Report Summary
βββββββββββββββββββββ¬ββββββββ¬ββββββββββββββββββ¬ββββββββββ
β Target β Type β Vulnerabilities β Secrets β
βββββββββββββββββββββΌββββββββΌββββββββββββββββββΌββββββββββ€
β go.mod β gomod β 5 β - β
βββββββββββββββββββββΌββββββββΌββββββββββββββββββΌββββββββββ€
β hack/tools/go.mod β gomod β 0 β - β
βββββββββββββββββββββ΄ββββββββ΄ββββββββββββββββββ΄ββββββββββ
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents
To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.
go.mod (gomod)
==============
Total: 5 (LOW: 1, MEDIUM: 1, HIGH: 2, CRITICAL: 1)
ββββββββββββββββββββββββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬βββββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β
ββββββββββββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌβββββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β github.com/cloudflare/circl β CVE-2026-1229 β LOW β fixed β v1.6.1 β 1.6.3 β CIRCL has an incorrect calculation in secp384r1 CombinedMult β
β β β β β β β https://avd.aquasec.com/nvd/cve-2026-1229 β
ββββββββββββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββ€ ββββββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β github.com/docker/docker β CVE-2026-34040 β HIGH β β v28.3.3+incompatible β 29.3.1 β Moby has AuthZ plugin bypass when provided oversized request β
β β β β β β β bodies β
β β β β β β β https://avd.aquasec.com/nvd/cve-2026-34040 β
β ββββββββββββββββββΌβββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β CVE-2026-33997 β MEDIUM β β β β Moby has an Off-by-one error in its plugin privilege β
β β β β β β β validation β
β β β β β β β https://avd.aquasec.com/nvd/cve-2026-33997 β
ββββββββββββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββ€ ββββββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β go.opentelemetry.io/otel/sdk β CVE-2026-24051 β HIGH β β v1.39.0 β 1.40.0 β OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution β
β β β β β β β via PATH Hijacking β
β β β β β β β https://avd.aquasec.com/nvd/cve-2026-24051 β
ββββββββββββββββββββββββββββββββΌβββββββββββββββββΌβββββββββββ€ ββββββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β google.golang.org/grpc β CVE-2026-33186 β CRITICAL β β v1.77.0 β 1.79.3 β golang: google.golang.org/grpc/grpc-go: β
β β β β β β β google.golang.org/grpc/authz: gRPC-Go: Authorization bypass β
β β β β β β β due to improper HTTP/2 path validation... β
β β β β β β β https://avd.aquasec.com/nvd/cve-2026-33186 β
ββββββββββββββββββββββββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄βββββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π¨ Security Alert: Vulnerabilities Detected (Trivy)
Overview
The Trivy security scanner has detected vulnerabilities on branch
backplane-2.11.backplane-2.11π Scan Results
π SARIF Results: View in Security Tab
Trivy Findings
π§ Remediation
go get -u <package>@<safe-version> && go mod tidymake testdocker run --rm -v $(pwd):/scan aquasec/trivy fs /scanπ€ This issue was automatically created by the security scan workflow