Update ATC-pie to Version 1.9.2

[JLP04]

This updates ATC-pie to version 1.9.2

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:82f4790532062e430f8be5e85869bd777a71907dcf926818efa447352b76d94a
vulnerabilities
platform	linux/386
size	9.4 GB
packages	956

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:26fa82a17fdca5c75ee3d2d1c792b3fb0b014d373ed2ebfad283ce6e419876cf
vulnerabilities

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/386) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:26fa82a17fdca5c75ee3d2d1c792b3fb0b014d373ed2ebfad283ce6e419876cf
Vulnerabilities
Pushed	2 weeks ago
Size	51 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	7479b380dc7e	82f479053206
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/386	linux/386
- size	9.4 GB	9.4 GB (+48 kB)
- packages	956	956
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 601 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:6d931efd12071a02d20b5655613724d3c5f0ce4c055504d2904e2b8ccf8e6514
vulnerabilities
platform	linux/amd64
size	9.4 GB
packages	960

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:02711e365bccbd2045230e2c41b9c534d28df1c05ec3712c0b9a1a953a885f43
vulnerabilities

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/amd64) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:02711e365bccbd2045230e2c41b9c534d28df1c05ec3712c0b9a1a953a885f43
Vulnerabilities
Pushed	2 weeks ago
Size	49 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	d33c4cc2471a	6d931efd1207
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	9.4 GB	9.4 GB (+42 kB)
- packages	960	960
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 605 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:07cc152261571d0bd568792e46a459a34b431f21c77242253b9ac9ebb1d2c9e9
vulnerabilities
platform	linux/arm/v5
size	9.4 GB
packages	944

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:613332e5ddbe82c5b2a01e251cd46fc024d6ff6279cbb3128f689364caf1c37f
vulnerabilities

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/arm/v5) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:613332e5ddbe82c5b2a01e251cd46fc024d6ff6279cbb3128f689364caf1c37f
Vulnerabilities
Pushed	2 weeks ago
Size	47 MB
Packages	112
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	147e88004dee	07cc15226157
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/arm	linux/arm
- size	9.4 GB	9.4 GB (+36 kB)
- packages	944	944
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 597 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:fe35696769f49fffbe7fbd1754014b98664f195cff28dd825abbc8e66b32d366
vulnerabilities
platform	linux/arm/v7
size	9.4 GB
packages	943

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:e1fb7ff4bf1be1bb755dfd957dbe43d1125e0f1f459693622d2e7aaeeec474f1
vulnerabilities

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/arm/v7) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:e1fb7ff4bf1be1bb755dfd957dbe43d1125e0f1f459693622d2e7aaeeec474f1
Vulnerabilities
Pushed	2 weeks ago
Size	46 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	f94afd9ec494	fe35696769f4
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/arm	linux/arm
- size	9.4 GB	9.4 GB (+54 kB)
- packages	943	943
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 597 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:f04dbd183349d76fcab4728a7f5633aeb96f567dbbbb5fc9c4da000d4fc1d381
vulnerabilities
platform	linux/arm64
size	9.4 GB
packages	957

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:efca9f2dc86221f8eef0587e1cf8bb32908252232c036729f12649eab661c6e2
vulnerabilities

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/arm64) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:efca9f2dc86221f8eef0587e1cf8bb32908252232c036729f12649eab661c6e2
Vulnerabilities
Pushed	2 weeks ago
Size	50 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	89ad41fc192f	f04dbd183349
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/arm64	linux/arm64
- size	9.4 GB	9.4 GB (+57 kB)
- packages	957	957
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 603 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:a8226a760f7afb6c2a3b4abb101d9f51fa72313f7480fc4cb94bf425528be126
vulnerabilities
platform	linux/ppc64le
size	9.4 GB
packages	953

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:39d45be8ebdc5d05d5ce46e2aeb227bbcff2121e71db23bb2239a4f13c8a0586
vulnerabilities

stdlib 1.24.4 (golang) pkg:golang/stdlib@1.24.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range <1.24.11 Fixed version 1.24.11 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.026% EPSS Percentile 6th percentile Description The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.026% EPSS Percentile 6th percentile Description The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.014% EPSS Percentile 2nd percentile Description Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. Affected range <1.24.9 Fixed version 1.24.9 EPSS Score 0.014% EPSS Percentile 2nd percentile Description Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. Affected range <1.24.11 Fixed version 1.24.11 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com. Affected range >=1.24.0 <1.24.6 Fixed version 1.24.6 EPSS Score 0.020% EPSS Percentile 4th percentile Description If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.025% EPSS Percentile 6th percentile Description The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.019% EPSS Percentile 4th percentile Description When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.025% EPSS Percentile 6th percentile Description Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.033% EPSS Percentile 9th percentile Description Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.025% EPSS Percentile 6th percentile Description The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.014% EPSS Percentile 2nd percentile Description tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/ppc64le) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:39d45be8ebdc5d05d5ce46e2aeb227bbcff2121e71db23bb2239a4f13c8a0586
Vulnerabilities
Pushed	2 weeks ago
Size	53 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	fad1c7294bdd	a8226a760f7a
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/ppc64le	linux/ppc64le
- size	9.4 GB	9.4 GB (+61 kB)
- packages	953	953
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 600 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	sha256:b12091a813bb04b0f54a1be035d8e33643744d8b47dd3d0126ec27e5beeb7376
vulnerabilities
platform	linux/riscv64
size	9.4 GB
packages	948

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:f9fd45b6fc096cc2ebd15ae31a15a7e8bf5fdfc1e795302c7dc850ac7aa8ccd6
vulnerabilities

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.012% EPSS Percentile 1st percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.016% EPSS Percentile 3rd percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.087% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.867% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 19.260% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 15.257% EPSS Percentile 94th percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.383% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

[github-actions]

Recommended fixes for image (linux/riscv64) ghcr.io/jlp04/elevation-generator:test

Base image is debian:latest

Name	13.2
Digest	sha256:f9fd45b6fc096cc2ebd15ae31a15a7e8bf5fdfc1e795302c7dc850ac7aa8ccd6
Vulnerabilities
Pushed	2 weeks ago
Size	48 MB
Packages	109
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jlp04/elevation-generator:latest	ghcr.io/jlp04/elevation-generator:test
- digest	c43ef6ce3de4	b12091a813bb
- tag	latest	test
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/riscv64	linux/riscv64
- size	9.4 GB	9.4 GB (+58 kB)
- packages	948	948
Base Image	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117	debian:latest also known as: • 13 • 13.2 • trixie • trixie-20251117
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 597 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version jlp04/elevation-generator:latest	Version ghcr.io/jlp04/elevation-generator:test
♾️	libunbound8	1.22.0-2	1.22.0-2+deb13u1

[github-actions]

Your image	ghcr.io/jlp04/elevation-generator:test
Current base image	debian:latest

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:82f4790532062e430f8be5e85869bd777a71907dcf926818efa447352b76d94a
vulnerabilities
platform	linux/386
size	9.4 GB
packages	956

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:26fa82a17fdca5c75ee3d2d1c792b3fb0b014d373ed2ebfad283ce6e419876cf
vulnerabilities

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=i386&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=i386&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/386) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:26fa82a17fdca5c75ee3d2d1c792b3fb0b014d373ed2ebfad283ce6e419876cf
Vulnerabilities
Pushed	2 months ago
Size	51 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:6d931efd12071a02d20b5655613724d3c5f0ce4c055504d2904e2b8ccf8e6514
vulnerabilities
platform	linux/amd64
size	9.4 GB
packages	960

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:02711e365bccbd2045230e2c41b9c534d28df1c05ec3712c0b9a1a953a885f43
vulnerabilities

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=amd64&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/amd64) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:02711e365bccbd2045230e2c41b9c534d28df1c05ec3712c0b9a1a953a885f43
Vulnerabilities
Pushed	2 months ago
Size	49 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:07cc152261571d0bd568792e46a459a34b431f21c77242253b9ac9ebb1d2c9e9
vulnerabilities
platform	linux/arm/v5
size	9.4 GB
packages	944

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:613332e5ddbe82c5b2a01e251cd46fc024d6ff6279cbb3128f689364caf1c37f
vulnerabilities

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=armel&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=armel&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/arm/v5) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:613332e5ddbe82c5b2a01e251cd46fc024d6ff6279cbb3128f689364caf1c37f
Vulnerabilities
Pushed	2 months ago
Size	47 MB
Packages	112
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:fe35696769f49fffbe7fbd1754014b98664f195cff28dd825abbc8e66b32d366
vulnerabilities
platform	linux/arm/v7
size	9.4 GB
packages	943

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:e1fb7ff4bf1be1bb755dfd957dbe43d1125e0f1f459693622d2e7aaeeec474f1
vulnerabilities

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=armhf&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=armhf&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/arm/v7) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:e1fb7ff4bf1be1bb755dfd957dbe43d1125e0f1f459693622d2e7aaeeec474f1
Vulnerabilities
Pushed	2 months ago
Size	46 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:f04dbd183349d76fcab4728a7f5633aeb96f567dbbbb5fc9c4da000d4fc1d381
vulnerabilities
platform	linux/arm64
size	9.4 GB
packages	957

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:efca9f2dc86221f8eef0587e1cf8bb32908252232c036729f12649eab661c6e2
vulnerabilities

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=arm64&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=arm64&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/arm64) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:efca9f2dc86221f8eef0587e1cf8bb32908252232c036729f12649eab661c6e2
Vulnerabilities
Pushed	2 months ago
Size	50 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:a8226a760f7afb6c2a3b4abb101d9f51fa72313f7480fc4cb94bf425528be126
vulnerabilities
platform	linux/ppc64le
size	9.4 GB
packages	953

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:39d45be8ebdc5d05d5ce46e2aeb227bbcff2121e71db23bb2239a4f13c8a0586
vulnerabilities

stdlib 1.24.4 (golang) pkg:golang/stdlib@1.24.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range <1.24.11 Fixed version 1.24.11 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.031% EPSS Percentile 8th percentile Description The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.031% EPSS Percentile 8th percentile Description The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.016% EPSS Percentile 3rd percentile Description Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. Affected range <1.24.9 Fixed version 1.24.9 EPSS Score 0.016% EPSS Percentile 3rd percentile Description Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. Affected range <1.24.11 Fixed version 1.24.11 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com. Affected range >=1.24.0 <1.24.6 Fixed version 1.24.6 EPSS Score 0.018% EPSS Percentile 4th percentile Description If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.030% EPSS Percentile 8th percentile Description The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.020% EPSS Percentile 4th percentile Description When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.030% EPSS Percentile 8th percentile Description Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.034% EPSS Percentile 10th percentile Description Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.033% EPSS Percentile 9th percentile Description The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.016% EPSS Percentile 3rd percentile Description tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=ppc64el&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=ppc64el&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/ppc64le) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:39d45be8ebdc5d05d5ce46e2aeb227bbcff2121e71db23bb2239a4f13c8a0586
Vulnerabilities
Pushed	2 months ago
Size	53 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:b12091a813bb04b0f54a1be035d8e33643744d8b47dd3d0126ec27e5beeb7376
vulnerabilities
platform	linux/riscv64
size	9.4 GB
packages	948

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:f9fd45b6fc096cc2ebd15ae31a15a7e8bf5fdfc1e795302c7dc850ac7aa8ccd6
vulnerabilities

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=riscv64&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

stdlib 1.25.4 (golang) pkg:golang/stdlib@1.25.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range >=1.25.0 <1.25.5 Fixed version 1.25.5 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=riscv64&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/riscv64) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:f9fd45b6fc096cc2ebd15ae31a15a7e8bf5fdfc1e795302c7dc850ac7aa8ccd6
Vulnerabilities
Pushed	2 months ago
Size	48 MB
Packages	109
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Your image	jlp04/elevation-generator:latest
Current base image	debian:latest

[github-actions]

🔍 Vulnerabilities of jlp04/elevation-generator:latest

📦 Image Reference jlp04/elevation-generator:latest

digest	sha256:99442ae443bd5e0d85c766a1deb0a506e26e6a6b6bd74fbd621a8c6b0195e28e
vulnerabilities
platform	linux/s390x
size	9.4 GB
packages	947

📦 Base Image debian:13

also known as	13.2 latest trixie trixie-20251117
digest	sha256:66fad7f399902dc3a077699f1f6b10df18a00c72d3553f150e5842beec80954f
vulnerabilities

stdlib 1.24.4 (golang) pkg:golang/stdlib@1.24.4 # Dockerfile (241:241) RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash Affected range <1.24.11 Fixed version 1.24.11 EPSS Score 0.017% EPSS Percentile 3rd percentile Description Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.031% EPSS Percentile 8th percentile Description The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.031% EPSS Percentile 8th percentile Description The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.016% EPSS Percentile 3rd percentile Description Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. Affected range <1.24.9 Fixed version 1.24.9 EPSS Score 0.016% EPSS Percentile 3rd percentile Description Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. Affected range <1.24.11 Fixed version 1.24.11 EPSS Score 0.010% EPSS Percentile 1st percentile Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com. Affected range >=1.24.0 <1.24.6 Fixed version 1.24.6 EPSS Score 0.018% EPSS Percentile 4th percentile Description If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.030% EPSS Percentile 8th percentile Description The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.020% EPSS Percentile 4th percentile Description When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.030% EPSS Percentile 8th percentile Description Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.034% EPSS Percentile 10th percentile Description Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.033% EPSS Percentile 9th percentile Description The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement. Affected range <1.24.8 Fixed version 1.24.8 EPSS Score 0.016% EPSS Percentile 3rd percentile Description tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

libpng16-16t64 1.6.48-1 (deb) pkg:deb/debian/libpng16-16t64@1.6.48-1?arch=s390x&distro=debian-13&upstream=libpng1.6 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.085% EPSS Percentile 25th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. libpng1.6 1.6.52-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877) GHSA-9mpm-9pxh-mg4f Fixed by: pnggroup/libpng@788a624 (v1.6.52) Fixed by: pnggroup/libpng@a05a48b (v1.6.52) Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.034% EPSS Percentile 10th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216) GHSA-7wv6-48j4-hj3g Vulnerability Report: Heap Buffer Overflow in png_combine_row (libpng16, triggered via png_image_finish_read) pnggroup/libpng#755 pnggroup/libpng@16b5e38 (v1.6.51) pnggroup/libpng@218612d (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.062% EPSS Percentile 20th percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217) GHSA-hfc7-ph9c-wcww Index out of bounds in libpng-1.6.37/pngread.c -> png_image_read_composite() pnggroup/libpng#686 pnggroup/libpng@08da33b (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218) GHSA-qpr4-xm66-hww6 Fix heap buffer overflow in png_write_image_8bit pnggroup/libpng#749 pnggroup/libpng@2bd84c0 (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1 Affected range <1.6.48-1+deb13u1 Fixed version 1.6.48-1+deb13u1 EPSS Score 0.016% EPSS Percentile 3rd percentile Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. libpng1.6 1.6.51-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219) GHSA-4952-h5wq-4m42 Fix memory leaks and buffer overflows in pngrtran.c pnggroup/libpng#748 pnggroup/libpng@6a528eb (v1.6.51) https://www.openwall.com/lists/oss-security/2025/11/22/1

jquery-ui 1.11.2 (npm) pkg:npm/jquery-ui@1.11.2 # Dockerfile (227:227) COPY --from=build /tmp/install /flightgear/script/dnc-managed/install Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 22.535% EPSS Percentile 96th percentile Description Impact Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the of option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 2.937% EPSS Percentile 86th percentile Description Impact Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } ); will call doEvilThing with 6 different parameters coming from all *Text options. Patches The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. Workarounds A workaround is to not accept the value of the *Text options from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.0 Fixed version 1.13.0 CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N EPSS Score 20.555% EPSS Percentile 95th percentile Description Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); will call the doEvilThing function. Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. Workarounds A workaround is to not accept the value of the altField option from untrusted sources. For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.13.2 Fixed version 1.13.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 10.183% EPSS Percentile 93rd percentile Description Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> and calling: $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); will turn the initial HTML into: <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> and the alert will get executed. Patches The bug has been patched in jQuery UI 1.13.2. Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span: <label> <input id="test-input"> <span>&lt;img src=x onerror="alert(1)"&gt;</span> </label> References https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/ For more information If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <1.12.0 Fixed version 1.12.0 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N EPSS Score 1.397% EPSS Percentile 80th percentile Description Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector. Recommendation Upgrade to jQuery-UI 1.12.0 or later. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=1.11.4 Fixed version 1.12.0 Description jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

libgnutls30t64 3.8.9-3 (deb) pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=s390x&distro=debian-13&upstream=gnutls28 # Dockerfile (239:239) RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt --no-install-recommends install -y curl ca-certificates python3 python-is-python3 python3-pyqt5 libopengl0 && rm -rf /var/lib/apt/lists/* /var/cache/apt/* Affected range <3.8.9-3+deb13u1 Fixed version 3.8.9-3+deb13u1 Description [experimental] - gnutls28 3.8.11-1 gnutls28 3.8.11-3 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121146) [trixie] - gnutls28 3.8.9-3+deb13u1 [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue; can be fixed in next update) https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18 https://gitlab.com/gnutls/gnutls/-/issues/1732 Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5 (3.8.11)

[github-actions]

Recommended fixes for image (linux/s390x) jlp04/elevation-generator:latest

Base image is debian:latest

Name	13.2
Digest	sha256:66fad7f399902dc3a077699f1f6b10df18a00c72d3553f150e5842beec80954f
Vulnerabilities
Pushed	2 months ago
Size	49 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, trixie

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.