Trivy Vulnerability Report for branch master

[github-actions]

🛡️ Trivy Scan Report for branch master

• File: api/v2/go.mod
  • Vulnerability ID: CVE-2026-33186
  • Pkg: google.golang.org/grpc v1.73.0
  • Severity: CRITICAL
  • Title: google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

• File: examples/go.mod
  • Vulnerability ID: CVE-2026-34986
  • Pkg: github.com/go-jose/go-jose/v4 v4.0.5
  • Severity: HIGH
  • Title: github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

• File: examples/go.mod
  • Vulnerability ID: CVE-2026-33186
  • Pkg: google.golang.org/grpc v1.74.2
  • Severity: CRITICAL
  • Title: google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

• File: go.mod
  • Vulnerability ID: CVE-2026-34986
  • Pkg: github.com/go-jose/go-jose/v4 v4.1.1
  • Severity: HIGH
  • Title: github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

• File: go.mod
  • Vulnerability ID: CVE-2026-33487
  • Pkg: github.com/russellhaering/goxmldsig v1.5.0
  • Severity: HIGH
  • Title: github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue

• File: go.mod
  • Vulnerability ID: CVE-2026-33186
  • Pkg: google.golang.org/grpc v1.74.2
  • Severity: CRITICAL
  • Title: google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation