Skip to content

v1.0.3 security vulnerabilities #151

New issue
New issue
Open
Open
v1.0.3 security vulnerabilities#151
@marcnorthover

Description

@marcnorthover
marcnorthover
opened on Jan 16, 2026

I ran a grype scan and it found these issues:

NAME                               INSTALLED            FIXED IN         TYPE       VULNERABILITY        SEVERITY  EPSS           RISK
golang.org/x/crypto                v0.42.0              0.45.0           go-module  GHSA-j5w8-q4qc-rx2x  Medium    < 0.1% (27th)  < 0.1
github.com/opencontainers/selinux  v1.11.1              1.13.0           go-module  GHSA-cgrx-mc8f-2prm  High      < 0.1% (9th)   < 0.1
github.com/containerd/containerd   v1.7.28              1.7.29           go-module  GHSA-m6hq-p25p-ffr2  Medium    < 0.1% (4th)   < 0.1
golang.org/x/crypto                v0.42.0              0.45.0           go-module  GHSA-f6x5-jh6r-wrfv  Medium    < 0.1% (3rd)   < 0.1
github.com/nwaples/rardecode/v2    v2.1.0               2.2.0            go-module  GHSA-rwvp-r38j-9rgg  Medium    < 0.1% (2nd)   < 0.1
github.com/containerd/containerd   v1.7.28              1.7.29           go-module  GHSA-pwhc-rpq9-4c8w  High      < 0.1% (0th)   < 0.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    CBOMkit Development

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions