@@ -315,8 +315,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
315315Scanning local image tarball "./testdata/test-ubuntu.tar"
316316
317317Container Scanning Result (Ubuntu 22.04.5 LTS):
318- Total 19 packages affected by 37 known vulnerabilities (2 Critical, 11 High, 19 Medium, 4 Low, 1 Unknown) from 1 ecosystem.
319- 18 vulnerabilities can be fixed.
318+ Total 19 packages affected by 38 known vulnerabilities (2 Critical, 11 High, 19 Medium, 4 Low, 2 Unknown) from 1 ecosystem.
319+ 19 vulnerabilities can be fixed.
320320
321321
322322Ubuntu:22.04
@@ -337,7 +337,7 @@ Ubuntu:22.04
337337| libtasn1-6 | 4.18.0-4build1 | Partial fixes Available | 2 | libtasn1-6 | # 4 Layer | ubuntu |
338338| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu |
339339| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu |
340- | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 3 | libssl3 | # 4 Layer | ubuntu |
340+ | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 4 | libssl3 | # 4 Layer | ubuntu |
341341| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu |
342342| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu |
343343| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu |
@@ -360,8 +360,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
360360Scanning local image tarball "./testdata/test-ubuntu.tar"
361361
362362Container Scanning Result (Ubuntu 22.04.5 LTS):
363- Total 19 packages affected by 37 known vulnerabilities (2 Critical, 11 High, 19 Medium, 4 Low, 1 Unknown) from 1 ecosystem.
364- 18 vulnerabilities can be fixed.
363+ Total 19 packages affected by 38 known vulnerabilities (2 Critical, 11 High, 19 Medium, 4 Low, 2 Unknown) from 1 ecosystem.
364+ 19 vulnerabilities can be fixed.
365365
366366
367367Ubuntu:22.04
@@ -382,7 +382,7 @@ Ubuntu:22.04
382382| libtasn1-6 | 4.18.0-4build1 | Partial fixes Available | 2 | libtasn1-6 | # 4 Layer | ubuntu |
383383| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu |
384384| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu |
385- | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 3 | libssl3 | # 4 Layer | ubuntu |
385+ | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 4 | libssl3 | # 4 Layer | ubuntu |
386386| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu |
387387| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu |
388388| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu |
@@ -424,8 +424,8 @@ failed to load image from tarball with path "../../testdata/locks-manyoci-image/
424424Scanning local image tarball "./testdata/test-java-full.tar"
425425
426426Container Scanning Result (Alpine Linux v3.21):
427- Total 20 packages affected by 32 known vulnerabilities (3 Critical, 9 High, 12 Medium, 0 Low, 8 Unknown) from 2 ecosystems.
428- 32 vulnerabilities can be fixed.
427+ Total 20 packages affected by 35 known vulnerabilities (3 Critical, 9 High, 13 Medium, 0 Low, 10 Unknown) from 2 ecosystems.
428+ 35 vulnerabilities can be fixed.
429429
430430
431431Maven
@@ -459,7 +459,7 @@ Alpine:v3.21
459459| expat | 2.6.4-r0 | Fix Available | 2 | libexpat | # 5 Layer | eclipse-temurin |
460460| libtasn1 | 4.19.0-r2 | Fix Available | 1 | libtasn1 | # 5 Layer | eclipse-temurin |
461461| musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine |
462- | openssl | 3.3.2-r4 | Fix Available | 2 | libcrypto3, libssl3... (3) | # 0 Layer | alpine |
462+ | openssl | 3.3.2-r4 | Fix Available | 5 | libcrypto3, libssl3... (3) | # 0 Layer | alpine |
463463| sqlite | 3.47.1-r0 | Fix Available | 4 | sqlite-libs | # 5 Layer | eclipse-temurin |
464464+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+
465465
@@ -639,8 +639,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
639639Scanning local image tarball "./testdata/test-package-tracing.tar"
640640
641641Container Scanning Result (Alpine Linux v3.20):
642- Total 8 packages affected by 78 known vulnerabilities (0 Critical, 1 High, 0 Medium, 0 Low, 77 Unknown) from 2 ecosystems.
643- 78 vulnerabilities can be fixed.
642+ Total 8 packages affected by 81 known vulnerabilities (0 Critical, 1 High, 0 Medium, 0 Low, 80 Unknown) from 2 ecosystems.
643+ 81 vulnerabilities can be fixed.
644644
645645
646646Go
@@ -693,7 +693,7 @@ Alpine:v3.20
693693| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
694694+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
695695| musl | 1.2.5-r0 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine |
696- | openssl | 3.3.1-r0 | Fix Available | 5 | libcrypto3, libssl3 | # 0 Layer | alpine |
696+ | openssl | 3.3.1-r0 | Fix Available | 8 | libcrypto3, libssl3 | # 0 Layer | alpine |
697697+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
698698
699699For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -813,8 +813,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
813813Scanning local image tarball "./testdata/test-node_modules-npm-empty.tar"
814814
815815Container Scanning Result (Alpine Linux v3.19):
816- Total 2 packages affected by 11 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 6 Unknown) from 1 ecosystem.
817- 11 vulnerabilities can be fixed.
816+ Total 2 packages affected by 13 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 8 Unknown) from 1 ecosystem.
817+ 13 vulnerabilities can be fixed.
818818
819819
820820Alpine:v3.19
@@ -824,7 +824,7 @@ Alpine:v3.19
824824| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
825825+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
826826| busybox | 1.36.1-r15 | Fix Available | 4 | busybox... (3) | # 0 Layer | alpine |
827- | openssl | 3.1.4-r5 | Fix Available | 7 | libcrypto3, libssl3 | # 0 Layer | alpine |
827+ | openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine |
828828+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
829829
830830For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -840,8 +840,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
840840Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
841841
842842Container Scanning Result (Alpine Linux v3.19):
843- Total 4 packages affected by 14 known vulnerabilities (2 Critical, 1 High, 5 Medium, 0 Low, 6 Unknown) from 2 ecosystems.
844- 13 vulnerabilities can be fixed.
843+ Total 4 packages affected by 16 known vulnerabilities (2 Critical, 1 High, 5 Medium, 0 Low, 8 Unknown) from 2 ecosystems.
844+ 15 vulnerabilities can be fixed.
845845
846846
847847npm
@@ -860,7 +860,7 @@ Alpine:v3.19
860860| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
861861+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
862862| busybox | 1.36.1-r15 | Fix Available | 4 | busybox... (3) | # 0 Layer | alpine |
863- | openssl | 3.1.4-r5 | Fix Available | 7 | libcrypto3, libssl3 | # 0 Layer | alpine |
863+ | openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine |
864864+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
865865
866866For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -876,8 +876,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
876876Scanning local image tarball "./testdata/test-node_modules-pnpm-empty.tar"
877877
878878Container Scanning Result (Alpine Linux v3.19):
879- Total 2 packages affected by 11 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 6 Unknown) from 1 ecosystem.
880- 11 vulnerabilities can be fixed.
879+ Total 2 packages affected by 13 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 8 Unknown) from 1 ecosystem.
880+ 13 vulnerabilities can be fixed.
881881
882882
883883Alpine:v3.19
@@ -887,7 +887,7 @@ Alpine:v3.19
887887| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
888888+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
889889| busybox | 1.36.1-r15 | Fix Available | 4 | busybox... (3) | # 0 Layer | alpine |
890- | openssl | 3.1.4-r5 | Fix Available | 7 | libcrypto3, libssl3 | # 0 Layer | alpine |
890+ | openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine |
891891+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
892892
893893For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -903,8 +903,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
903903Scanning local image tarball "./testdata/test-node_modules-pnpm-full.tar"
904904
905905Container Scanning Result (Alpine Linux v3.19):
906- Total 2 packages affected by 11 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 6 Unknown) from 1 ecosystem.
907- 11 vulnerabilities can be fixed.
906+ Total 2 packages affected by 13 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 8 Unknown) from 1 ecosystem.
907+ 13 vulnerabilities can be fixed.
908908
909909
910910Alpine:v3.19
@@ -914,7 +914,7 @@ Alpine:v3.19
914914| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
915915+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
916916| busybox | 1.36.1-r15 | Fix Available | 4 | busybox... (3) | # 0 Layer | alpine |
917- | openssl | 3.1.4-r5 | Fix Available | 7 | libcrypto3, libssl3 | # 0 Layer | alpine |
917+ | openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine |
918918+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
919919
920920For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -930,8 +930,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
930930Scanning local image tarball "./testdata/test-node_modules-yarn-empty.tar"
931931
932932Container Scanning Result (Alpine Linux v3.19):
933- Total 2 packages affected by 11 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 6 Unknown) from 1 ecosystem.
934- 11 vulnerabilities can be fixed.
933+ Total 2 packages affected by 13 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 8 Unknown) from 1 ecosystem.
934+ 13 vulnerabilities can be fixed.
935935
936936
937937Alpine:v3.19
@@ -941,7 +941,7 @@ Alpine:v3.19
941941| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
942942+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
943943| busybox | 1.36.1-r15 | Fix Available | 4 | busybox... (3) | # 0 Layer | alpine |
944- | openssl | 3.1.4-r5 | Fix Available | 7 | libcrypto3, libssl3 | # 0 Layer | alpine |
944+ | openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine |
945945+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
946946
947947For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -957,8 +957,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
957957Scanning local image tarball "./testdata/test-node_modules-yarn-full.tar"
958958
959959Container Scanning Result (Alpine Linux v3.19):
960- Total 2 packages affected by 11 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 6 Unknown) from 1 ecosystem.
961- 11 vulnerabilities can be fixed.
960+ Total 2 packages affected by 13 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 8 Unknown) from 1 ecosystem.
961+ 13 vulnerabilities can be fixed.
962962
963963
964964Alpine:v3.19
@@ -968,7 +968,7 @@ Alpine:v3.19
968968| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
969969+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
970970| busybox | 1.36.1-r15 | Fix Available | 4 | busybox... (3) | # 0 Layer | alpine |
971- | openssl | 3.1.4-r5 | Fix Available | 7 | libcrypto3, libssl3 | # 0 Layer | alpine |
971+ | openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine |
972972+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+
973973
974974For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name >`.
@@ -1904,9 +1904,12 @@ Scanning local image tarball "./testdata/test-python-full.tar"
19041904 " ALPINE-CVE-2024-13176"
19051905 " ALPINE-CVE-2024-5535"
19061906 " ALPINE-CVE-2024-6119"
1907- " ALPINE-CVE-2024-9143"
1907+ " ALPINE-CVE-2024-9143"
1908+ " ALPINE-CVE-2025-9230"
1909+ " ALPINE-CVE-2025-9231"
1910+ " ALPINE-CVE-2025-9232"
19081911 ],
1909- " groups" 5
1912+ " groups" 8
19101913 },
19111914 {
19121915 " package"
@@ -1924,9 +1927,12 @@ Scanning local image tarball "./testdata/test-python-full.tar"
19241927 " ALPINE-CVE-2024-13176"
19251928 " ALPINE-CVE-2024-5535"
19261929 " ALPINE-CVE-2024-6119"
1927- " ALPINE-CVE-2024-9143"
1930+ " ALPINE-CVE-2024-9143"
1931+ " ALPINE-CVE-2025-9230"
1932+ " ALPINE-CVE-2025-9231"
1933+ " ALPINE-CVE-2025-9232"
19281934 ],
1929- " groups" 5
1935+ " groups" 8
19301936 },
19311937 {
19321938 " package"
@@ -2319,9 +2325,11 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
23192325 " ALPINE-CVE-2024-4741"
23202326 " ALPINE-CVE-2024-5535"
23212327 " ALPINE-CVE-2024-6119"
2322- " ALPINE-CVE-2024-9143"
2328+ " ALPINE-CVE-2024-9143"
2329+ " ALPINE-CVE-2025-9230"
2330+ " ALPINE-CVE-2025-9232"
23232331 ],
2324- " groups" 7
2332+ " groups" 9
23252333 },
23262334 {
23272335 " package"
@@ -2341,9 +2349,11 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar"
23412349 " ALPINE-CVE-2024-4741"
23422350 " ALPINE-CVE-2024-5535"
23432351 " ALPINE-CVE-2024-6119"
2344- " ALPINE-CVE-2024-9143"
2352+ " ALPINE-CVE-2024-9143"
2353+ " ALPINE-CVE-2025-9230"
2354+ " ALPINE-CVE-2025-9232"
23452355 ],
2346- " groups" 7
2356+ " groups" 9
23472357 },
23482358 {
23492359 " package"
@@ -2963,13 +2973,15 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
29632973 }
29642974 },
29652975 " vulnerabilities"
2976+ " USN-7786-1"
29662977 " USN-7278-1"
29672978 " UBUNTU-CVE-2024-13176"
29682979 " UBUNTU-CVE-2024-41996"
29692980 " UBUNTU-CVE-2024-9143"
2970- " UBUNTU-CVE-2025-27587"
2981+ " UBUNTU-CVE-2025-27587"
2982+ " UBUNTU-CVE-2025-9230"
29712983 ],
2972- " groups" 3
2984+ " groups" 4
29732985 },
29742986 {
29752987 " package"
0 commit comments