Multiple CVEs reported by Trivy scan tool for v0.52.0

The listed CVEs for v0.52.0 includes HIGH.

### Vulnerabilities Summary

**Total**: 3  
**Severity**: UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0

| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version        | Title |
|---------|---------------|----------|--------|-------------------|----------------------|-------|
| stdlib  | [CVE-2025-22874](https://avd.aquasec.com/nvd/cve-2025-22874) | HIGH     | fixed  | 1.24.2            | 1.23.10, 1.24.4       | `crypto/x509`: Usage of `ExtKeyUsageAny` disables policy validation in `crypto/x509` |
| stdlib  | [CVE-2025-0913](https://avd.aquasec.com/nvd/cve-2025-0913)  | MEDIUM   | —      | —                 | —                    | Inconsistent handling of `O_CREATE|O_EXCL` on Unix and Windows in `os` / `syscall` |
| stdlib  | [CVE-2025-4673](https://avd.aquasec.com/nvd/cve-2025-4673)  | MEDIUM   | —      | —                 | —                    | `Proxy-Authorization` and `Proxy-Authenticate` headers persisted on cross-origin requests |


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Multiple CVEs reported by Trivy scan tool for v0.52.0 #960

Vulnerabilities Summary

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
stdlib	CVE-2025-22874	HIGH	fixed	1.24.2	1.23.10, 1.24.4	`crypto/x509`: Usage of `ExtKeyUsageAny` disables policy validation in `crypto/x509`
stdlib	CVE-2025-0913	MEDIUM	—	—	—	Inconsistent handling of `O_CREATE
stdlib	CVE-2025-4673	MEDIUM	—	—	—	`Proxy-Authorization` and `Proxy-Authenticate` headers persisted on cross-origin requests

Multiple CVEs reported by Trivy scan tool for v0.52.0 #960

Description

Vulnerabilities Summary

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions