Request to patch dependencies to fix CVEs

Hi,

Our security scanner finds the following vulnerabilities in our oauth-proxy container image.

Is it possible for you to upgrade the dependencies to the fixed versions?

Thank you!


| Vulnerability | Severity | CVSS3 | Package | Current Version | Fixed in version |
| ------------- | -------- | ----- | ------- | --------------- | ---------------- |
| [CVE-2025-61729](https://pkg.go.dev/vuln/GO-2025-4155) | Low | N/A | crypto/x509 | 1.25.3 | 1.24.11, 1.25.5 |
| [CVE-2025-61727](https://pkg.go.dev/vuln/GO-2025-4175) | Low | N/A | crypto/x509 | 1.25.3 | 1.24.11, 1.25.5 |

The same CVEs were addressed in grafana by upgrading go-lang from 1.25.3 to 1.25.5 (https://github.com/grafana/grafana/pull/114749).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Request to patch dependencies to fix CVEs #340

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability	Severity	CVSS3	Package	Current Version	Fixed in version
CVE-2025-61729	Low	N/A	crypto/x509	1.25.3	1.24.11, 1.25.5
CVE-2025-61727	Low	N/A	crypto/x509	1.25.3	1.24.11, 1.25.5

Request to patch dependencies to fix CVEs #340

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions