Multiple CVEs reported by Trivy scan tool for latest version v4.18.3

The listed CVEs for v4.18.3 includes HIGH.

### Vulnerabilities Summary

**Total**: 3  
**Severity**: UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0

| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version     | Title |
|---------|---------------|----------|--------|-------------------|-------------------|-------|
| stdlib  | [CVE-2025-22874](https://avd.aquasec.com/nvd/cve-2025-22874) | HIGH    | fixed  | 1.24.2            | 1.23.10, 1.24.4   | `crypto/x509`: Usage of `ExtKeyUsageAny` disables policy validation |
| stdlib  | [CVE-2025-0913](https://avd.aquasec.com/nvd/cve-2025-0913)  | MEDIUM  | —      | —                 | —                 | Inconsistent handling of `O_CREATE|O_EXCL` on Unix and Windows in `os` / `syscall` |
| stdlib  | [CVE-2025-4673](https://avd.aquasec.com/nvd/cve-2025-4673)  | MEDIUM  | —      | —                 | —                 | `Proxy-Authorization` and `Proxy-Authenticate` headers persisted on cross-origin requests |


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Multiple CVEs reported by Trivy scan tool for latest version v4.18.3 #1288

Vulnerabilities Summary

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
stdlib	CVE-2025-22874	HIGH	fixed	1.24.2	1.23.10, 1.24.4	`crypto/x509`: Usage of `ExtKeyUsageAny` disables policy validation
stdlib	CVE-2025-0913	MEDIUM	—	—	—	Inconsistent handling of `O_CREATE
stdlib	CVE-2025-4673	MEDIUM	—	—	—	`Proxy-Authorization` and `Proxy-Authenticate` headers persisted on cross-origin requests

Multiple CVEs reported by Trivy scan tool for latest version v4.18.3 #1288

Description

Vulnerabilities Summary

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions