urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
3.5.0-funcrel
ai-service
CVE-2025-66471
HIGH
urllib3 is a user-friendly HTTP client library for Python. Starting in …
3.5.0-funcrel
analysis-node
CVE-2025-66418
HIGH
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
3.5.0_core8.4.7
analysis-node
CVE-2025-66471
HIGH
urllib3 is a user-friendly HTTP client library for Python. Starting in …
3.5.0_core8.4.7
etl-service
CVE-2025-61729
HIGH
crypto/x509: Excessive resource consumption when printing error string for host certificate validation in crypto/x509
3.5.0-funcrel
sso-service
CVE-2025-6965
HIGH
sqlite: Integer Truncation in SQLite
3.5.0-funcrel
viewer
CVE-2025-61729
HIGH
crypto/x509: Excessive resource consumption when printing error string for host certificate validation in crypto/x509
3.5.0-funcrel
viewer
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
3.5.0-funcrel
Known security issues (not yet fixed)
CAST service
CVE
Severity
Description/Package
Justification
Affected CAST release
admin-center
CVE-2025-64720
HIGH
libpng: LIBPNG buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
admin-center
CVE-2025-65018
HIGH
libpng: LIBPNG heap buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
admin-center
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
Note that this CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
ai-service
CVE-2025-65106
HIGH
langchain-core: LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
3.5.3-funcrel
auth-service
CVE-2025-64720
HIGH
libpng: LIBPNG buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
auth-service
CVE-2025-65018
HIGH
libpng: LIBPNG heap buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
auth-service
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
Note that this CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
console
CVE-2025-64720
HIGH
libpng: LIBPNG buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
console
CVE-2025-65018
HIGH
libpng: LIBPNG heap buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
console
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
Note that this CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
gateway
CVE-2025-64720
HIGH
libpng: LIBPNG buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
gateway
CVE-2025-65018
HIGH
libpng: LIBPNG heap buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
gateway
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
Note that this CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
neo4j
CVE-2025-12183
HIGH
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
3.5.3-funcrel
neo4j
CVE-2025-6176
HIGH
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
3.5.3-funcrel
neo4j
CVE-2025-64720
HIGH
libpng: LIBPNG buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
neo4j
CVE-2025-65018
HIGH
libpng: LIBPNG heap buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
neo4j
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
Note that this CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
neo4j
CVE-2025-66566
HIGH
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
3.5.3-funcrel
sso-service
CVE-2025-59250
HIGH
JDBC Driver for SQL Server has improper input validation issue.
This CVE was present in 3.5.0-funcrel. The library containing the CVE mssql-jdbchas been updated in 3.5.3-funcrel. The new version (msqsl-jdbc:13.2.1) contains the fix for the CVE, however, Trivy considers the version is still vulnerable (see discussion here).
3.5.3-funcrel
sso-service
CVE-2025-64720
HIGH
libpng: LIBPNG buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
sso-service
CVE-2025-65018
HIGH
libpng: LIBPNG heap buffer overflow
This CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
sso-service
CVE-2025-66021
HIGH
com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer: OWASP Java HTML Sanitizer vulnerable to XSS.
This OWASP sanitizer library is a dependency from Keycloak and should be updated by the vendor.
3.5.3-funcrel
sso-service
CVE-2025-66293
HIGH
libpng: LIBPNG out-of-bounds read in png_image_read_composite
Note that this CVE requires a fix on the base image, eclipse-temurin:21-jre-alpine. The impacts should be limited as there is no PNG file manipulation within the project.
3.5.3-funcrel
3.5.2-funcrel
Fixes provided
None.
3.5.0-funcrel
Fixes provided
CAST service
CVE
Severity
Description/Package
Affected CAST release
ai-service
CVE-2025-65106
HIGH
langchain-core: LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
3.4.5-funcrel
analysis-node
CVE-2025-59375
HIGH
expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
3.4.5_core8.4.7
analysis-node
CVE-2025-8176
HIGH
libtiff: LibTIFF Use-After-Free Vulnerability
3.4.5_core8.4.7
neo4j
CVE-2023-43000
HIGH
webkitgtk: Processing maliciously crafted web content may lead to memory corruption
3.4.5-funcrel
neo4j
CVE-2025-11021
HIGH
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library
3.4.5-funcrel
neo4j
CVE-2025-13502
HIGH
webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS
3.4.5-funcrel
neo4j
CVE-2025-43272
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
3.4.5-funcrel
neo4j
CVE-2025-43342
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43343
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43368
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
3.4.5-funcrel
neo4j
CVE-2025-43419
HIGH
webkitgtk: Processing maliciously crafted web content may lead to memory corruption
3.4.5-funcrel
neo4j
CVE-2025-43421
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43425
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43427
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43429
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43430
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43431
HIGH
webkitgtk: Processing maliciously crafted web content may lead to memory corruption
3.4.5-funcrel
neo4j
CVE-2025-43432
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43434
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
3.4.5-funcrel
neo4j
CVE-2025-43440
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-43443
HIGH
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
3.4.5-funcrel
neo4j
CVE-2025-59375
HIGH
expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing