Skip to content

Container Vulnerability Scanner Failed #278

New issue
New issue
Open
Open
Container Vulnerability Scanner Failed#278
Labels
dls-work-cyclesecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Jan 29, 2026

Trivy Vulnerability Scan failed.

URL: https://github.com/pulibrary/abid/actions/runs/21573366812
Output:


ghcr.io/pulibrary/imagecat-rails:main (debian 13.3)
===================================================
Total: 6 (HIGH: 3, CRITICAL: 3)

┌─────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│         Library         │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ libssl3t64              │ CVE-2025-15467 │ CRITICAL │ fixed  │ 3.5.4-1~deb13u1   │ 3.5.4-1~deb13u2 │ openssl: OpenSSL: Remote code execution or Denial of Service │
│                         │                │          │        │                   │                 │ via oversized Initialization...                              │
│                         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-15467                   │
│                         ├────────────────┼──────────┤        │                   │                 ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2025-69419 │ HIGH     │        │                   │                 │ openssl: OpenSSL: Arbitrary code execution due to            │
│                         │                │          │        │                   │                 │ out-of-bounds write in PKCS#12 processing...                 │
│                         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-69419                   │
├─────────────────────────┼────────────────┼──────────┤        │                   │                 ├──────────────────────────────────────────────────────────────┤
│ openssl                 │ CVE-2025-15467 │ CRITICAL │        │                   │                 │ openssl: OpenSSL: Remote code execution or Denial of Service │
│                         │                │          │        │                   │                 │ via oversized Initialization...                              │
│                         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-15467                   │
│                         ├────────────────┼──────────┤        │                   │                 ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2025-69419 │ HIGH     │        │                   │                 │ openssl: OpenSSL: Arbitrary code execution due to            │
│                         │                │          │        │                   │                 │ out-of-bounds write in PKCS#12 processing...                 │
│                         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-69419                   │
├─────────────────────────┼────────────────┼──────────┤        │                   │                 ├──────────────────────────────────────────────────────────────┤
│ openssl-provider-legacy │ CVE-2025-15467 │ CRITICAL │        │                   │                 │ openssl: OpenSSL: Remote code execution or Denial of Service │
│                         │                │          │        │                   │                 │ via oversized Initialization...                              │
│                         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-15467                   │
│                         ├────────────────┼──────────┤        │                   │                 ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2025-69419 │ HIGH     │        │                   │                 │ openssl: OpenSSL: Arbitrary code execution due to            │
│                         │                │          │        │                   │                 │ out-of-bounds write in PKCS#12 processing...                 │
│                         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-69419                   │
└─────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

Metadata

Metadata

Assignees

No one assigned

    Labels

    dls-work-cyclesecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions