juzhiyuan commented on issue #12461:
URL: https://github.com/apache/apisix/issues/12461#issuecomment-3113357001
And @githubcdr, I just performed a security scan: No critical CVEs
```
grype apache/apisix:3.13.0-ubuntu
✔ Parsed image
sha256:422e111797f3fc7c6f822afb1aeced281813ad1306b081ebe0caf97d062a9022
✔ Cataloged contents
a16d2b7e28c43b7f4fca787a5eb5ac941d3bff818ba9d5b4d459a5394c5c15a4
├── ✔ Packages [170 packages]
├── ✔ Executables [798 executables]
├── ✔ File metadata [6,735 locations]
└── ✔ File digests [6,735 files]
✔ Scanned for vulnerabilities [29 vulnerability matches]
├── by severity: 0 critical, 0 high, 10 medium, 16 low, 3 negligible
└── by status: 0 fixed, 29 not-fixed, 0 ignored
NAME INSTALLED TYPE VULNERABILITY SEVERITY
EPSS RISK
login 1:4.13+dfsg1-4ubuntu3.2 deb CVE-2024-56433 Low
2.8% (85th) 0.8
passwd 1:4.13+dfsg1-4ubuntu3.2 deb CVE-2024-56433 Low
2.8% (85th) 0.8
libpam-modules 1.5.3-5ubuntu5.4 deb CVE-2024-10963 Medium
0.2% (40th) < 0.1
libpam-modules-bin 1.5.3-5ubuntu5.4 deb CVE-2024-10963 Medium
0.2% (40th) < 0.1
libpam-runtime 1.5.3-5ubuntu5.4 deb CVE-2024-10963 Medium
0.2% (40th) < 0.1
libpam0g 1.5.3-5ubuntu5.4 deb CVE-2024-10963 Medium
0.2% (40th) < 0.1
libpcre3 2:8.39-15build1 deb CVE-2019-20838 Low
0.2% (40th) < 0.1
libssl3t64 3.0.13-0ubuntu3.5 deb CVE-2024-41996 Low
0.2% (38th) < 0.1
openssl 3.0.13-0ubuntu3.5 deb CVE-2024-41996 Low
0.2% (38th) < 0.1
libgcrypt20 1.10.3-2build1 deb CVE-2024-2236 Low
0.1% (34th) < 0.1
dpkg 1.22.6ubuntu6.1 deb CVE-2025-6297 Low
< 0.1% (23rd) < 0.1
coreutils 9.4-3ubuntu6 deb CVE-2016-2781 Low
< 0.1% (20th) < 0.1
libpcre3 2:8.39-15build1 deb CVE-2017-11164
Negligible 0.4% (57th) < 0.1
libpam-modules 1.5.3-5ubuntu5.4 deb CVE-2024-10041 Medium
< 0.1% (7th) < 0.1
libpam-modules-bin 1.5.3-5ubuntu5.4 deb CVE-2024-10041 Medium
< 0.1% (7th) < 0.1
libpam-runtime 1.5.3-5ubuntu5.4 deb CVE-2024-10041 Medium
< 0.1% (7th) < 0.1
libpam0g 1.5.3-5ubuntu5.4 deb CVE-2024-10041 Medium
< 0.1% (7th) < 0.1
libssl3t64 3.0.13-0ubuntu3.5 deb CVE-2025-27587 Low
< 0.1% (15th) < 0.1
openssl 3.0.13-0ubuntu3.5 deb CVE-2025-27587 Low
< 0.1% (15th) < 0.1
tar 1.35+dfsg-3build1 deb CVE-2025-45582 Medium
< 0.1% (4th) < 0.1
libc-bin 2.39-0ubuntu8.5 deb CVE-2016-20013
Negligible 0.2% (41st) < 0.1
libc6 2.39-0ubuntu8.5 deb CVE-2016-20013
Negligible 0.2% (41st) < 0.1
libncursesw6 6.4+20240113-1ubuntu2 deb CVE-2025-6141 Low
< 0.1% (2nd) < 0.1
libtinfo6 6.4+20240113-1ubuntu2 deb CVE-2025-6141 Low
< 0.1% (2nd) < 0.1
ncurses-base 6.4+20240113-1ubuntu2 deb CVE-2025-6141 Low
< 0.1% (2nd) < 0.1
ncurses-bin 6.4+20240113-1ubuntu2 deb CVE-2025-6141 Low
< 0.1% (2nd) < 0.1
coreutils 9.4-3ubuntu6 deb CVE-2025-5278 Low
< 0.1% (1st) < 0.1
gpgv 2.4.4-2ubuntu17.3 deb CVE-2022-3219 Low
< 0.1% (1st) < 0.1
perl-base 5.38.2-3.2ubuntu0.1 deb CVE-2025-40909 Medium
< 0.1% (0th) < 0.1
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
