Skip to content

[automatic] Publish and update 80 advisories for 40 packages #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[automatic] Publish and update 80 advisories for 40 packages #223

wants to merge 1 commit into from

Conversation

@jlsec-bot
Copy link
Contributor

@jlsec-bot jlsec-bot commented Nov 5, 2025

This action searched recent NVD/EUVD changes/publications, checking 2713 (+1) advisories from NVD and 295 (+2377) from EUVD for advisories that pertain here. It identified 80 advisories as being related to the Julia package(s): OpenSSH_jll, OpenSSL_jll, Openresty_jll, Expat_jll, Xorg_libX11_jll, nghttp2_jll, libnode_jll, Git_jll, Vim_jll, libLAS_jll, XML2_jll, CURL_jll, LibCURL_jll, GStreamer_jll, JasPer_jll, systemd_jll, FFMPEG_jll, FFplay_jll, Qt5Base_jll, Qt_jll, ruby_jll, BlueZ_jll, Poppler_jll, GnuTLS_jll, Rusticl_jll, MbedTLS_jll, TinyXML_jll, LibPQ_jll, libxls_jll, Tar_jll, LibSSH2_jll, ImageMagick_jll, Glib_jll, GlibNetworking_jll, util_linux_jll, Libuuid_jll, Libmount_jll, OpenEXR_jll, Ncurses_jll, and Graphviz_jll.

1 advisories failed to parse the source version range

These advisories seem to apply to a Julia package but had trouble identifying exactly how and at which versions.

  • CVE-2023-51767 for packages: OpenSSH_jll
    • OpenSSH_jll computed ["*"]. Its latest version (10.2.1+0) has components: {openssh = "10.2p1"}
      • openbsd:openssh at `` failed to parse

31 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

  • CVE-2021-33621 for packages: ruby_jll
    • ruby_jll computed ["*"]. Its latest version (2.7.1+0) has components: {ruby = "2.7.1"}
      • ruby-lang:ruby at >= 2.7.0, < 2.7.7 includes all versions
  • CVE-2021-3658 for packages: BlueZ_jll
    • BlueZ_jll computed ["*"]. Its latest version (5.54.0+1) has components: {bluez-sixaxis = "5.54", bluez = "5.54"}
      • bluez:bluez at < 5.61 includes all versions
  • CVE-2021-42260 for packages: TinyXML_jll
    • TinyXML_jll computed ["*"]. Its latest version (2.6.2+0) has components: {tinyxml = "2.6.2"}
      • tinyxml_project:tinyxml at >= 2.3.2, <= 2.6.2 includes all versions
  • CVE-2022-0204 for packages: BlueZ_jll
    • BlueZ_jll computed ["*"]. Its latest version (5.54.0+1) has components: {bluez-sixaxis = "5.54", bluez = "5.54"}
      • bluez:bluez at < 5.63 includes all versions
  • CVE-2022-28739 for packages: ruby_jll
    • ruby_jll computed ["*"]. Its latest version (2.7.1+0) has components: {ruby = "2.7.1"}
      • ruby-lang:ruby at >= 2.7.0, < 2.7.6 includes all versions
  • CVE-2022-39176 for packages: BlueZ_jll
    • BlueZ_jll computed ["*"]. Its latest version (5.54.0+1) has components: {bluez-sixaxis = "5.54", bluez = "5.54"}
      • bluez:bluez at < 5.59 includes all versions
  • CVE-2022-39177 for packages: BlueZ_jll
    • BlueZ_jll computed ["*"]. Its latest version (5.54.0+1) has components: {bluez-sixaxis = "5.54", bluez = "5.54"}
      • bluez:bluez at < 5.59 includes all versions
  • CVE-2023-28756 for packages: ruby_jll
    • ruby_jll computed ["*"]. Its latest version (2.7.1+0) has components: {ruby = "2.7.1"}
      • ruby-lang:ruby at <= 2.7.7 includes all versions
  • CVE-2023-34194 for packages: TinyXML_jll
    • TinyXML_jll computed ["*"]. Its latest version (2.6.2+0) has components: {tinyxml = "2.6.2"}
      • tinyxml_project:tinyxml at <= 2.6.2 includes all versions
  • CVE-2023-37327 for packages: GStreamer_jll
    • GStreamer_jll computed ["*"]. Its latest version (1.20.3+0) has components: {gstreamer = "1.20.3"}
      • gstreamer_project:gstreamer at < 1.20.7 includes all versions
  • CVE-2023-37328 for packages: GStreamer_jll
    • GStreamer_jll computed ["*"]. Its latest version (1.20.3+0) has components: {gstreamer = "1.20.3"}
      • gstreamer_project:gstreamer at < 1.20.7 includes all versions
  • CVE-2023-37329 for packages: GStreamer_jll
    • GStreamer_jll computed ["*"]. Its latest version (1.20.3+0) has components: {gstreamer = "1.20.3"}
      • gstreamer_project:gstreamer at < 1.20.7 includes all versions
  • CVE-2023-40474 for packages: GStreamer_jll
    • GStreamer_jll computed ["*"]. Its latest version (1.20.3+0) has components: {gstreamer = "1.20.3"}
      • gstreamer_project:gstreamer at < 1.22.6 includes all versions
  • CVE-2023-40476 for packages: GStreamer_jll
    • GStreamer_jll computed ["*"]. Its latest version (1.20.3+0) has components: {gstreamer = "1.20.3"}
      • gstreamer_project:gstreamer at < 1.22.6 includes all versions
  • CVE-2023-44446 for packages: GStreamer_jll
    • GStreamer_jll computed ["*"]. Its latest version (1.20.3+0) has components: {gstreamer = "1.20.3"}
      • gstreamer_project:gstreamer at < 1.22.7 includes all versions
  • CVE-2023-45913 for packages: Rusticl_jll
    • Mesa_jll has no vulnerable versions; some versions contain vulnerable mesa3d:mesa. Its latest version (20.1.5+2) has components: {mesa-clc = "20.1.5", mesa = "20.1.5", mesa-zink = "20.1.5"}
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
    • Rusticl_jll computed ["*"]. Its latest version (25.2.0+2) has components: {mesa-pvr-ddk119 = "", meson = "1.7.2", mesa = "", molten-vk = "1.4.0"}
      • mesa3d:mesa at = 23.0.4 includes all versions
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
  • CVE-2023-45919 for packages: Rusticl_jll
    • Mesa_jll has no vulnerable versions; some versions contain vulnerable mesa3d:mesa. Its latest version (20.1.5+2) has components: {mesa-clc = "20.1.5", mesa = "20.1.5", mesa-zink = "20.1.5"}
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
    • Rusticl_jll computed ["*"]. Its latest version (25.2.0+2) has components: {mesa-pvr-ddk119 = "", meson = "1.7.2", mesa = "", molten-vk = "1.4.0"}
      • mesa3d:mesa at = 23.0.4 includes all versions
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
  • CVE-2023-45922 for packages: Rusticl_jll
    • Mesa_jll has no vulnerable versions; some versions contain vulnerable mesa3d:mesa. Its latest version (20.1.5+2) has components: {mesa-clc = "20.1.5", mesa = "20.1.5", mesa-zink = "20.1.5"}
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
    • Rusticl_jll computed ["*"]. Its latest version (25.2.0+2) has components: {mesa-pvr-ddk119 = "", meson = "1.7.2", mesa = "", molten-vk = "1.4.0"}
      • mesa3d:mesa at = 23.0.4 includes all versions
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
  • CVE-2023-45931 for packages: Rusticl_jll
    • Mesa_jll has no vulnerable versions; some versions contain vulnerable mesa3d:mesa. Its latest version (20.1.5+2) has components: {mesa-clc = "20.1.5", mesa = "20.1.5", mesa-zink = "20.1.5"}
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
    • Rusticl_jll computed ["*"]. Its latest version (25.2.0+2) has components: {mesa-pvr-ddk119 = "", meson = "1.7.2", mesa = "", molten-vk = "1.4.0"}
      • mesa3d:mesa at = 23.0.4 includes all versions
      • mesa3d:mesa might mean a different project; it could be one of mesa-clc or mesa
  • CVE-2023-46045 for packages: Graphviz_jll
    • Graphviz_jll computed ["*"]. Its latest version (2.50.0+1) has components: {graphviz = "2.50.0"}
      • graphviz:graphviz at >= 2.36.0, < 10.0.0 includes all versions
  • CVE-2023-51257 for packages: JasPer_jll
    • JasPer_jll computed ["*"]. Its latest version (2.0.33+0) has components: {jasper = "*"}
      • jasper_project:jasper at <= 4.1.1 includes all versions
  • CVE-2023-5868 for packages: LibPQ_jll
    • LibPQ_jll computed ["*"]. Its latest version (16.8.0+0) has components: {postgresql = "*"}
      • postgresql:postgresql at >= 11.0, < 11.22 mapped to [>= 16.0.0+0], includes the latest version`
      • postgresql:postgresql at >= 12.0, < 12.17 mapped to [< 14.1.0+0, >= 16.0.0+0], includes the latest version`
      • postgresql:postgresql at >= 13.0, < 13.13 mapped to [>= 16.0.0+0], includes the latest version`
      • postgresql:postgresql at >= 14.0, < 14.10 mapped to [>= 14.1.0+0], includes the latest version`
      • postgresql:postgresql at >= 15.0, < 15.5 mapped to [>= 16.0.0+0], includes the latest version`
      • postgresql:postgresql at = 16.0 mapped to [>= 16.0.0+0], includes the latest version`
  • CVE-2024-25580 for packages: Qt5Base_jll, and Qt_jll
    • Qt5Base_jll computed ["*"]. Its latest version (5.15.3+2) has components: {qt = "5.15.3", qt5base = "5.15.3", qtbase = "5.15.3"}
      • qt:qt at >= 5.12.0, < 5.15.17 includes all versions
    • Qt_jll computed ["*"]. Its latest version (5.15.2+3) has components: {qt = "5.15.2"}
      • qt:qt at >= 5.12.0, < 5.15.17 includes all versions
  • CVE-2024-27507 for packages: libLAS_jll
    • libLAS_jll computed ["*"]. Its latest version (0.1.0+0) has components: {liblas = "*"}
      • liblas:liblas at = 1.8.1 includes all versions
  • CVE-2024-34397 for packages: Glib_jll, and GlibNetworking_jll
    • Glib_jll computed ["< 2.80.2+0"]. Its latest version (2.86.0+0) has components: {mingw-w64-headers = "10.0.0", glib = "2.86.0"}
      • gnome:glib might mean a different project; it could be one of glib or glib-networking
    • GlibNetworking_jll computed ["*"]. Its latest version (2.74.0+0) has components: {glib-networking = "2.74.0"}
      • gnome:glib at < 2.78.5 includes all versions
      • gnome:glib might mean a different project; it could be one of glib or glib-networking
  • CVE-2024-36048 for packages: Qt5Base_jll, and Qt_jll
    • Qt5Base_jll computed ["*"]. Its latest version (5.15.3+2) has components: {qt = "5.15.3", qt5base = "5.15.3", qtbase = "5.15.3"}
      • qt:qt at < 5.15.17 includes all versions
    • Qt_jll computed ["*"]. Its latest version (5.15.2+3) has components: {qt = "5.15.2"}
      • qt:qt at < 5.15.17 includes all versions
  • CVE-2024-41957 for packages: Vim_jll
    • Vim_jll computed ["*"]. Its latest version (9.1.0+0) has components: {vim = "9.1.0"}
      • vim:vim at < 9.1.0647 includes all versions
  • CVE-2025-32988 for packages: GnuTLS_jll
    • GnuTLS_jll computed ["*"]. Its latest version (3.8.4+0) has components: {gnutls = "3.8.4"}
      • gnu:gnutls at < 3.8.10 includes all versions
  • CVE-2025-4598 for packages: systemd_jll
    • systemd_jll computed ["*"]. Its latest version (256.7.0+0) has components: {systemd = "256.7"}
      • systemd_project:systemd at >= 256, < 256.14 mapped to [>= 256.7.0+0], includes the latest version`
  • CVE-2025-53905 for packages: Vim_jll
    • Vim_jll computed ["*"]. Its latest version (9.1.0+0) has components: {vim = "9.1.0"}
      • vim:vim at < 9.1.1552 includes all versions
  • CVE-2025-53906 for packages: Vim_jll
    • Vim_jll computed ["*"]. Its latest version (9.1.0+0) has components: {vim = "9.1.0"}
      • vim:vim at < 9.1.1551 includes all versions

7 advisories apply to the latest version of a package and do not have a patch

  • CVE-2023-30589 for packages: libnode_jll
    • libnode_jll computed [">= 16.14.0+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
      • nodejs:node.js at >= 18.0.0, < 18.16.1 mapped to [>= 18.12.1+0], includes the latest version`
  • CVE-2023-30590 for packages: libnode_jll
    • libnode_jll computed [">= 16.14.0+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
      • nodejs:node.js at >= 18.0.0, < 18.16.1 mapped to [>= 18.12.1+0], includes the latest version`
  • CVE-2023-32559 for packages: libnode_jll
    • libnode_jll computed [">= 16.14.0+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
      • nodejs:node.js at >= 18.0.0, <= 18.17.0 mapped to [>= 18.12.1+0], includes the latest version`
  • CVE-2023-38852 for packages: libxls_jll
    • libxls_jll computed [">= 1.6.2+0"]. Its latest version (1.6.2+0) has components: {libxls = "1.6.2"}
      • libxls_project:libxls at = 1.6.2 mapped to [>= 1.6.2+0], includes the latest version`
  • CVE-2023-44487 for packages: nghttp2_jll, and libnode_jll
    • nghttp2_jll computed ["< 1.58.0+0"]. Its latest version (1.68.0+1) has components: {nghttp2 = "1.68.0", nghttp2-libs = "*"}
    • libnode_jll computed [">= 18.12.1+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
      • nodejs:node.js at >= 18.0.0, < 18.18.2 mapped to [>= 18.12.1+0], includes the latest version`
  • CVE-2024-22019 for packages: libnode_jll
    • libnode_jll computed [">= 18.12.1+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
      • nodejs:node.js at >= 18.0.0, < 18.19.1 mapped to [>= 18.12.1+0], includes the latest version`
  • CVE-2025-23084 for packages: libnode_jll
    • libnode_jll computed [">= 18.12.1+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
      • nodejs:node.js at >= 18.0, < 18.20.6 mapped to [>= 18.12.1+0], includes the latest version`

41 advisories found concrete vulnerable ranges

  • CVE-2016-3709 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2019-1387 for packages: Git_jll
    • Git_jll computed ["< 2.26.1+0"]. Its latest version (2.51.3+0) has components: {git-for-windows = "2.51.2.windows.1", git = "2.51.2"}
  • CVE-2022-4304 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-4450 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed [">= 1.19.9+0, < 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-48541 for packages: ImageMagick_jll
    • ImageMagick_jll computed [">= 6.9.12+0, < 6.9.12+4"]. Its latest version (7.1.2005+0) has components: {imagemagick = "7.1.2-3"}
  • CVE-2023-0215 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-0286 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-25652 for packages: Git_jll
    • Git_jll computed ["< 2.42.0+0"]. Its latest version (2.51.3+0) has components: {git-for-windows = "2.51.2.windows.1", git = "2.51.2"}
  • CVE-2023-29007 for packages: Git_jll
    • Git_jll computed ["< 2.42.0+0"]. Its latest version (2.51.3+0) has components: {git-for-windows = "2.51.2.windows.1", git = "2.51.2"}
  • CVE-2023-29491 for packages: Ncurses_jll
    • Ncurses_jll computed ["< 6.4.0+0"]. Its latest version (6.5.1+0) has components: {ncurses = "6.5"}
  • CVE-2023-34872 for packages: Poppler_jll
    • Poppler_jll computed ["< 23.12.0+0"]. Its latest version (24.6.0+0) has components: {poppler = "24.06.0", poppler-ink = "24.06.0"}
  • CVE-2023-38546 for packages: CURL_jll, and LibCURL_jll
    • CURL_jll computed ["< 8.5.0+0"]. Its latest version (8.16.0+0) has components: {curl = "8.16.0"}
    • LibCURL_jll computed ["< 8.4.0+0"]. Its latest version (8.16.0+0) has components: {curl = "8.16.0"}
  • CVE-2023-39804 for packages: Tar_jll
    • Tar_jll computed ["< 1.35.0+0"]. Its latest version (1.35.0+0) has components: {tar = "1.35"}
  • CVE-2023-43785 for packages: Xorg_libX11_jll
    • Xorg_libX11_jll computed ["< 1.8.12+0"]. Its latest version (1.8.12+0) has components: {libx11 = "1.8.12"}
  • CVE-2023-43786 for packages: Xorg_libX11_jll
    • Xorg_libX11_jll computed ["< 1.8.12+0"]. Its latest version (1.8.12+0) has components: {libx11 = "1.8.12"}
  • CVE-2023-43787 for packages: Xorg_libX11_jll
    • Xorg_libX11_jll computed ["< 1.8.12+0"]. Its latest version (1.8.12+0) has components: {libx11 = "1.8.12"}
  • CVE-2023-48795 for packages: LibSSH2_jll, and OpenSSH_jll
    • LibSSH2_jll computed ["< 1.11.3+0"]. Its latest version (1.11.3+1) has components: {libssh2 = "1.11.1"}
    • libssh_jll has no vulnerable versions; some versions contain vulnerable libssh:libssh. Its latest version (0.11.3+0) has components: {libssh = "0.11.3"}
    • OpenSSH_jll computed ["< 9.9.1+0"]. Its latest version (10.2.1+0) has components: {openssh = "10.2p1"}
  • CVE-2023-49502 for packages: FFMPEG_jll
    • FFMPEG_jll computed [">= 6.1.1+0, < 7.1.0+0"]. Its latest version (8.0.0+0) has components: {ffmpeg = "8.0"}
    • FFplay_jll has no vulnerable versions; some versions contain vulnerable ffmpeg:ffmpeg. Its latest version (7.1.1+0) has components: {ffmpeg = "7.1.1"}
  • CVE-2023-51385 for packages: OpenSSH_jll
    • OpenSSH_jll computed ["< 9.9.1+0"]. Its latest version (10.2.1+0) has components: {openssh = "10.2p1"}
  • CVE-2023-52425 for packages: Expat_jll
    • Expat_jll computed ["< 2.6.2+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2023-52426 for packages: Expat_jll
    • Expat_jll computed ["< 2.6.2+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2023-5841 for packages: OpenEXR_jll
    • OpenEXR_jll computed ["< 3.2.4+0"]. Its latest version (3.2.4+0) has components: {openexr = "3.2.4"}
  • CVE-2024-23170 for packages: MbedTLS_jll
    • MbedTLS_jll computed ["< 2.28.10+0"]. Its latest version (2.28.10+0) has components: {mbedtls = "2.28.10"}
  • CVE-2024-23775 for packages: MbedTLS_jll
    • MbedTLS_jll computed ["< 2.28.10+0"]. Its latest version (2.28.10+0) has components: {mbedtls = "2.28.10"}
  • CVE-2024-28085 for packages: util_linux_jll, Libuuid_jll, and Libmount_jll
    • util_linux_jll computed ["< 2.40.1+0"]. Its latest version (2.41.2+0) has components: {util-linux = "2.41.2"}
    • Libuuid_jll computed ["< 2.40.0+0"]. Its latest version (2.41.2+0) has components: {util-linux = "2.41.2"}
    • Libmount_jll computed ["< 2.40.0+0"]. Its latest version (2.41.2+0) has components: {util-linux = "2.41.2"}
  • CVE-2024-28182 for packages: nghttp2_jll
    • nghttp2_jll computed ["< 1.61.0+0"]. Its latest version (1.68.0+1) has components: {nghttp2 = "1.68.0", nghttp2-libs = "*"}
  • CVE-2024-28757 for packages: Expat_jll
    • Expat_jll computed ["< 2.6.2+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2024-28960 for packages: MbedTLS_jll
    • MbedTLS_jll computed ["< 2.28.10+0"]. Its latest version (2.28.10+0) has components: {mbedtls = "2.28.10"}
  • CVE-2024-31578 for packages: FFMPEG_jll, and FFplay_jll
    • FFMPEG_jll computed ["< 7.1.0+0"]. Its latest version (8.0.0+0) has components: {ffmpeg = "8.0"}
    • FFplay_jll computed ["< 7.1.0+0"]. Its latest version (7.1.1+0) has components: {ffmpeg = "7.1.1"}
  • CVE-2024-31582 for packages: FFMPEG_jll
    • FFMPEG_jll computed [">= 6.1.1+0, < 7.1.0+0"]. Its latest version (8.0.0+0) has components: {ffmpeg = "8.0"}
    • FFplay_jll has no vulnerable versions; some versions contain vulnerable ffmpeg:ffmpeg. Its latest version (7.1.1+0) has components: {ffmpeg = "7.1.1"}
  • CVE-2024-32002 for packages: Git_jll
    • Git_jll computed ["< 2.46.2+0"]. Its latest version (2.51.3+0) has components: {git-for-windows = "2.51.2.windows.1", git = "2.51.2"}
  • CVE-2024-34459 for packages: XML2_jll
    • XML2_jll computed ["< 2.12.7+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2024-45490 for packages: Expat_jll
    • Expat_jll computed ["< 2.6.4+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2024-45491 for packages: Expat_jll
    • Expat_jll computed ["< 2.6.4+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2024-45492 for packages: Expat_jll
    • Expat_jll computed ["< 2.6.4+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2024-4741 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 3.0.14+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed [">= 1.19.9+0, < 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2025-48384 for packages: Git_jll
    • Git_jll computed ["< 2.50.1+0"]. Its latest version (2.51.3+0) has components: {git-for-windows = "2.51.2.windows.1", git = "2.51.2"}
  • CVE-2025-59375 for packages: Expat_jll
    • Expat_jll computed ["< 2.7.3+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
  • CVE-2025-61984 for packages: OpenSSH_jll
    • OpenSSH_jll computed ["< 10.1.1+0"]. Its latest version (10.2.1+0) has components: {openssh = "10.2p1"}
  • CVE-2025-9231 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.5.0+0, < 3.5.4+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable OpenSSL:OpenSSL. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2025-9232 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.16+0, < 3.5.4+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable OpenSSL:OpenSSL. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlsec-bot @mbauman