Multiple CVEs are reported by Trivy scan tool. Looks like this is because of the go version.

[KisanK79]

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
github.com/golang-jwt/jwt/v4	CVE-2024-51744	LOW	fixed	v4.4.2	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially... Details
golang.org/x/crypto	CVE-2024-45337	CRITICAL		v0.27.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto. Details
golang.org/x/net	CVE-2024-45338	HIGH		v0.29.0	0.33.0	golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html. Details

[nablaux]

I am having the same golang.org/x/crypto related CVE issue reported by Aikido.
It would be great if this can be addressed.

It seems there is already a PR for that but it is failing: #1210

[joschi]

Resolved by bc06922 in https://github.com/golang-migrate/migrate/releases/tag/v4.18.2.