Current behavior
Trivy and Docker Scout report the vulnerability CVE-2025-68121 in cypress/included:15.13.1 current latest as a critical vulnerability. The GitHub Advisory Database (GHSA-h355-32pf-p2xm) however lists it as moderate severity.
Desired behavior
There should be no critical severity vulnerabilities reported in cypress/included:latest
Test code to reproduce
trivy image --ignore-unfixed --pkg-types library --scanners vuln --severity CRITICAL cypress/included:15.13.1
Cypress Version
First reported on version: 15.13.1
Reproducible also on: 15.14.1
Debug Logs
root/.cache/Cypress/15.13.1/Cypress/resources/app/node_modules/@esbuild/linux-x64/bin/esbuild (gobinary)
Total: 1 (CRITICAL: 1)
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬──────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼──────────────────────────────────────────────────────────┤
│ stdlib │ CVE-2025-68121 │ CRITICAL │ fixed │ v1.23.12 │ 1.24.13, 1.25.7, 1.26.0-rc.3 │ crypto/tls: crypto/tls: Incorrect certificate validation │
│ │ │ │ │ │ │ during TLS session resumption │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-68121 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴──────────────────────────────────────────────────────────┘
Other
Cypress is currently configured with esbuild@^0.25.2, installed as esbuild@0.25.9
esbuild@0.28.0 (current latest) has updated go to v1.26.1, which is above the version listed as fixed.
Current behavior
Trivy and Docker Scout report the vulnerability CVE-2025-68121 in
cypress/included:15.13.1currentlatestas a critical vulnerability. The GitHub Advisory Database (GHSA-h355-32pf-p2xm) however lists it as moderate severity.Desired behavior
There should be no critical severity vulnerabilities reported in
cypress/included:latestTest code to reproduce
Cypress Version
First reported on version:
15.13.1Reproducible also on:
15.14.1Debug Logs
root/.cache/Cypress/15.13.1/Cypress/resources/app/node_modules/@esbuild/linux-x64/bin/esbuild (gobinary)
Other
Cypress is currently configured with
esbuild@^0.25.2, installed asesbuild@0.25.9esbuild@0.28.0 (current
latest) has updatedgotov1.26.1, which is above the version listed as fixed.