High and Critical Vulnerability Report

My internal tool scan of the latest image identified several high and critical vulnerabilities, mostly in the OS and runtime layers. I understand the project may have varying update cycles and im not sure how often this project is maintained, but it would be great if these could be addressed in a future release. 

Image: quay.io/clustersecret/clustersecret@sha256:a9f835d1b2416cba00d8efe05523d8c0792ebf5d49d9fb98d02c089f8259c287

Vulnerabilities Summary

CVE-2025-6965 – High (Critical)
Package: libsqlite3-0
Current Version: 3.40.1-2+deb12u1 → Fixed Version: 3.40.1-2+deb12u2
Remediation: apt upgrade libsqlite3-0
Reference: [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2025-6965)

CVE-2025-6020 – High
Packages: libpam-runtime, libpam-modules, libpam0g, libpam-modules-bin
Current Version: 1.5.2-6+deb12u1
Remediation: Update affected PAM packages
Reference: [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2025-6020)

CVE-2025-9230 – High
Packages: openssl, libssl3
Current Version: 3.0.15-1~deb12u1 → Fixed Version: 3.0.17-1~deb12u3
Remediation: apt upgrade openssl libssl3
Reference: [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2025-9230)

CVE-2025-0395 – High
Packages: libc6, libc-bin
Current Version: 2.36-9+deb12u9 → Fixed Version: 2.36-9+deb12u10
Remediation: apt upgrade libc6 libc-bin
Reference: [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2025-0395)

CVE-2025-4802 – High
Packages: libc6, libc-bin
Current Version: 2.36-9+deb12u9 → Fixed Version: 2.36-9+deb12u11
Remediation: apt upgrade libc6 libc-bin
Reference: [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2025-4802)

CVE-2025-32990 / CVE-2025-32988 – High
Package: libgnutls30
Current Version: 3.7.9-2+deb12u3 → Fixed Version: 3.7.9-2+deb12u5
Remediation: apt upgrade libgnutls30
Reference: [Debian Security Tracker (32990)](https://security-tracker.debian.org/tracker/CVE-2025-32990)
, [Debian Security Tracker (32988)](https://security-tracker.debian.org/tracker/CVE-2025-32988)

CVE-2025-47273 – High
Library: setuptools
Current Version: 75.8.0 → Fixed Version: 78.1.1
Remediation: pip install --upgrade setuptools
Reference: [GitHub Advisory](https://github.com/advisories/GHSA-5rjg-fvgr-3xxf)

CVE-2023-36632 – High (Exploit exists)
Component: Python Interpreter
Current Version: 3.9.21 → Fixed Version: 3.11.5
Remediation: Update Python interpreter
Reference: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-36632)

CVE-2025-4435 / CVE-2025-4330 / CVE-2025-4138 / CVE-2025-8194 / CVE-2025-4517 – High / Critical
Component: Python Interpreter
Versions: Varies per CVE → Update to latest recommended version (3.9.23 / 3.9.24)
Remediation: Update Python interpreter
Reference: [VulnCheck](https://vulncheck.com/)

CVE-2023-31484 / CVE-2024-56406 – High
Package: perl-base
Current Version: 5.36.0-7+deb12u1 → Fixed Version: 5.36.0-7+deb12u2 / u3
Remediation: apt upgrade perl-base
Reference: [Debian Security Tracker (31484)](https://security-tracker.debian.org/tracker/CVE-2023-31484)
, [Debian Security Tracker (56406)](https://security-tracker.debian.org/tracker/CVE-2024-56406)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

High and Critical Vulnerability Report #171

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

High and Critical Vulnerability Report #171

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions