chore(findings): opensource/309theddge/dask-gateway-api

Summary

opensource/309theddge/dask-gateway-api has 221 new findings discovered during continuous monitoring.

Layer: opensource/metrostar/miniconda:miniconda_v7 is EOL, please update if possible

Layer: redhat/ubi/ubi9:9.4 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/309theddge/dask-gateway-api&tag=dask_gateway_api_v1&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	impact	workaround	epss_score	kev
CVE-2023-45288	Anchore CVE	High	stdlib-go1.21.6			0.67599	false
CVE-2023-45288	Twistlock CVE	Medium	net/http-1.21.6			0.67599	false
CVE-2024-24787	Anchore CVE	Medium	stdlib-go1.21.6			0.01583	false
CVE-2024-6232	Anchore CVE	High	python-3.12.5			0.01519	false
CVE-2024-6232	Anchore CVE	High	python-3.12.5			0.01519	false
CVE-2024-6232	Anchore CVE	High	python-3.12.5			0.01519	false
CVE-2024-6232	Anchore CVE	High	python-3.12.5			0.01519	false
CVE-2024-24784	Anchore CVE	High	stdlib-go1.21.6			0.01498	false
CVE-2025-0938	Anchore CVE	Medium	python-3.12.5			0.00715	false
CVE-2025-0938	Anchore CVE	Medium	python-3.12.5			0.00715	false
CVE-2025-0938	Anchore CVE	Medium	python-3.12.5			0.00715	false
CVE-2025-0938	Anchore CVE	Medium	python-3.12.5			0.00715	false
CVE-2024-8508	Anchore CVE	Medium	unbound-libs-1.16.2-17.el9			0.00670	false
CVE-2024-9143	Anchore CVE	Medium	openssl-3.3.2			0.00652	false
CVE-2024-24791	Anchore CVE	High	stdlib-go1.21.6			0.00618	false
CVE-2024-24791	Twistlock CVE	Low	net/http-1.21.6			0.00618	false
CVE-2024-7592	Anchore CVE	High	python-3.12.5			0.00468	false
CVE-2024-7592	Anchore CVE	High	python-3.12.5			0.00468	false
CVE-2024-7592	Anchore CVE	High	python-3.12.5			0.00468	false
CVE-2024-7592	Anchore CVE	High	python-3.12.5			0.00468	false
CVE-2023-45289	Anchore CVE	Medium	stdlib-go1.21.6			0.00409	false
CVE-2023-45289	Twistlock CVE	Low	net/http-1.21.6			0.00409	false
CVE-2024-24783	Anchore CVE	Medium	stdlib-go1.21.6			0.00401	false
CVE-2024-24783	Twistlock CVE	Low	crypto/x509-1.21.6			0.00401	false
CVE-2023-45290	Anchore CVE	Medium	stdlib-go1.21.6			0.00362	false
CVE-2023-45290	Twistlock CVE	Low	net/textproto-1.21.6			0.00362	false
CVE-2024-12254	Anchore CVE	High	python-3.12.5			0.00271	false
CVE-2024-12254	Anchore CVE	High	python-3.12.5			0.00271	false
CVE-2024-12254	Anchore CVE	High	python-3.12.5			0.00271	false
CVE-2024-12254	Anchore CVE	High	python-3.12.5			0.00271	false
CVE-2024-24785	Anchore CVE	Medium	stdlib-go1.21.6			0.00246	false
CVE-2024-12797	Anchore CVE	Medium	openssl-3.3.2			0.00222	false
CVE-2024-12797	Twistlock CVE	Low	cryptography-43.0.1			0.00222	false
CVE-2025-49794	Twistlock CVE	High	libxml2-2.9.13-9.el9_6			0.00202	false
CVE-2025-49794	Anchore CVE	High	libxml2-2.9.13-9.el9_6			0.00202	false
CVE-2025-49796	Twistlock CVE	High	libxml2-2.9.13-9.el9_6			0.00200	false
CVE-2025-49796	Anchore CVE	High	libxml2-2.9.13-9.el9_6			0.00200	false
CVE-2024-34156	Anchore CVE	High	stdlib-go1.21.6			0.00178	false
CVE-2024-52304	Twistlock CVE	Medium	aiohttp-3.10.5	Most users do not use the Python parser.	Use the default C parser.	0.00168	false
CVE-2025-4517	Anchore CVE	Critical	python-3.12.1			0.00146	false
CVE-2025-4517	Anchore CVE	Critical	python-3.12.5			0.00146	false
CVE-2025-4517	Anchore CVE	Critical	python-3.12.5			0.00146	false
CVE-2025-4517	Anchore CVE	Critical	python-3.12.5			0.00146	false
CVE-2025-4517	Anchore CVE	Critical	python-3.12.5			0.00146	false
CVE-2025-4517	Anchore CVE	Critical	python-3.12.1			0.00146	false
CVE-2025-4517	Twistlock CVE	High	python3.9-3.9.21-2.el9			0.00146	false
CVE-2025-4517	Anchore CVE	High	python3-3.9.21-2.el9			0.00146	false
CVE-2025-4517	Anchore CVE	High	python3-libs-3.9.21-2.el9			0.00146	false
CVE-2025-47273	Twistlock CVE	High	setuptools-70.1.0			0.00139	false
CVE-2025-47273	Twistlock CVE	High	setuptools-73.0.1			0.00139	false
CVE-2025-4330	Anchore CVE	High	python-3.12.5			0.00120	false
CVE-2025-4330	Anchore CVE	High	python-3.12.1			0.00120	false
CVE-2025-4330	Anchore CVE	High	python-3.12.5			0.00120	false
CVE-2025-4330	Anchore CVE	High	python-3.12.1			0.00120	false
CVE-2025-4330	Anchore CVE	High	python-3.12.5			0.00120	false
CVE-2025-4330	Anchore CVE	High	python-3.12.5			0.00120	false
CVE-2025-4330	Twistlock CVE	Medium	python3.9-3.9.21-2.el9			0.00120	false
CVE-2025-4330	Anchore CVE	Medium	python3-3.9.21-2.el9			0.00120	false
CVE-2025-4330	Anchore CVE	Medium	python3-libs-3.9.21-2.el9			0.00120	false
CVE-2023-27043	Anchore CVE	Medium	python-3.12.5			0.00117	false
CVE-2023-27043	Anchore CVE	Medium	python-3.12.5			0.00117	false
CVE-2023-27043	Anchore CVE	Medium	python-3.12.5			0.00117	false
CVE-2023-27043	Anchore CVE	Medium	python-3.12.5			0.00117	false
CVE-2024-34155	Anchore CVE	Medium	stdlib-go1.21.6			0.00115	false
CVE-2025-4138	Anchore CVE	High	python-3.12.5			0.00100	false
CVE-2025-4138	Anchore CVE	High	python-3.12.5			0.00100	false
CVE-2025-4138	Anchore CVE	High	python-3.12.5			0.00100	false
CVE-2025-4138	Anchore CVE	High	python-3.12.1			0.00100	false
CVE-2025-4138	Anchore CVE	High	python-3.12.1			0.00100	false
CVE-2025-4138	Anchore CVE	High	python-3.12.5			0.00100	false
CVE-2025-4138	Twistlock CVE	High	python3.9-3.9.21-2.el9			0.00100	false
CVE-2025-4138	Anchore CVE	High	python3-3.9.21-2.el9			0.00100	false
CVE-2025-4138	Anchore CVE	High	python3-libs-3.9.21-2.el9			0.00100	false
CVE-2024-12718	Anchore CVE	Medium	python-3.12.1			0.00097	false
CVE-2024-12718	Anchore CVE	Medium	python-3.12.5			0.00097	false
CVE-2024-12718	Anchore CVE	Medium	python-3.12.1			0.00097	false
CVE-2024-12718	Anchore CVE	Medium	python-3.12.5			0.00097	false
CVE-2024-12718	Anchore CVE	Medium	python-3.12.5			0.00097	false
CVE-2024-12718	Anchore CVE	Medium	python-3.12.5			0.00097	false
CVE-2024-12718	Twistlock CVE	High	python3.9-3.9.21-2.el9			0.00097	false
CVE-2024-12718	Anchore CVE	High	python3-3.9.21-2.el9			0.00097	false
CVE-2024-12718	Anchore CVE	High	python3-libs-3.9.21-2.el9			0.00097	false
CVE-2025-8194	Twistlock CVE	Medium	python3.9-3.9.21-2.el9			0.00096	false
CVE-2025-8194	Anchore CVE	Medium	python3-3.9.21-2.el9			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.12.5			0.00096	false
CVE-2025-8194	Anchore CVE	Medium	python3-libs-3.9.21-2.el9			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.12.5			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.12.5			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.12.1			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.12.1			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.12.5			0.00096	false
CVE-2024-8088	Anchore CVE	High	python-3.12.5			0.00091	false
CVE-2024-8088	Anchore CVE	High	python-3.12.5			0.00091	false
CVE-2024-8088	Anchore CVE	High	python-3.12.5			0.00091	false
CVE-2024-8088	Anchore CVE	High	python-3.12.5			0.00091	false
CVE-2025-6069	Twistlock CVE	Medium	python3.9-3.9.21-2.el9			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python3-libs-3.9.21-2.el9			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python3-3.9.21-2.el9			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.12.1			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.12.5			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.12.5			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.12.1			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.12.5			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.12.5			0.00090	false
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.21.6			0.00090	false
CVE-2024-24790	Twistlock CVE	Critical	net/netip-1.21.6			0.00090	false
CVE-2025-6021	Twistlock CVE	Medium	libxml2-2.9.13-9.el9_6			0.00089	false
CVE-2025-6021	Anchore CVE	Medium	libxml2-2.9.13-9.el9_6			0.00089	false
CVE-2024-34158	Anchore CVE	High	stdlib-go1.21.6			0.00082	false
CVE-2024-13176	Anchore CVE	Medium	openssl-3.3.2			0.00080	false
CVE-2025-32990	Twistlock CVE	Medium	gnutls-3.8.3-6.el9			0.00072	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9			0.00072	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-3.8.3-6.el9			0.00072	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9			0.00072	false
CVE-2024-50602	Anchore CVE	Medium	python-3.12.5			0.00068	false
CVE-2024-50602	Anchore CVE	Medium	python-3.12.5			0.00068	false
CVE-2024-50602	Anchore CVE	Medium	python-3.12.5			0.00068	false
CVE-2024-50602	Anchore CVE	Medium	python-3.12.5			0.00068	false
CVE-2025-4435	Anchore CVE	High	python-3.12.5			0.00067	false
CVE-2025-4435	Anchore CVE	High	python-3.12.1			0.00067	false
CVE-2025-4435	Anchore CVE	High	python-3.12.5			0.00067	false
CVE-2025-4435	Anchore CVE	High	python-3.12.1			0.00067	false
CVE-2025-4435	Anchore CVE	High	python-3.12.5			0.00067	false
CVE-2025-4435	Anchore CVE	High	python-3.12.5			0.00067	false
CVE-2025-4435	Twistlock CVE	Medium	python3.9-3.9.21-2.el9			0.00067	false
CVE-2025-4435	Anchore CVE	Medium	python3-3.9.21-2.el9			0.00067	false
CVE-2025-4435	Anchore CVE	Medium	python3-libs-3.9.21-2.el9			0.00067	false
CVE-2025-57804	Twistlock CVE	Medium	h2-4.1.0			0.00062	false
CVE-2025-6395	Twistlock CVE	Medium	gnutls-3.8.3-6.el9			0.00057	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-3.8.3-6.el9			0.00057	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9			0.00057	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9			0.00057	false
CVE-2025-32988	Twistlock CVE	Medium	gnutls-3.8.3-6.el9			0.00056	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9			0.00056	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-3.8.3-6.el9			0.00056	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9			0.00056	false
CVE-2025-5702	Twistlock CVE	Medium	glibc-2.34-168.el9_6.14			0.00055	false
CVE-2025-5702	Anchore CVE	Medium	glibc-2.34-168.el9_6.14			0.00055	false
CVE-2025-5702	Anchore CVE	Medium	glibc-common-2.34-168.el9_6.14			0.00055	false
CVE-2025-5702	Anchore CVE	Medium	glibc-minimal-langpack-2.34-168.el9_6.14			0.00055	false
CVE-2025-5702	Anchore CVE	Medium	glibc-langpack-en-2.34-168.el9_6.14			0.00055	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.6			0.00054	false
CVE-2024-9287	Anchore CVE	High	python-3.12.5			0.00048	false
CVE-2024-9287	Anchore CVE	High	python-3.12.5			0.00048	false
CVE-2024-9287	Anchore CVE	High	python-3.12.5			0.00048	false
CVE-2024-9287	Anchore CVE	High	python-3.12.5			0.00048	false
CVE-2025-53643	Twistlock CVE	Low	aiohttp-3.10.5	If the above conditions are met which is already unlikely, they are affected.		0.00044	false
CVE-2025-4598	Twistlock CVE	Medium	systemd-252-51.el9			0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-pam-252-51.el9			0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-252-51.el9			0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-libs-252-51.el9			0.00037	false
CVE-2025-4598	Anchore CVE	Medium	systemd-rpm-macros-252-51.el9			0.00037	false
CVE-2024-45336	Anchore CVE	Medium	stdlib-go1.21.6			0.00037	false
CVE-2024-45336	Twistlock CVE	Low	net/http-1.21.6			0.00037	false
CVE-2024-47081	Twistlock CVE	Medium	requests-2.32.3			0.00028	false
CVE-2024-47081	Twistlock CVE	Medium	python-requests-2.25.1-9.el9			0.00028	false
CVE-2024-47081	Anchore CVE	Medium	python3-requests-2.25.1-9.el9			0.00028	false
CVE-2024-45341	Anchore CVE	Medium	stdlib-go1.21.6			0.00028	false
CVE-2024-45341	Twistlock CVE	Low	crypto/x509-1.21.6			0.00028	false
CVE-2025-5994	Twistlock CVE	High	unbound-1.16.2-17.el9			0.00027	false
CVE-2025-5994	Anchore CVE	High	unbound-libs-1.16.2-17.el9			0.00027	false
CVE-2025-6020	Twistlock CVE	High	pam-1.5.1-23.el9			0.00026	false
CVE-2025-6020	Anchore CVE	High	pam-1.5.1-23.el9			0.00026	false
CVE-2025-32989	Twistlock CVE	Medium	gnutls-3.8.3-6.el9			0.00026	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9			0.00026	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9			0.00026	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-3.8.3-6.el9			0.00026	false
CVE-2025-8941	Twistlock CVE	High	pam-1.5.1-23.el9			0.00023	false
CVE-2025-8941	Anchore CVE	High	pam-1.5.1-23.el9			0.00023	false
CVE-2025-5245	Twistlock CVE	Medium	gdb-14.2-4.el9			0.00022	false
CVE-2025-5245	Anchore CVE	Medium	gdb-gdbserver-14.2-4.el9			0.00022	false
CVE-2025-6170	Twistlock CVE	Low	libxml2-2.9.13-9.el9_6			0.00021	false
CVE-2025-6170	Anchore CVE	Low	libxml2-2.9.13-9.el9_6			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python-3.12.5			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python-3.12.5			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python-3.12.5			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python-3.12.1			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python-3.12.5			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python-3.12.1			0.00021	false
CVE-2025-4516	Twistlock CVE	Medium	python3.9-3.9.21-2.el9			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python3-libs-3.9.21-2.el9			0.00021	false
CVE-2025-4516	Anchore CVE	Medium	python3-3.9.21-2.el9			0.00021	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.21.6			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.6			0.00019	false
CVE-2025-8058	Twistlock CVE	Medium	glibc-2.34-168.el9_6.14			0.00018	false
CVE-2025-8058	Anchore CVE	Medium	glibc-2.34-168.el9_6.14			0.00018	false
CVE-2025-8058	Anchore CVE	Medium	glibc-minimal-langpack-2.34-168.el9_6.14			0.00018	false
CVE-2025-8058	Anchore CVE	Medium	glibc-langpack-en-2.34-168.el9_6.14			0.00018	false
CVE-2025-8058	Anchore CVE	Medium	glibc-common-2.34-168.el9_6.14			0.00018	false
CVE-2025-5278	Twistlock CVE	Medium	coreutils-8.32-39.el9			0.00018	false
CVE-2025-5278	Anchore CVE	Medium	coreutils-single-8.32-39.el9			0.00018	false
CVE-2025-7425	Twistlock CVE	High	libxml2-2.9.13-9.el9_6			0.00017	false
CVE-2025-7425	Anchore CVE	High	libxml2-2.9.13-9.el9_6			0.00017	false
CVE-2025-50181	Twistlock CVE	Medium	urllib3-2.2.2	Most users dont disable redirects on the PoolManager.	Set redirectsFalseredirects0 on the .request call instead of on the toplevel urllib3.PoolManager	0.00015	false
CVE-2025-50182	Twistlock CVE	Medium	urllib3-2.2.2	Pyodide is extremely rare configuration for users in production.		0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.6			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.21.6			0.00013	false
CVE-2025-22866	Anchore CVE	Medium	stdlib-go1.21.6			0.00010	false
CVE-2025-22866	Twistlock CVE	Low	crypto/internal/nistec-1.21.6			0.00010	false
CVE-2025-4802	Twistlock CVE	Medium	glibc-2.34-168.el9_6.14			0.00008	false
CVE-2025-4802	Anchore CVE	Medium	glibc-2.34-168.el9_6.14			0.00008	false
CVE-2025-4802	Anchore CVE	Medium	glibc-langpack-en-2.34-168.el9_6.14			0.00008	false
CVE-2025-4802	Anchore CVE	Medium	glibc-minimal-langpack-2.34-168.el9_6.14			0.00008	false
CVE-2025-4802	Anchore CVE	Medium	glibc-common-2.34-168.el9_6.14			0.00008	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.6			0.00006	false
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.21.6			0.00006	false
CVE-2025-9714	Twistlock CVE	Medium	libxml2-2.9.13-9.el9_6			N/A	false
PRISMA-2023-0024	Twistlock CVE	High	aiohttp-3.10.5			N/A	N/A
PRISMA-2022-0168	Twistlock CVE	High	pip-24.2			N/A	N/A
GHSA-pq67-6m6q-mj2v	Anchore CVE	Medium	urllib3-2.2.2			N/A	N/A
GHSA-pq67-6m6q-mj2v	Anchore CVE	Medium	urllib3-2.2.2			N/A	N/A
GHSA-9hjg-9r4m-mvj7	Anchore CVE	Medium	requests-2.32.3			N/A	N/A
GHSA-9548-qrrj-x5pj	Anchore CVE	Low	aiohttp-3.10.5			N/A	N/A
GHSA-8495-4g3g-x7pr	Anchore CVE	Medium	aiohttp-3.10.5			N/A	N/A
GHSA-847f-9342-265h	Anchore CVE	Medium	h2-4.1.0			N/A	N/A
GHSA-79v4-65xg-pq4g	Anchore CVE	Low	cryptography-43.0.1			N/A	N/A
GHSA-5rjg-fvgr-3xxf	Anchore CVE	High	setuptools-73.0.1			N/A	N/A
GHSA-5rjg-fvgr-3xxf	Anchore CVE	High	setuptools-70.1.0			N/A	N/A
GHSA-48p4-8xcf-vxj5	Anchore CVE	Medium	urllib3-2.2.2			N/A	N/A
GHSA-48p4-8xcf-vxj5	Anchore CVE	Medium	urllib3-2.2.2			N/A	N/A
CCE-83629-6	OSCAP Compliance	Medium				N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/309theddge/dask-gateway-api&tag=dask_gateway_api_v1&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 03, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): opensource/309theddge/dask-gateway-api

Summary

Tasks

Questions?