keep icon indicating copy to clipboard operation
keep copied to clipboard
verified publisher icon keephq

[Low][Security] Security Scan: Detected in Keep Backend API Image v0.46.0

Open RGadi9360 opened this issue 4 months ago • 2 comments

Describe the bug Security scan of the keep-backend-api:v0.46.0 image flagged multiple vulnerabilities, including critical and high severity CVEs. These vulnerabilities are present in the image layers, even if some modules are not actively used at runtime. To Reproduce Steps to reproduce the behavior:

Pull the keep-backend-api:v0.46.0 image

Run a vulnerability scan using tools like Trivy, Snyk, or Clair

Review the scan results

See flagged CVEs

Expected behavior The image should be free of known critical and high vulnerabilities, or unused vulnerable modules should be excluded from the final build to avoid compliance issues.

Screenshots If applicable, add screenshots to help explain your problem.

Flagged vulnerabilities include:

Critical:

    CVE-2025-6965 (SQLite memory corruption)

High:

    CVE-2023-37920 (Certifi trusted root issue)

Medium:

    CVE-2025-54121

    CVE-2025-4575 (multiple instances)

    CVE-2024-27306

    CVE-2023-32681

    CVE-2022-23491

    CVE-2024-9143

    CVE-2024-13176

Low:

    CVE-2025-53643

    CVE-2024-40647

    CVE-2024-12797

These were flagged during internal compliance scans. Please advise if a newer image version addresses these, or if a patch is planned.

RGadi9360 avatar Aug 28 '25 13:08 RGadi9360

@RGadi9360 please attach the scan output

shahargl avatar Aug 28 '25 13:08 shahargl

here are the reports. @shahargl keep_keep-api_0_46_0.xlsx keephq_keep_keep-ui_0_46_0.xlsx

RGadi9360 avatar Sep 03 '25 14:09 RGadi9360