Skip to content

Security Scan Report for version 0.1.0 (2025-07-20) #8

New issue
New issue
Open
Open
Security Scan Report for version 0.1.0 (2025-07-20)#8
Labels
automatedAutomatically generated contentsecuritySecurity-related issuesseverity:highHigh severity vulnerabilitiesversion:0.1.0Issues related to version 0.1.0
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 28, 2025

Security Scan Report

Project: .
Version: 0.1.0
Scan Date: 2025-07-20
Image: ghcr.io/raw-labs/das-excel/das-excel-server:0.1.0

Summary

🔍 Vulnerability Summary

Generated on: Sun Jul 20 00:16:29 UTC 2025

Found 5 vulnerabilities

System Dependencies

⚠️ libfreetype6 (HIGH) → Fixed in: 2.12.1+dfsg-5+deb12u4
⚠️ liblzma5 (HIGH) → Fixed in: 5.4.1-1
⚠️ perl-base (HIGH) → Fixed in: 5.36.0-7+deb12u2

Library Dependencies

From Raw Labs

In subproject: das-excel_2.13

⚠️ com.google.protobuf:protobuf-java (HIGH) → Fixed in: 3.25.5, 4.27.5, 4.28.2
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> com.google.protobuf:protobuf-java:3.25.4 (evicted by 3.25.5)
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> com.google.protobuf:protobuf-java:3.25.5
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> io.grpc:grpc-protobuf:1.69.1 -> com.google.api.grpc:proto-google-common-protos:2.48.0 -> com.google.protobuf:protobuf-java:3.25.5
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> io.grpc:grpc-protobuf:1.69.1 -> com.google.protobuf:protobuf-java:3.25.5

⚠️ io.netty:netty-handler (HIGH) → Fixed in: 4.1.118.Final
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> io.grpc:grpc-netty:1.69.1 -> io.netty:netty-codec-http2:4.1.110.Final -> io.netty:netty-codec-http:4.1.110.Final -> io.netty:netty-handler:4.1.118.Final
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> io.grpc:grpc-netty:1.69.1 -> io.netty:netty-codec-http2:4.1.110.Final -> io.netty:netty-handler:4.1.118.Final
• com.raw-labs:das-excel_2.13:0.1.0-main-SNAPSHOT -> com.raw-labs:das-server-scala_2.13:0.6.0 -> com.raw-labs:protocol-das_2.13:1.0.2 -> io.grpc:grpc-netty:1.69.1 -> io.netty:netty-handler-proxy:4.1.110.Final

From Third-party

Action Required

  • Review all vulnerabilities
  • Prioritize fixes based on severity
  • Plan updates for packages with available fixes
  • Document any accepted risks

This report was automatically generated by the security scan workflow.

Metadata

Metadata

Assignees

No one assigned

    Labels

    automatedAutomatically generated contentsecuritySecurity-related issuesseverity:highHigh severity vulnerabilitiesversion:0.1.0Issues related to version 0.1.0

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions