-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy path.trivyignore
More file actions
44 lines (39 loc) · 1.32 KB
/
.trivyignore
File metadata and controls
44 lines (39 loc) · 1.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
CVE-2025-22874
CVE-2025-47907
CVE-2025-58754
CVE-2025-47906
AVD-DS-0029
CVE-2025-61724
CVE-2025-58188
CVE-2025-58187
CVE-2025-58186
CVE-2025-58183
CVE-2025-47912
CVE-2025-64756
CVE-2025-61729
CVE-2025-66020
CVE-2025-68973
# Go stdlib vulnerabilities from oven/bun base image - not exploitable in Node.js/Bun app
CVE-2025-61726
CVE-2025-61728
CVE-2025-68121
CVE-2025-61730
CVE-2026-32141
CVE-2026-26996
CVE-2026-27903
CVE-2026-27904
CVE-2026-26960
CVE-2026-29786
CVE-2026-31802
# Transitive deps - not directly used, negligible risk
CVE-2026-32887 # effect: AsyncLocalStorage context issue (via sveltekit-superforms, @prisma/config)
CVE-2026-33036 # fast-xml-parser: XML entity expansion DoS (via AWS SDK)
CVE-2026-33228 # flatted: prototype pollution (via ESLint cache)
CVE-2026-32763 # kysely: SQL injection (via Inlang i18n tooling, dev only)
CVE-2026-33468 # kysely: MySQL SQL injection (via Inlang i18n tooling, dev only)
CVE-2026-33671 # picomatch: ReDoS via extglob (via build tools)
# Go stdlib in esbuild/lefthook binaries - not actionable
CVE-2026-25679 # net/url IPv6 parsing (esbuild, lefthook)
# Unreachable vulnerable code paths
CVE-2026-35209 # defu: prototype pollution (vulnerable code path unreachable in this project)
CVE-2026-4800 # lodash/lodash-es: prototype pollution (vulnerable code path unreachable in this project)