.10 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | GO-2026-4918 | golang.org/x/net | v0.38.0 | 0.53.0 | When processing HTTP/2 SETTINGS frames, transport will en... |
| High | GO-2026-4918 | stdlib | go1.24.6 | 1.25.10 | When processing HTTP/2 SETTINGS frames, transport will en... |
| High | GO-2026-4601 | stdlib | go1.24.6 | 1.25.8 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27140 | stdlib | go1.24.6 | 1.25.9 | SWIG file names containing 'cgo' and well-crafted payload... |
| High | GHSA-pc3f-x583-g7j2 | github.com/moby/spdystream | v0.5.0 | 0.5.1 | SpdyStream: DOS on CRI |
| High | GO-2025-4009 | stdlib | go1.24.6 | 1.24.8 | The processing time for parsing some invalid inputs scale... |
| High | GO-2026-4870 | stdlib | go1.24.6 | 1.25.9 | If one side of the TLS connection sends multiple key upda... |
| High | GO-2026-4947 | stdlib | go1.24.6 | 1.25.9 | During chain building, the amount of work that is done is... |
| High | GO-2025-4006 | stdlib | go1.24.6 | 1.24.8 | The ParseAddress function constructs domain-literal addre... |
| High | GO-2026-4971 | stdlib | go1.24.6 | 1.25.10 | The Dial and LookupPort functions panic on Windows when p... |
| High | GO-2026-5038 | stdlib | go1.24.6 | 1.25.11 | Decoding a maliciously-crafted MIME header containing man... |
| High | CVE-2025-61731 | stdlib | go1.24.6 | 1.24.12 | Building a malicious file with cmd/go can cause can cause... |
| High | GO-2026-5026 | golang.org/x/net | v0.38.0 | 0.55.0 | The ToASCII and ToUnicode functions incorrectly accept Pu... |
| High | CVE-2025-61732 | stdlib | go1.24.6 | 1.24.13 | A discrepancy between how Go and C/C++ comments were pars... |
| High | GO-2025-4155 | stdlib | go1.24.6 | 1.24.11 | Within HostnameError.Error(), when constructing an error ... |
| High | GO-2025-4007 | stdlib | go1.24.6 | 1.24.9 | Due to the design of the name constraint checking algorit... |
| High | GO-2025-4013 | stdlib | go1.24.6 | 1.24.8 | Validating certificate chains which contain DSA public ke... |
| High | GO-2026-4946 | stdlib | go1.24.6 | 1.25.9 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-27144 | stdlib | go1.24.6 | 1.25.9 | The compiler is meant to unwrap pointers which are the op... |
| High | CVE-2026-42501 | stdlib | go1.24.6 | 1.25.10 | A malicious module proxy can exploit a flaw in the go com... |
| High | GO-2026-4970 | stdlib | go1.24.6 | 1.25.12 | On Unix systems, opening a file in an os.Root improperly ... |
| Medium | CVE-2025-47911 | golang.org/x/net | v0.38.0 | 0.45.0 | golang.org/x/net/html: Quadratic parsing complexity in go... |
| Medium | CVE-2025-58190 | golang.org/x/net | v0.38.0 | 0.45.0 | golang.org/x/net/html: Infinite parsing loop in golang.or... |
| Medium | CVE-2026-25680 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Denial of S... |
| Medium | CVE-2026-42502 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| Medium | CVE-2026-42506 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Cross-Site ... |
| Medium | CVE-2025-13281 | k8s.io/kubernetes | v1.34.0 | 1.32.10, 1.33.6, 1.34.2 | kube-controller-manager: Portworx Half-Blind SSRF in kube... |
| Medium | CVE-2025-47912 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The Parse function permits values other than IPv6 address... |
| Medium | CVE-2025-58183 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | tar.Reader does not set a maximum size on the number of s... |
| Medium | CVE-2025-58185 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Parsing a maliciously crafted DER payload could allocate ... |
| Medium | CVE-2025-58187 | stdlib | v1.24.6 | 1.24.9, 1.25.3 | Due to the design of the name constraint checking algorit... |
| Medium | CVE-2025-58188 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Validating certificate chains which contain DSA public ke... |
| Medium | CVE-2025-58189 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | When Conn.Handshake fails during ALPN negotiation the err... |
| Medium | CVE-2025-61723 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The processing time for parsing some invalid inputs scale... |
| Medium | CVE-2025-61724 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The Reader.ReadResponse function constructs a response st... |
| Medium | CVE-2025-61725 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The ParseAddress function c... |
dev-2943723
📦 release — v0.0.2
Release type: prerelease • Commit:
2943723
Security: 🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
dev-2943723 latest-dev |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
dev-2943723 latest-dev |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:ff3c557541e138d383bef2f99ea6a5e6cfa1d43bbab34ad08dbf81c27ee49848
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:ff3c557541e138d383bef2f99ea6a5e6cfa1d43bbab34ad08dbf81c27ee49848
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.2-linux-amd64.tar.gz |
1.4 MB | 91ada669353e… |
linux/arm64 |
polysieve-0.0.2-linux-arm64.tar.gz |
1.3 MB | 484bcdf334ac… |
Full checksums
91ada669353ee22c0905fba54fb34fc8c6cc24d0c56a025c9e88bbd9ec755f92 polysieve-0.0.2-linux-amd64.tar.gz
484bcdf334ac88cef565f09f33e53e607b0bc89633244900ed72c69bd88e5079 polysieve-0.0.2-linux-arm64.tar.gz
Security
🛡️ ❌ Critical — 15 critical and 87 high vulnerabilities detected
Vulnerability details (15 critical, 87 high, 102 medium, 8 low)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Critical | CVE-2026-33186 | google.golang.org/grpc | v1.65.0 | 1.79.3 | google.golang.org/grpc/grpc-go: google.golang.org/grpc/au... |
| Critical | CVE-2025-68121 | stdlib | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | During session resumption in crypto/tls, if the underlyin... |
| Critical | GO-2026-4337 | stdlib | go1.24.6 | 1.24.13 | During session resumption in crypto/tls, if the underlyin... |
| Critical | CVE-2026-27143 | stdlib | go1.24.6 | 1.25.9 | Arithmetic over induction variables in loops were not cor... |
| Critical | GHSA-vgwf-h737-ff37 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking client can cause server dea... |
| Critical | GHSA-f5wc-c3c7-36mc | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto doesn't drop invoking agent constrain... |
| Critical | GHSA-p77j-4mvh-x3m3 | google.golang.org/grpc | v1.65.0 | 1.79.3 | gRPC-Go has an authorization bypass via missing leading s... |
| Critical | GHSA-5cgq-3rg8-m6cv | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to auth bypass via unenfor... |
| Critical | GHSA-rm3j-f69w-wqmq | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to infinite loop on large ... |
| Critical | GO-2026-5020 | golang.org/x/crypto | v0.31.0 | 0.52.0 | When writing data larger than 4GB in a single Write call ... |
| Critical | GHSA-x527-x647-q7gg | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking VerifiedPublicKeyCallback p... |
| Critical | GHSA-89gr-r52h-f8rx | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: FIDO/U2F security key physical prese... |
| Critical | GO-2026-5019 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The Verify() method for FIDO/U2F security key types (sk-e... |
| Critical | GHSA-jppx-rxg9-jmrx | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto doesn't enforce invoking key constraints |
| Critical | GO-2026-5005 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The in-memory keyring returned by NewKeyring() silently a... |
| High | CVE-2024-25621 | github.com/containerd/containerd | v1.7.23 | 1.7.29 | github.com/containerd/containerd: containerd local privil... |
| High | CVE-2026-53488 | github.com/containerd/containerd | v1.7.23 | 1.7.33 | github.com/containerd/containerd: containerd: Host-root c... |
| High | CVE-2025-15558 | github.com/docker/cli | v25.0.1+incompatible | 29.2.0 | docker/cli: Docker CLI for Windows: Privilege escalation ... |
| High | CVE-2026-34040 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | Moby: Moby: Authorization bypass vulnerability |
| High | CVE-2026-41567 | github.com/docker/docker | v25.0.6+incompatible | — | docker: Moby/Docker Engine: Arbitrary Code Execution via ... |
| High | CVE-2026-42306 | github.com/docker/docker | v25.0.6+incompatible | — | Moby is an open source container framework. In Docker Eng... |
| High | CVE-2026-35469 | github.com/moby/spdystream | v0.4.0 | 0.5.1 | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis... |
| High | CVE-2025-22869 | golang.org/x/crypto | v0.31.0 | 0.35.0 | golang.org/x/crypto/ssh: Denial of Service in the Key Exc... |
| High | CVE-2025-47913 | golang.org/x/crypto | v0.31.0 | 0.43.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| High | CVE-2026-39828 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unautho... |
| High | CVE-2026-39829 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2026-39830 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2026-39831 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Securit... |
| High | CVE-2026-39832 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| High | CVE-2026-39835 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:... |
| High | CVE-2026-42508 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/... |
| High | CVE-2026-46595 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authori... |
| High | CVE-2026-46597 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2024-45338 | golang.org/x/net | v0.26.0 | 0.33.0 | golang.org/x/net/html: Non-linear parsing of case-insensi... |
| High | CVE-2026-25681 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Arbitrary c... |
| High | CVE-2026-27136 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| High | CVE-2026-33814 | golang.org/x/net | v0.26.0 | 0.53.0 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39821 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri... |
| High | CVE-2025-22868 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | golang.org/x/oauth2/jws: Unexpected memory consumption du... |
| High | CVE-2025-53547 | helm.sh/helm/v3 | v3.16.4 | 3.18.4, 3.17.4 | helm.sh/helm/v3: Helm Chart Code Execution |
| High | CVE-2025-61726 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | The net/url package does not set a limit on the number of... |
| High | CVE-2025-61729 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | crypto/x509: golang: Denial of Service due to excessive r... |
| High | CVE-2026-25679 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27145 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | crypto/x509: golang: golang crypto/x509: Denial of Servic... |
| High | CVE-2026-32280 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | During chain building, the amount of work that is done is... |
| High | CVE-2026-32281 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-32283 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | If one side of the TLS connection sends multiple key upda... |
| High | CVE-2026-33811 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | CVE-2026-33814 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39820 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | CVE-2026-39822 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | On Unix systems, opening a file in an os.Root improperly ... |
| High | CVE-2026-39836 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | The Dial and LookupPort functions panic on Windows when p... |
| High | CVE-2026-42499 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Pathological inputs could cause DoS through consumePhrase... |
| High | CVE-2026-42504 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | Decoding a maliciously-crafted MIME header containing man... |
| High | GHSA-x744-4wpc-v9h2 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | Moby has AuthZ plugin bypass when provided oversized requ... |
| High | GO-2026-5037 | stdlib | go1.24.6 | 1.25.11 | (*x509.Certificate).VerifyHostname previously called matc... |
| High | GHSA-hcg3-q754-cr77 | golang.org/x/crypto | v0.31.0 | 0.35.0 | golang.org/x/crypto Vulnerable to Denial of Service (DoS)... |
| High | GO-2025-3487 | golang.org/x/crypto | v0.31.0 | 0.35.0 | SSH servers which implement file transfer protocols are v... |
| High | GO-2026-4981 | stdlib | go1.24.6 | 1.25.10 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | GHSA-6v2p-p543-phr9 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | golang.org/x/oauth2 Improper Validation of Syntactic Corr... |
| High | GO-2025-3488 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | An attacker can pass a malicious malformed token which ca... |
| High | G... |