Skip to content

Weekly audit refresh: 29236242866#63

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
chore/weekly-audit-refresh
Open

Weekly audit refresh: 29236242866#63
github-actions[bot] wants to merge 1 commit into
mainfrom
chore/weekly-audit-refresh

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

CVE delta

Net change

Severity Added Removed Net
Critical 0 1 -1
High 79 1 +78
Medium 85 13 +72
Low 7 6 +1

Changed images: 28 of 44

Per-image detail

adguard-adguardhome-v0.107.76

  • Added: C:0 H:1 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

baserow-baserow-2.2.2

  • Added: C:0 H:6 M:5 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-53615 (HIGH) — bsdutils
      • CVE-2026-56131 (HIGH) — libexpat1
      • CVE-2026-56407 (HIGH) — libexpat1
      • CVE-2026-56408 (HIGH) — libexpat1
      • CVE-2026-8932 (HIGH) — curl
      • CVE-2026-42505 (MEDIUM) — stdlib
      • CVE-2026-4360 (MEDIUM) — libpython3.13-minimal
      • ...and 4 more

deluan-navidrome-0.61.2

  • Added: C:0 H:1 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

docker.io-caddy-2.11.3

  • Added: C:0 H:2 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

docker.io-library-postgres-18.4-alpine3.23

  • Added: C:0 H:2 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

docker.io-louislam-uptime-kuma-2.3.2

  • Added: C:0 H:7 M:6 L:1
  • Removed: C:1 H:0 M:1 L:1
    • [NEW]:
      • CVE-2026-14739 (HIGH) — libdbi-perl
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-53615 (HIGH) — bsdutils
      • CVE-2026-56131 (HIGH) — libexpat1
      • CVE-2026-56407 (HIGH) — libexpat1
      • CVE-2026-56408 (HIGH) — libexpat1
      • CVE-2026-8932 (HIGH) — curl
      • CVE-2026-14740 (MEDIUM) — libdbi-perl
      • ...and 6 more
    • [FIXED]:
      • CVE-2026-56123 (CRITICAL) — socat
      • CVE-2026-48523 (MEDIUM) — python3-jwt
      • CVE-2026-9547 (LOW) — curl

docker.io-mariadb-12.2.2

  • Added: C:0 H:1 M:4 L:1
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-41991 (MEDIUM) — gzip
      • CVE-2026-41992 (MEDIUM) — gzip
      • CVE-2026-42505 (MEDIUM) — stdlib
      • CVE-2026-56123 (MEDIUM) — socat
      • CVE-2024-54661 (LOW) — socat

docker.io-mongo-8.3.2

  • Added: C:0 H:1 M:3 L:0
  • Removed: C:0 H:0 M:1 L:1
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-41991 (MEDIUM) — gzip
      • CVE-2026-41992 (MEDIUM) — gzip
      • CVE-2026-42505 (MEDIUM) — stdlib
    • [FIXED]:
      • CVE-2026-11856 (MEDIUM) — libcurl4t64
      • CVE-2026-12064 (LOW) — libcurl4t64

docuseal-docuseal-3.0.0

  • Added: C:0 H:4 M:2 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-56131 (HIGH) — libexpat
      • CVE-2026-56407 (HIGH) — libexpat
      • CVE-2026-56408 (HIGH) — libexpat
      • CVE-2026-50142 (MEDIUM) — libheif
      • CVE-2026-56409 (MEDIUM) — libexpat

fnsys-dockhand-v1.0.29

  • Added: C:0 H:4 M:2 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — docker-cli-buildx
      • CVE-2026-56131 (HIGH) — libexpat1
      • CVE-2026-56407 (HIGH) — libexpat1
      • CVE-2026-56408 (HIGH) — libexpat1
      • CVE-2026-42505 (MEDIUM) — docker-cli-buildx
      • CVE-2026-56409 (MEDIUM) — libexpat1

freshrss-freshrss-1.29.1-alpine

  • Added: C:0 H:9 M:8 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-34355 (HIGH) — apache2
      • CVE-2026-42536 (HIGH) — apache2
      • CVE-2026-44185 (HIGH) — apache2
      • CVE-2026-44186 (HIGH) — apache2
      • CVE-2026-49975 (HIGH) — apache2
      • CVE-2026-56131 (HIGH) — libexpat
      • CVE-2026-56407 (HIGH) — libexpat
      • ...and 9 more

ghcr.io-goauthentik-server-2026.2.3

  • Added: C:0 H:6 M:3 L:0
  • Removed: C:0 H:0 M:1 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-53359 (HIGH) — linux-libc-dev
      • CVE-2026-53360 (HIGH) — linux-libc-dev
      • CVE-2026-53362 (HIGH) — linux-libc-dev
      • CVE-2026-53615 (HIGH) — bsdutils
      • CVE-2026-8932 (HIGH) — curl
      • CVE-2026-42505 (MEDIUM) — stdlib
      • CVE-2026-53361 (MEDIUM) — linux-libc-dev
      • ...and 1 more
    • [FIXED]:
      • CVE-2026-53166 (MEDIUM) — linux-libc-dev

ghcr.io-open-webui-open-webui-0.9.5

  • Added: C:0 H:9 M:8 L:2
  • Removed: C:0 H:0 M:5 L:1
    • [NEW]:
      • CVE-2026-49476 (HIGH) — soupsieve
      • CVE-2026-49477 (HIGH) — soupsieve
      • CVE-2026-53359 (HIGH) — linux-libc-dev
      • CVE-2026-53362 (HIGH) — linux-libc-dev
      • CVE-2026-53615 (HIGH) — bsdutils
      • CVE-2026-56131 (HIGH) — libexpat1
      • CVE-2026-56407 (HIGH) — libexpat1
      • CVE-2026-56408 (HIGH) — libexpat1
      • ...and 11 more
    • [FIXED]:
      • CVE-2025-27809 (MEDIUM) — libmbedcrypto7
      • CVE-2025-54764 (MEDIUM) — libmbedcrypto7
      • CVE-2025-59438 (MEDIUM) — libmbedcrypto7
      • CVE-2026-53166 (MEDIUM) — linux-libc-dev
      • GHSA-gr75-jv2w-4656 (MEDIUM) — langchain
      • CVE-2026-9547 (LOW) — curl

ghcr.io-stoatchat-livekit-server-v1.9.13

  • Added: C:0 H:1 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

ghcr.io-wg-easy-wg-easy-15.3.0

  • Added: C:0 H:1 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

ghcr.io-ylianst-meshcentral-1.1.59-mongodb

  • Added: C:0 H:1 M:0 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares

ghcr.io-zulip-zulip-server-12.0-0

  • Added: C:0 H:4 M:22 L:1
  • Removed: C:0 H:0 M:2 L:1
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-49476 (HIGH) — soupsieve
      • CVE-2026-49477 (HIGH) — soupsieve
      • CVE-2026-53359 (HIGH) — linux-libc-dev
      • CVE-2025-69534 (MEDIUM) — libpython3.12-dev
      • CVE-2026-1299 (MEDIUM) — libpython3.12-dev
      • CVE-2026-1502 (MEDIUM) — libpython3.12-dev
      • CVE-2026-3276 (MEDIUM) — libpython3.12-dev
      • ...and 19 more
    • [FIXED]:
      • CVE-2026-11856 (MEDIUM) — curl
      • CVE-2026-53166 (MEDIUM) — linux-libc-dev
      • CVE-2026-12064 (LOW) — curl

lscr.io-linuxserver-jellyfin-10.11.9

  • Added: C:0 H:0 M:2 L:0
  • Removed: C:0 H:0 M:1 L:1
    • [NEW]:
      • CVE-2026-41991 (MEDIUM) — gzip
      • CVE-2026-41992 (MEDIUM) — gzip
    • [FIXED]:
      • CVE-2026-11856 (MEDIUM) — curl
      • CVE-2026-12064 (LOW) — curl

mongo-8.3.2

  • Added: C:0 H:1 M:3 L:0
  • Removed: C:0 H:0 M:1 L:1
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-41991 (MEDIUM) — gzip
      • CVE-2026-41992 (MEDIUM) — gzip
      • CVE-2026-42505 (MEDIUM) — stdlib
    • [FIXED]:
      • CVE-2026-11856 (MEDIUM) — libcurl4t64
      • CVE-2026-12064 (LOW) — libcurl4t64

n8nio-runners-2.22.1

  • Added: C:0 H:1 M:2 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib
      • CVE-2026-8643 (MEDIUM) — pip

nextcloud-33.0.3-fpm-alpine

  • Added: C:0 H:4 M:3 L:1
  • Removed: C:0 H:0 M:1 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-56131 (HIGH) — libexpat
      • CVE-2026-56407 (HIGH) — libexpat
      • CVE-2026-56408 (HIGH) — libexpat
      • CVE-2026-50142 (MEDIUM) — libheif
      • CVE-2026-55599 (MEDIUM) — phpseclib/phpseclib
      • CVE-2026-56409 (MEDIUM) — libexpat
      • GHSA-gq4g-fpc9-vjfq (LOW) — web-auth/webauthn-lib
    • [FIXED]:
      • GHSA-m557-wrgg-6rp4 (MEDIUM) — phpseclib/phpseclib

nginx-1.31.0-alpine3.23

  • Added: C:0 H:4 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-56131 (HIGH) — libexpat
      • CVE-2026-56407 (HIGH) — libexpat
      • CVE-2026-56408 (HIGH) — libexpat
      • CVE-2026-56409 (MEDIUM) — libexpat

postgres-18.4

  • Added: C:0 H:2 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-53615 (HIGH) — bsdutils
      • CVE-2026-42505 (MEDIUM) — stdlib

qbittorrentofficial-qbittorrent-nox-5.2.0-1

  • Added: C:0 H:4 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-56131 (HIGH) — libexpat
      • CVE-2026-56407 (HIGH) — libexpat
      • CVE-2026-56408 (HIGH) — libexpat
      • CVE-2026-56409 (MEDIUM) — libexpat

rabbitmq-4.3.0

  • Added: C:0 H:0 M:2 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-41991 (MEDIUM) — gzip
      • CVE-2026-41992 (MEDIUM) — gzip

syncthing-syncthing-2.1.0

  • Added: C:0 H:2 M:1 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares
      • CVE-2026-39822 (HIGH) — stdlib
      • CVE-2026-42505 (MEDIUM) — stdlib

towfiqi-serpbear-3.1.0

  • Added: C:0 H:0 M:0 L:0
  • Removed: C:0 H:1 M:0 L:0
    • [FIXED]:
      • CVE-2026-44492 (HIGH) — axios

vaultwarden-server-1.36.0-alpine

  • Added: C:0 H:1 M:0 L:0
  • Removed: C:0 H:0 M:0 L:0
    • [NEW]:
      • CVE-2026-33630 (HIGH) — c-ares

@github-actions
github-actions Bot enabled auto-merge (squash) June 15, 2026 07:46
@github-actions github-actions Bot changed the title Weekly audit refresh: 27531642510 Weekly audit refresh: 27937554468 Jun 22, 2026
@github-actions
github-actions Bot force-pushed the chore/weekly-audit-refresh branch 2 times, most recently from b731738 to ee0b4cb Compare June 29, 2026 07:31
@github-actions github-actions Bot changed the title Weekly audit refresh: 27937554468 Weekly audit refresh: 28355862242 Jun 29, 2026
@github-actions
github-actions Bot force-pushed the chore/weekly-audit-refresh branch from ee0b4cb to f74a280 Compare July 6, 2026 07:24
@github-actions github-actions Bot changed the title Weekly audit refresh: 28355862242 Weekly audit refresh: 28774870590 Jul 6, 2026
@github-actions
github-actions Bot force-pushed the chore/weekly-audit-refresh branch from f74a280 to dd640f5 Compare July 13, 2026 08:41
@github-actions github-actions Bot changed the title Weekly audit refresh: 28774870590 Weekly audit refresh: 29236242866 Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant