hundreds of vulnerabilities reported in images

Open mcandre opened this issue 11 months ago • 2 comments

Docker Scout identifies hundreds of CVE's in the xgo images, including critical severity vulnerabilities.

What if we published xgo atop Fedora (41), which often acts as a more secure base image than Debian/Ubuntu family?

Feb 14 '25 05:02 mcandre

The reported cves from your report are all go cves, not ones based on the os. It seems like the go version it reported (1.17) is either wrongly detected or the docker image is out of date.

Feb 14 '25 07:02 kolaente

Updated to the go-1.24.x tag. Still hundreds of CVE.s

docker-scout.txt

Feb 16 '25 19:02 mcandre