Hi,
The chartMuseum binary contains the github.com/dgrijalva/jwt-go v3.2.0+incompatible library with is flagged as a high security risk as it has Access Restriction Bypass Vulnerability.
Ref: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515

The mentioned library is coming as a derived dependency, as is verified by searching for it in the go.mod file. It is because of this vulnerable library that all the images having even the latest chartMuseum binary baked into them are failing the security scans.