v2.45.2 vulnerabilities #3149
Description
Describe the bug
CVE scanner found HIGH vulnerabilities.
To Reproduce
Pull the latest image temporalio/ui:2.45.2 from Dockerhub
Scan the image with any vulnerability scanner
I've used trivy.
14:18:00 $ trivy --version
Version: 0.69.1
Vulnerability DB:
Version: 2
UpdatedAt: 2026-02-10 18:45:00.479326566 +0000 UTC
NextUpdate: 2026-02-11 18:45:00.479326385 +0000 UTC
DownloadedAt: 2026-02-10 21:53:53.003757 +0000 UTC
14:20:58 $ trivy image temporalio/ui:2.45.2
| CVE | Severity | Package | Installed Version | Fixed Version |
|---|---|---|---|---|
| CVE-2025-61726 | HIGH | stdlib (Go) | v1.24.11 | 1.24.12, 1.25.6 |
| CVE-2025-61728 | HIGH | stdlib (Go) | v1.24.11 | 1.24.12, 1.25.6 |
| CVE-2025-61730 | HIGH | stdlib (Go) | v1.24.11 | 1.24.12, 1.25.6 |
| CVE-2025-68121 | HIGH | stdlib (Go) | v1.24.11 | 1.24.13, 1.25.7 |
| CVE-2025-22869 | HIGH | golang.org/x/crypto | v0.32.0 | 0.35.0 |
Desktop (please complete the following information):*
- OS
14:24:17 $ uname -a
Darwin KHM9DWW9MT 24.6.0 Darwin Kernel Version 24.6.0: Wed Oct 15 21:12:05 PDT 2025; root:xnu-11417.140.69.703.14~1/RELEASE_ARM64_T6030 arm64
Additional context
Thank you; I've just encountered this in a CVE scanner.