eps-devcontainers/src/common/.trivyignore.yaml at eb0a822c5269953b70e9c4f983bf3c94399a0f61 · NHSDigital/eps-devcontainers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
vulnerabilities:
  - id: CVE-2024-35870
    statement: "kernel: smb: client: fix UAF in smb2_reconnect_server()"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=amd64&distro=ubuntu-22.04"
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2024-53179
    statement: "kernel: smb: client: fix use-after-free of signing key"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=amd64&distro=ubuntu-22.04"
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-37849
    statement: "kernel: KVM: arm64: Tear down vGIC on failed vCPU creation"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=amd64&distro=ubuntu-22.04"
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-37899
    statement: "kernel: ksmbd: fix use-after-free in session logoff"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=amd64&distro=ubuntu-22.04"
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-38118
    statement: "kernel: Linux kernel: Bluetooth MGMT use-after-free vulnerability allows privilege escalation"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=amd64&distro=ubuntu-22.04"
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2026-23111
    statement: "kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=amd64&distro=ubuntu-22.04"
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-171.181?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-26
  - id: CVE-2025-61594
    statement: "uri: URI module: Credential exposure via URI + operator"
    purls:
      - "pkg:gem/uri@0.13.0"
    expired_at: 2026-08-26
  - id: CVE-2026-26007
    statement: "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    purls:
      - "pkg:pypi/cryptography@46.0.3"
    expired_at: 2026-08-12
  - id: CVE-2024-49761
    statement: "rexml: REXML ReDoS vulnerability"
    purls:
      - "pkg:gem/rexml@3.2.6"
    expired_at: 2026-08-12
  - id: CVE-2025-68121
    statement: "During session resumption in crypto/tls, if the underlying Config has  ..."
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
      - "pkg:golang/stdlib@v1.24.9"
      - "pkg:golang/stdlib@v1.25.5"
    expired_at: 2026-08-12
  - id: CVE-2025-61726
    statement: "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
      - "pkg:golang/stdlib@v1.24.9"
      - "pkg:golang/stdlib@v1.25.5"
    expired_at: 2026-08-12
  - id: CVE-2025-61728
    statement: "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
      - "pkg:golang/stdlib@v1.24.9"
      - "pkg:golang/stdlib@v1.25.5"
    expired_at: 2026-08-12
  - id: CVE-2025-61730
    statement: "During the TLS 1.3 handshake if multiple messages are sent in records  ..."
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
      - "pkg:golang/stdlib@v1.24.9"
      - "pkg:golang/stdlib@v1.25.5"
    expired_at: 2026-08-12
  - id: CVE-2025-47907
    statement: "database/sql: Postgres Scan Race Condition"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
    expired_at: 2026-08-12
  - id: CVE-2025-58183
    statement: "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
    expired_at: 2026-08-12
  - id: CVE-2025-61729
    statement: "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
      - "pkg:golang/stdlib@v1.23.4"
      - "pkg:golang/stdlib@v1.24.4"
      - "pkg:golang/stdlib@v1.24.9"
    expired_at: 2026-08-12
  - id: CVE-2023-24538
    statement: "golang: html/template: backticks not treated as string delimiters"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-24540
    statement: "golang: html/template: improper handling of JavaScript whitespace"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2024-24790
    statement: "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-24675
    statement: "golang: encoding/pem: fix stack overflow in Decode"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-27664
    statement: "golang: net/http: handle server errors after sending GOAWAY"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-28131
    statement: "golang: encoding/xml: stack exhaustion in Decoder.Skip"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-28327
    statement: "golang: crypto/elliptic: panic caused by oversized scalar"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-2879
    statement: "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-2880
    statement: "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-29804
    statement: "ELSA-2022-17957: ol8addon security update (IMPORTANT)"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30580
    statement: "golang: os/exec: Code injection in Cmd.Start"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30630
    statement: "golang: io/fs: stack exhaustion in Glob"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30631
    statement: "golang: compress/gzip: stack exhaustion in Reader.Read"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30632
    statement: "golang: path/filepath: stack exhaustion in Glob"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30633
    statement: "golang: encoding/xml: stack exhaustion in Unmarshal"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30634
    statement: "ELSA-2022-17957: ol8addon security update (IMPORTANT)"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-30635
    statement: "golang: encoding/gob: stack exhaustion in Decoder.Decode"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-32189
    statement: "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41715
    statement: "golang: regexp/syntax: limit memory used by parsing regexps"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41716
    statement: "Due to unsanitized NUL values, attackers may be able to maliciously se ..."
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41720
    statement: "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41722
    statement: "golang: path/filepath: path-filepath filepath.Clean path traversal"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41723
    statement: "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41724
    statement: "golang: crypto/tls: large handshake records may cause panics"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2022-41725
    statement: "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-24534
    statement: "golang: net/http, net/textproto: denial of service from excessive memory allocation"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-24536
    statement: "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-24537
    statement: "golang: go/parser: Infinite loop in parsing"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-24539
    statement: "golang: html/template: improper sanitization of CSS values"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-29400
    statement: "golang: html/template: improper handling of empty HTML attributes"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-29403
    statement: "golang: runtime: unexpected behavior of setuid/setgid binaries"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-39325
    statement: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-45283
    statement: "The filepath package does not recognize paths with a \\??\\ prefix as sp ..."
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-45287
    statement: "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges."
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2023-45288
    statement: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2024-34156
    statement: "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    purls:
      - "pkg:golang/stdlib@v1.16.15"
    expired_at: 2026-08-12
  - id: CVE-2024-25621
    statement: "github.com/containerd/containerd: containerd local privilege escalation"
    purls:
      - "pkg:golang/github.com/containerd/containerd/v2@v2.1.4"
    expired_at: 2026-08-12
  - id: CVE-2024-35870
    statement: "kernel: smb: client: fix UAF in smb2_reconnect_server()"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2024-53179
    statement: "kernel: smb: client: fix use-after-free of signing key"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-37849
    statement: "kernel: KVM: arm64: Tear down vGIC on failed vCPU creation"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-37899
    statement: "kernel: ksmbd: fix use-after-free in session logoff"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-38118
    statement: "kernel: Linux kernel: Bluetooth MGMT use-after-free vulnerability allows privilege escalation"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=arm64&distro=ubuntu-22.04"
    expired_at: 2026-08-12
  - id: CVE-2025-68121
    statement: "crypto/tls: Unexpected session resumption in crypto/tls"
    purls:
      - "pkg:golang/stdlib@v1.25.6"
    expired_at: 2026-08-13
  - id: CVE-2025-15558
    statement: "docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries"
    purls:
      - "pkg:golang/github.com/docker/cli@v28.5.1%2Bincompatible"
      - "pkg:golang/github.com/docker/cli@v29.0.3%2Bincompatible"
      - "pkg:golang/github.com/docker/cli@v29.1.1%2Bincompatible"
    expired_at: 2026-09-09
  - id: CVE-2026-24051
    statement: "OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking"
    purls:
      - "pkg:golang/go.opentelemetry.io/otel/sdk@v1.36.0"
    expired_at: 2026-09-09
  - id: CVE-2024-35870
    statement: "kernel: smb: client: fix UAF in smb2_reconnect_server()"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=amd64&distro=ubuntu-22.04"
    expired_at: 2026-09-09
  - id: CVE-2024-53179
    statement: "kernel: smb: client: fix use-after-free of signing key"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=amd64&distro=ubuntu-22.04"
    expired_at: 2026-09-09
  - id: CVE-2025-21780
    statement: "kernel: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=amd64&distro=ubuntu-22.04"
    expired_at: 2026-09-09
  - id: CVE-2025-37899
    statement: "kernel: ksmbd: fix use-after-free in session logoff"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=amd64&distro=ubuntu-22.04"
    expired_at: 2026-09-09
  - id: CVE-2025-38118
    statement: "kernel: Linux kernel: Bluetooth MGMT use-after-free vulnerability allows privilege escalation"
    purls:
      - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-170.180?arch=amd64&distro=ubuntu-22.04"
    expired_at: 2026-09-09