Vulnerability Scan Report for registry.suse.com/bci/nodejs:20-31.11

Node.js 20 development container based on the SLE Base Container Image.

registry.suse.com/bci/nodejs:20-31.11

Last scanned on: July 07, 2025 04:22

Package Name	Severity	Status	Description	Reference links
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3925-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.12.1 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)	CVE-2024-9681 SU-20243925-1 SUSE Bug#1232528 SUSE Mailing List [sle-security-updates] 2024-November#019779 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:4288-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.15.1 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)	CVE-2024-11053 SU-20244288-1 SUSE Bug#1234068 SUSE Mailing List [sle-security-updates] 2024-December#019983 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2025:0369-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.21.1 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)	CVE-2025-0167 CVE-2025-0725 SU-20250369-1 SUSE Bug#1236588 SUSE Bug#1236590 SUSE Mailing List [sle-security-updates] 2025-February#020278 SUSE Security Rating
git-core	HIGH	fixed	Security update for git Vulnerability ID: SUSE-SU-2025:0116-1 Installed Version: 2.43.0-150600.3.6.1 Fixed Version: 2.43.0-150600.3.9.1 This update for git fixes the following issues: - CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600). - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).	CVE-2024-50349 CVE-2024-52006 SU-20250116-1 SUSE Bug#1235600 SUSE Bug#1235601 SUSE Mailing List [sle-security-updates] 2025-January#020132 SUSE Security Rating
glibc	HIGH	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2025:01702-1 Installed Version: 2.38-150600.14.5.1 Fixed Version: 2.38-150600.14.32.1 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).	CVE-2025-4802 SU-202501702-1 SUSE Bug#1243317 SUSE Mailing List [sle-updates] 2025-May#039341 SUSE Security Rating