π¦ release β v0.0.2
Release type: latest β’ Commit:
2943723
Security: π‘οΈ β Critical β 15 critical and 87 high vulnerabilities detected
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
v0.0.2 latest |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
v0.0.2 latest |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:81ed9787432ea247f2f5939aa57aa1eedcd9437cfa452c8a1def90a31d30c557
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:81ed9787432ea247f2f5939aa57aa1eedcd9437cfa452c8a1def90a31d30c557
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.2-linux-amd64.tar.gz |
1.4 MB | 031857e296e8β¦ |
linux/arm64 |
polysieve-0.0.2-linux-arm64.tar.gz |
1.3 MB | 3787d6453056β¦ |
Full checksums
031857e296e80973b9f2e00eb986c932bc10b3be257cb33f0f1d37a8e3f6dbf2 polysieve-0.0.2-linux-amd64.tar.gz
3787d645305602d7d9d8af174e3311e10985068441f3ff04a1431d36057b31e2 polysieve-0.0.2-linux-arm64.tar.gz
Highlights
- helm: best-effort HelmRelease rendering for cluster-absent runs
- cluster: best-effort live-cluster augmentation for blind backends
- honesty-gate: never prune a port PolySieve cannot account for
Notable Changes
Features
- helm: best-effort HelmRelease rendering for cluster-absent runs (SoFMeRight)
- cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
- honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)
Documentation
- refresh generated docs and badges (stagefreight) Γ3
Security
π‘οΈ β Critical β 15 critical and 87 high vulnerabilities detected
Vulnerability details (15 critical, 87 high, 102 medium, 8 low)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Critical | CVE-2026-33186 | google.golang.org/grpc | v1.65.0 | 1.79.3 | google.golang.org/grpc/grpc-go: google.golang.org/grpc/au... |
| Critical | CVE-2025-68121 | stdlib | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | During session resumption in crypto/tls, if the underlyin... |
| Critical | GO-2026-4337 | stdlib | go1.24.6 | 1.24.13 | During session resumption in crypto/tls, if the underlyin... |
| Critical | CVE-2026-27143 | stdlib | go1.24.6 | 1.25.9 | Arithmetic over induction variables in loops were not cor... |
| Critical | GHSA-vgwf-h737-ff37 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking client can cause server dea... |
| Critical | GHSA-f5wc-c3c7-36mc | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto doesn't drop invoking agent constrain... |
| Critical | GHSA-p77j-4mvh-x3m3 | google.golang.org/grpc | v1.65.0 | 1.79.3 | gRPC-Go has an authorization bypass via missing leading s... |
| Critical | GHSA-5cgq-3rg8-m6cv | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to auth bypass via unenfor... |
| Critical | GHSA-rm3j-f69w-wqmq | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to infinite loop on large ... |
| Critical | GO-2026-5020 | golang.org/x/crypto | v0.31.0 | 0.52.0 | When writing data larger than 4GB in a single Write call ... |
| Critical | GHSA-x527-x647-q7gg | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking VerifiedPublicKeyCallback p... |
| Critical | GHSA-89gr-r52h-f8rx | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: FIDO/U2F security key physical prese... |
| Critical | GO-2026-5019 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The Verify() method for FIDO/U2F security key types (sk-e... |
| Critical | GHSA-jppx-rxg9-jmrx | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto doesn't enforce invoking key constraints |
| Critical | GO-2026-5005 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The in-memory keyring returned by NewKeyring() silently a... |
| High | CVE-2024-25621 | github.com/containerd/containerd | v1.7.23 | 1.7.29 | github.com/containerd/containerd: containerd local privil... |
| High | CVE-2026-53488 | github.com/containerd/containerd | v1.7.23 | 1.7.33 | github.com/containerd/containerd: containerd: Host-root c... |
| High | CVE-2025-15558 | github.com/docker/cli | v25.0.1+incompatible | 29.2.0 | docker/cli: Docker CLI for Windows: Privilege escalation ... |
| High | CVE-2026-34040 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | Moby: Moby: Authorization bypass vulnerability |
| High | CVE-2026-41567 | github.com/docker/docker | v25.0.6+incompatible | β | docker: Moby/Docker Engine: Arbitrary Code Execution via ... |
| High | CVE-2026-42306 | github.com/docker/docker | v25.0.6+incompatible | β | Moby is an open source container framework. In Docker Eng... |
| High | CVE-2026-35469 | github.com/moby/spdystream | v0.4.0 | 0.5.1 | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis... |
| High | CVE-2025-22869 | golang.org/x/crypto | v0.31.0 | 0.35.0 | golang.org/x/crypto/ssh: Denial of Service in the Key Exc... |
| High | CVE-2025-47913 | golang.org/x/crypto | v0.31.0 | 0.43.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| High | CVE-2026-39828 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unautho... |
| High | CVE-2026-39829 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2026-39830 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2026-39831 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Securit... |
| High | CVE-2026-39832 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| High | CVE-2026-39835 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:... |
| High | CVE-2026-42508 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/... |
| High | CVE-2026-46595 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authori... |
| High | CVE-2026-46597 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| High | CVE-2024-45338 | golang.org/x/net | v0.26.0 | 0.33.0 | golang.org/x/net/html: Non-linear parsing of case-insensi... |
| High | CVE-2026-25681 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Arbitrary c... |
| High | CVE-2026-27136 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| High | CVE-2026-33814 | golang.org/x/net | v0.26.0 | 0.53.0 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39821 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri... |
| High | CVE-2025-22868 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | golang.org/x/oauth2/jws: Unexpected memory consumption du... |
| High | CVE-2025-53547 | helm.sh/helm/v3 | v3.16.4 | 3.18.4, 3.17.4 | helm.sh/helm/v3: Helm Chart Code Execution |
| High | CVE-2025-61726 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | The net/url package does not set a limit on the number of... |
| High | CVE-2025-61729 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | crypto/x509: golang: Denial of Service due to excessive r... |
| High | CVE-2026-25679 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27145 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | crypto/x509: golang: golang crypto/x509: Denial of Servic... |
| High | CVE-2026-32280 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | During chain building, the amount of work that is done is... |
| High | CVE-2026-32281 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-32283 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | If one side of the TLS connection sends multiple key upda... |
| High | CVE-2026-33811 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | CVE-2026-33814 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39820 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | CVE-2026-39822 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | On Unix systems, opening a file in an os.Root improperly ... |
| High | CVE-2026-39836 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | The Dial and LookupPort functions panic on Windows when p... |
| High | CVE-2026-42499 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Pathological inputs could cause DoS through consumePhrase... |
| High | CVE-2026-42504 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | Decoding a maliciously-crafted MIME header containing man... |
| High | GHSA-x744-4wpc-v9h2 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | Moby has AuthZ plugin bypass when provided oversized requ... |
| High | GO-2026-5037 | stdlib | go1.24.6 | 1.25.11 | (*x509.Certificate).VerifyHostname previously called matc... |
| High | GHSA-hcg3-q754-cr77 | golang.org/x/crypto | v0.31.0 | 0.35.0 | golang.org/x/crypto Vulnerable to Denial of Service (DoS)... |
| High | GO-2025-3487 | golang.org/x/crypto | v0.31.0 | 0.35.0 | SSH servers which implement file transfer protocols are v... |
| High | GO-2026-4981 | stdlib | go1.24.6 | 1.25.10 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | GHSA-6v2p-p543-phr9 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | golang.org/x/oauth2 Improper Validation of Syntactic Corr... |
| High | GO-2025-3488 | golang.org/x/oauth2 | v0.21.0 | 0.27.0 | An attacker can pass a malicious malformed token which ca... |
| High | GO-2026-4977 | stdlib | go1.24.6 | 1.25.10 | Pathological inputs could cause DoS through consumePhrase... |
| High | GO-2026-4986 | stdlib | go1.24.6 | 1.25.10 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | GO-2026-4918 | golang.org/x/net | v0.26.0 | 0.53.0 | When processing HTTP/2 SETTINGS frames, transport will en... |
| High | GO-2026-4918 | stdlib | go1.24.6 | 1.25.10 | When processing HTTP/2 SETTINGS frames, transport will en... |
| High | GO-2026-4341 | stdlib | go1.24.6 | 1.24.12 | The net/url package does not set a limit on the number of... |
| High | CVE-2026-27140 | stdlib | go1.24.6 | 1.25.9 | SWIG file names containing 'cgo' and well-crafted payload... |
| High | GHSA-pc3f-x583-g7j2 | github.com/moby/spdystream | v0.4.0 | 0.5.1 | SpdyStream: DOS on CRI |
| High | GO-2025-4116 | golang.org/x/crypto | v0.31.0 | 0.43.0 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a ... |
| High | GO-2025-4009 | stdlib | go1.24.6 | 1.24.8 | The processing time for parsing some invalid inputs scale... |
| High | GO-2026-4870 | stdlib | go1.24.6 | 1.25.9 | If one side of the TLS connection sends multiple key upda... |
| High | GO-2026-4947 | stdlib | go1.24.6 | 1.25.9 | During chain building, the amount of work that is done is... |
| High | GO-2025-4006 | stdlib | go1.24.6 | 1.24.8 | The ParseAddress function constructs domain-literal addre... |
| High | GO-2026-4971 | stdlib | go1.24.6 | 1.25.10 | The Dial and LookupPort functions panic on Windows when p... |
| High | GO-2026-5006 | golang.org/x/crypto | v0.31.0 | 0.52.0 | When adding a key to a remote agent constraint extensions... |
| High | GO-2026-5038 | stdlib | go1.24.6 | 1.25.11 | Decoding a maliciously-crafted MIME header containing man... |
| High | CVE-2025-61731 | stdlib | go1.24.6 | 1.24.12 | Building a malicious file with cmd/go can cause can cause... |
| High | GO-2026-5017 | golang.org/x/crypto | v0.31.0 | 0.52.0 | A malicious SSH peer could send unsolicited global reques... |
| High | GO-2026-4601 | stdlib | go1.24.6 | 1.25.8 | url.Parse insufficiently validated the host/authority com... |
| High | GO-2026-5026 | golang.org/x/net | v0.26.0 | 0.55.0 | The ToASCII and ToUnicode functions incorrectly accept Pu... |
| High | CVE-2025-61732 | stdlib | go1.24.6 | 1.24.13 | A discrepancy between how Go and C/C++ comments were pars... |
| High | GO-2026-5021 | golang.org/x/crypto | v0.31.0 | 0.52.0 | Previously, a revoked 'SignatureKey' belonging to a CA wa... |
| High | GO-2025-4155 | stdlib | go1.24.6 | 1.24.11 | Within HostnameError.Error(), when constructing an error ... |
| High | GHSA-p436-gjf2-799p | github.com/docker/cli | v25.0.1+incompatible | 29.2.0 | Docker CLI Plugins: Uncontrolled Search Path Element Lead... |
| High | GO-2026-5023 | golang.org/x/crypto | v0.31.0 | 0.52.0 | Previously, CVE-2024-45337 fixed an authorization bypass ... |
| High | GHSA-w879-237q-wc7r | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking pathological RSA/DSA parame... |
| High | GO-2026-5018 | golang.org/x/crypto | v0.31.0 | 0.52.0 | The RSA and DSA public key parsers did not enforce size l... |
| High | GO-2026-5015 | golang.org/x/crypto | v0.31.0 | 0.52.0 | SSH servers which use CertChecker as a public key callbac... |
| High | GHSA-557j-xg8c-q2mm | helm.sh/helm/v3 | v3.16.4 | 3.17.4 | Helm vulnerable to Code Injection through malicious chart... |
| High | GO-2025-4007 | stdlib | go1.24.6 | 1.24.9 | Due to the design of the name constraint checking algorit... |
| High | GO-2025-4013 | stdlib | go1.24.6 | 1.24.8 | Validating certificate chains which contain DSA public ke... |
| High | GHSA-q4h4-gmj2-qvw2 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking byte arithmetic causes unde... |
| High | GO-2026-5013 | golang.org/x/crypto | v0.31.0 | 0.52.0 | An incorrectly placed cast from bytes to int allowed for ... |
| High | GO-2026-4946 | stdlib | go1.24.6 | 1.25.9 | Validating certificate chains which use policies is unexp... |
| High | GO-2026-5014 | golang.org/x/crypto | v0.31.0 | 0.52.0 | When an SSH server authentication callback returned Parti... |
| High | CVE-2026-27144 | stdlib | go1.24.6 | 1.25.9 | The compiler is meant to unwrap pointers which are the op... |
| High | CVE-2026-42501 | stdlib | go1.24.6 | 1.25.10 | A malicious module proxy can exploit a flaw in the go com... |
| High | GHSA-xhf5-7wjv-pqxp | github.com/containerd/containerd | v1.7.23 | 1.7.33 | containerd CRI β image-config LABEL flows to restart-... |
| High | GO-2026-4970 | stdlib | go1.24.6 | 1.25.12 | On Unix systems, opening a file in an os.Root improperly ... |
| High | GHSA-pwhc-rpq9-4c8w | github.com/containerd/containerd | v1.7.23 | 1.7.29 | containerd affected by a local privilege escalation via w... |
| High | GHSA-x86f-5xw2-fm2r | github.com/docker/docker | v25.0.6+incompatible | β | Docker: PUT /containers/{id}/archive executes container... |
| High | GHSA-rg2x-37c3-w2rh | github.com/docker/docker | v25.0.6+incompatible | β | Docker: Race condition in docker cp allows bind mount red... |
| Medium | CVE-2024-40635 | github.com/containerd/containerd | v1.7.23 | 1.7.27, 1.6.38 | containerd: containerd has an integer overflow in User ID... |
| Medium | CVE-2025-64329 | github.com/containerd/containerd | v1.7.23 | 1.7.29 | github.com/containerd/containerd: containerd: Memory exha... |
| Medium | CVE-2026-47262 | github.com/containerd/containerd | v1.7.23 | 1.7.33 | github.com/containerd/containerd: containerd: Denial of S... |
| Medium | CVE-2026-33997 | github.com/docker/docker | v25.0.6+incompatible | 29.3.1 | moby: docker: github.com/moby/moby: Moby: Privilege valid... |
| Medium | CVE-2026-41568 | github.com/docker/docker | v25.0.6+incompatible | β | github.com/docker/docker: github.com/moby/moby: Moby: Den... |
| Medium | CVE-2025-47914 | golang.org/x/crypto | v0.31.0 | 0.45.0 | golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial ... |
| Medium | CVE-2025-58181 | golang.org/x/crypto | v0.31.0 | 0.45.0 | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial ... |
| Medium | CVE-2026-39827 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:... |
| Medium | CVE-2026-39833 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/ag... |
| Medium | CVE-2026-39834 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh:... |
| Medium | CVE-2026-46598 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypt... |
| Medium | CVE-2025-22870 | golang.org/x/net | v0.26.0 | 0.36.0 | golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: ... |
| Medium | CVE-2025-22872 | golang.org/x/net | v0.26.0 | 0.38.0 | golang.org/x/net/html: Incorrect Neutralization of Input ... |
| Medium | CVE-2025-47911 | golang.org/x/net | v0.26.0 | 0.45.0 | golang.org/x/net/html: Quadratic parsing complexity in go... |
| Medium | CVE-2025-58190 | golang.org/x/net | v0.26.0 | 0.45.0 | golang.org/x/net/html: Infinite parsing loop in golang.or... |
| Medium | CVE-2026-25680 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Denial of S... |
| Medium | CVE-2026-42502 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| Medium | CVE-2026-42506 | golang.org/x/net | v0.26.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Cross-Site ... |
| Medium | CVE-2025-32386 | helm.sh/helm/v3 | v3.16.4 | 3.17.3 | helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Ar... |
| Medium | CVE-2025-32387 | helm.sh/helm/v3 | v3.16.4 | 3.17.3 | helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Sch... |
| Medium | CVE-2025-55198 | helm.sh/helm/v3 | v3.16.4 | 3.18.5 | helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability |
| Medium | CVE-2025-55199 | helm.sh/helm/v3 | v3.16.4 | 3.18.5 | helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service |
| Medium | CVE-2026-35206 | helm.sh/helm/v3 | v3.16.4 | 3.20.2 | github.com/helm/helm: Helm: Files written to unexpected d... |
| Medium | CVE-2025-13281 | k8s.io/kubernetes | v1.34.0 | 1.32.10, 1.33.6, 1.34.2 | kube-controller-manager: Portworx Half-Blind SSRF in kube... |
| Medium | CVE-2025-47912 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The Parse function permits values other than IPv6 address... |
| Medium | CVE-2025-58183 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | tar.Reader does not set a maximum size on the number of s... |
| Medium | CVE-2025-58185 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Parsing a maliciously crafted DER payload could allocate ... |
| Medium | CVE-2025-58187 | stdlib | v1.24.6 | 1.24.9, 1.25.3 | Due to the design of the name constraint checking algorit... |
| Medium | CVE-2025-58188 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Validating certificate chains which contain DSA public ke... |
| Medium | CVE-2025-58189 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | When Conn.Handshake fails during ALPN negotiation the err... |
| Medium | CVE-2025-61723 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The processing time for parsing some invalid inputs scale... |
| Medium | CVE-2025-61724 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The Reader.ReadResponse function constructs a response st... |
| Medium | CVE-2025-61725 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The ParseAddress function constructs domain-literal addre... |
| Medium | CVE-2025-61727 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | An excluded subdomain constraint in a certificate chain d... |
| Medium | CVE-2025-61728 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | archive/zip uses a super-linear file name indexing algori... |
| Medium | CVE-2025-61730 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | During the TLS 1.3 handshake if multiple messages are sen... |
| Medium | CVE-2026-27142 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | Actions which insert URLs into the content attribute of H... |
| Medium | CVE-2026-32282 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | On Linux, if the target of Root.Chmod is replaced with a ... |
| Medium | CVE-2026-32288 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | tar.Reader can allocate an unbounded amount of memory whe... |
| Medium | CVE-2026-32289 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | html/template: golang: html/template: Cross-Site Scriptin... |
| Medium | CVE-2026-39823 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | html/template: golang: Go html/template: Cross-Site Scrip... |
| Medium | CVE-2026-39825 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/httputil: golang: net/http/httputil: ReverseProx... |
| Medium | CVE-2026-39826 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | If a trusted template author were to write a <script> tag... |
| Medium | CVE-2026-42505 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | Handshakes which used Encrypted Client Hello could be de-... |
| Medium | CVE-2026-42507 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | When returning errors, functions in the net/textproto pac... |
| Medium | GO-2024-3333 | golang.org/x/net | v0.26.0 | 0.33.0 | An attacker can craft an input to the Parse functions tha... |
| Medium | GO-2026-4342 | stdlib | go1.24.6 | 1.24.12 | archive/zip uses a super-linear file name indexing algori... |
| Medium | GO-2025-4012 | stdlib | go1.24.6 | 1.24.8 | Despite HTTP headers having a default limit of 1MB, the n... |
| Medium | GO-2025-3595 | golang.org/x/net | v0.26.0 | 0.38.0 | The tokenizer incorrectly interprets tags with unquoted a... |
| Medium | GHSA-j5w8-q4qc-rx2x | golang.org/x/crypto | v0.31.0 | 0.45.0 | golang.org/x/crypto/ssh allows an attacker to cause unbou... |
| Medium | GO-2025-4134 | golang.org/x/crypto | v0.31.0 | 0.45.0 | SSH servers parsing GSSAPI authentication requests do not... |
| Medium | GO-2025-4015 | stdlib | go1.24.6 | 1.24.8 | The Reader.ReadResponse function constructs a response st... |
| Medium | GO-2025-4011 | stdlib | go1.24.6 | 1.24.8 | Parsing a maliciously crafted DER payload could allocate ... |
| Medium | GO-2026-4440 | golang.org/x/net | v0.26.0 | 0.45.0 | The html.Parse function in golang.org/x/net/html has quad... |
| Medium | GHSA-5xqw-8hwv-wg92 | helm.sh/helm/v3 | v3.16.4 | 3.17.3 | Helm Allows A Specially Crafted JSON Schema To Cause A St... |
| Medium | GHSA-f6x5-jh6r-wrfv | golang.org/x/crypto | v0.31.0 | 0.45.0 | golang.org/x/crypto/ssh/agent vulnerable to panic if mess... |
| Medium | GO-2025-4135 | golang.org/x/crypto | v0.31.0 | 0.45.0 | SSH Agent servers do not validate the size of messages wh... |
| Medium | GO-2026-4441 | golang.org/x/net | v0.26.0 | 0.45.0 | The html.Parse function in golang.org/x/net/html has an i... |
| Medium | GHSA-vvgc-356p-c3xw | golang.org/x/net | v0.26.0 | 0.38.0 | golang.org/x/net vulnerable to Cross-site Scripting |
| Medium | GHSA-4hfp-h4cw-hj8p | helm.sh/helm/v3 | v3.16.4 | 3.17.3 | Helm Allows A Specially Crafted Chart Archive To Cause Ou... |
| Medium | GHSA-pxq6-2prw-chj9 | github.com/docker/docker | v25.0.6+incompatible | β | Moby has an Off-by-one error in its plugin privilege vali... |
| Medium | GO-2025-4008 | stdlib | go1.24.6 | 1.24.8 | When Conn.Handshake fails during ALPN negotiation the err... |
| Medium | GO-2025-4010 | stdlib | go1.24.6 | 1.24.8 | The Parse function permits values other than IPv6 address... |
| Medium | GO-2026-5856 | stdlib | go1.24.6 | 1.25.12 | Handshakes which used Encrypted Client Hello could be de-... |
| Medium | GO-2026-4980 | stdlib | go1.24.6 | 1.25.10 | If a trusted template author were to write a <script> tag... |
| Medium | GHSA-78mq-xcr3-xm33 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto is vulnerable to invoking server pani... |
| Medium | GO-2026-4976 | stdlib | go1.24.6 | 1.25.10 | ReverseProxy can forward queries containing parameters no... |
| Medium | GHSA-r6j8-c6r2-37rr | k8s.io/kubernetes | v1.34.0 | 1.34.2 | kube-controller-manager is vulnerable to half-blind Serve... |
| Medium | GO-2025-4014 | stdlib | go1.24.6 | 1.24.8 | tar.Reader does not set a maximum size on the number of s... |
| Medium | GHSA-9h84-qmv7-982p | helm.sh/helm/v3 | v3.16.4 | 3.18.5 | Helm Charts with Specific JSON Schema Values Can Cause Me... |
| Medium | GO-2026-5039 | stdlib | go1.24.6 | 1.25.11 | When returning errors, functions in the net/textproto pac... |
| Medium | GHSA-f9f8-9pmf-xv68 | helm.sh/helm/v3 | v3.16.4 | 3.18.5 | Helm May Panic Due To Incorrect YAML Content |
| Medium | GHSA-jpcc-p29g-p8mq | github.com/containerd/containerd | v1.7.23 | 1.7.33 | containerd image-triggered runtime DoS via unbounded grou... |
| Medium | GO-2026-4603 | stdlib | go1.24.6 | 1.25.8 | Actions which insert URLs into the content attribute of H... |
| Medium | GHSA-qxp5-gwg8-xv66 | golang.org/x/net | v0.26.0 | 0.36.0 | HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net |
| Medium | GO-2025-3503 | golang.org/x/net | v0.26.0 | 0.36.0 | Matching of hosts against proxy patterns can improperly t... |
| Medium | GHSA-45gg-vh54-h5m9 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto vulnerable to invoking bypass of cert... |
| Medium | GO-2026-4982 | stdlib | go1.24.6 | 1.25.10 | CVE-2026-27142 fixed a vulnerability in which URLs were n... |
| Medium | GO-2026-4864 | stdlib | go1.24.6 | 1.25.9 | On Linux, if the target of Root.Chmod is replaced with a ... |
| Medium | CVE-2025-60876 | busybox | 1.37.0-r31 | β | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | busybox-binsh | 1.37.0-r31 | β | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | ssl_client | 1.37.0-r31 | β | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | GHSA-9m57-25v3-79x9 | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking pathological inputs can lea... |
| Medium | GO-2026-5033 | golang.org/x/crypto | v0.31.0 | 0.52.0 | For certain crafted inputs, a 'ed25519.PrivateKey' was cr... |
| Medium | GO-2026-4865 | stdlib | go1.24.6 | 1.25.9 | Context was not properly tracked across template branches... |
| Medium | GO-2025-4175 | stdlib | go1.24.6 | 1.24.11 | An excluded subdomain constraint in a certificate chain d... |
| Medium | GO-2026-4869 | stdlib | go1.24.6 | 1.25.9 | tar.Reader can allocate an unbounded amount of memory whe... |
| Medium | GHSA-5cv4-jp36-h3mw | golang.org/x/net | v0.26.0 | 0.55.0 | Go Net HTML parser is vulnerable to denial of service |
| Medium | GO-2026-5028 | golang.org/x/net | v0.26.0 | 0.55.0 | Parsing arbitrary HTML can consume excessive CPU time, po... |
| Medium | GO-2026-4340 | stdlib | go1.24.6 | 1.24.12 | During the TLS 1.3 handshake if multiple messages are sen... |
| Medium | GHSA-265r-hfxg-fhmg | github.com/containerd/containerd | v1.7.23 | 1.7.27 | containerd has an integer overflow in User ID handling |
| Medium | GHSA-qpw4-5x99-6vjp | golang.org/x/crypto | v0.31.0 | 0.52.0 | golang.org/x/crypto: Invoking memory leak when rejecting ... |
| Medium | GO-2026-5016 | golang.org/x/crypto | v0.31.0 | 0.52.0 | An authenticated SSH client that repeatedly opened channe... |
| Medium | GO-2026-5025 | golang.org/x/net | v0.26.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5027 | golang.org/x/net | v0.26.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5029 | golang.org/x/net | v0.26.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5030 | golang.org/x/net | v0.26.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GHSA-hr2v-4r36-88hr | helm.sh/helm/v3 | v3.16.4 | 3.20.2 | Helm Chart extraction output directory collapse via `Char... |
| Medium | GHSA-m6hq-p25p-ffr2 | github.com/containerd/containerd | v1.7.23 | 1.7.29 | containerd CRI server: Host memory exhaustion through Att... |
| Medium | CVE-2026-39817 | stdlib | go1.24.6 | 1.25.10 | The "go tool pack" subcommand (usually used only by the c... |
| Medium | CVE-2026-39819 | stdlib | go1.24.6 | 1.25.10 | The "go bug" command writes to two files with predictable... |
| Medium | GHSA-vp62-88p7-qqf5 | github.com/docker/docker | v25.0.6+incompatible | β | Docker: Race condition in docker cp allows creation of ar... |
| Low | CVE-2025-54410 | github.com/docker/docker | v25.0.6+incompatible | 25.0.13, 28.0.0 | github.com/moby/moby: Moby's Firewalld reload removes bri... |
| Low | CVE-2026-48978 | oras.land/oras-go | v1.2.5 | β | oras-go: oras-go: Information disclosure and TLS downgrad... |
| Low | CVE-2025-58186 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Despite HTTP headers having a default limit of 1MB, the n... |
| Low | CVE-2026-27139 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | On Unix platforms, when listing the contents of a directo... |
| Low | GO-2026-4602 | stdlib | go1.24.6 | 1.25.8 | On Unix platforms, when listing the contents of a directo... |
| Low | GHSA-4vq8-7jfc-9cvp | github.com/docker/docker | v25.0.6+incompatible | 25.0.13 | Moby firewalld reload removes bridge network isolation |
| Low | GO-2026-5024 | golang.org/x/sys | v0.28.0 | 0.44.0 | NewNTUnicodeString does not check for string length overf... |
| Low | GHSA-xf85-363p-868w | oras.land/oras-go | v1.2.5 | β | oras-go: Malicious registry can hijack Bearer token realm... |
Full changelog
- [
2943723] best-effort HelmRelease rendering for cluster-absent runs (SoFMeRight) - [
760aaa5] refresh generated docs and badges (stagefreight) - [
af24b4a] best-effort live-cluster augmentation for blind backends (SoFMeRight) - [
9c8bcc3] refresh generated docs and badges (stagefreight) - [
c154158] never prune a port PolySieve cannot account for (SoFMeRight) - [
392598d] refresh generated docs and badges (stagefreight)