chore(findings): phylum/locksmith

Summary

phylum/locksmith has 181 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.4 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=phylum/locksmith&tag=1.0.2&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2024-1931	Twistlock CVE	Medium	unbound-1.16.2-21.el9	0.06753	false
CVE-2024-1931	Anchore CVE	Medium	unbound-libs-1.16.2-21.el9	0.06753	false
CVE-2024-7264	Twistlock CVE	Low	curl-7.76.1-34.el9	0.05357	false
CVE-2024-7264	Anchore CVE	Low	libcurl-minimal-7.76.1-34.el9	0.05357	false
CVE-2024-7264	Anchore CVE	Low	curl-minimal-7.76.1-34.el9	0.05357	false
CVE-2024-33655	Twistlock CVE	Low	unbound-1.16.2-21.el9	0.03922	false
CVE-2024-33655	Anchore CVE	Low	unbound-libs-1.16.2-21.el9	0.03922	false
CVE-2024-9681	Twistlock CVE	Low	curl-7.76.1-34.el9	0.01225	false
CVE-2024-9681	Anchore CVE	Low	libcurl-minimal-7.76.1-34.el9	0.01225	false
CVE-2024-9681	Anchore CVE	Low	curl-minimal-7.76.1-34.el9	0.01225	false
CVE-2024-34459	Twistlock CVE	Low	libxml2-2.9.13-14.el9_7	0.00847	false
CVE-2024-34459	Anchore CVE	Low	libxml2-2.9.13-14.el9_7	0.00847	false
CVE-2024-41996	Twistlock CVE	Low	openssl-1:3.5.1-4.el9_7	0.00690	false
CVE-2024-41996	Anchore CVE	Low	openssl-libs-1:3.5.1-4.el9_7	0.00690	false
CVE-2024-41996	Anchore CVE	Low	openssl-1:3.5.1-4.el9_7	0.00690	false
CVE-2025-1153	Twistlock CVE	Low	gdb-16.3-2.el9	0.00599	false
CVE-2025-1153	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00599	false
CVE-2025-1795	Twistlock CVE	Low	python3.9-3.9.23-2.el9	0.00466	false
CVE-2025-1795	Anchore CVE	Low	python3-3.9.23-2.el9	0.00466	false
CVE-2025-1795	Anchore CVE	Low	python3-libs-3.9.23-2.el9	0.00466	false
CVE-2024-11053	Twistlock CVE	Low	curl-7.76.1-34.el9	0.00337	false
CVE-2024-11053	Anchore CVE	Low	curl-minimal-7.76.1-34.el9	0.00337	false
CVE-2024-11053	Anchore CVE	Low	libcurl-minimal-7.76.1-34.el9	0.00337	false
CVE-2025-14087	Twistlock CVE	Medium	glib2-2.68.4-18.el9_7	0.00197	false
CVE-2025-14087	Anchore CVE	Medium	glib2-2.68.4-18.el9_7	0.00197	false
CVE-2025-1632	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00188	false
CVE-2025-1632	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00188	false
CVE-2025-27113	Twistlock CVE	Low	libxml2-2.9.13-14.el9_7	0.00184	false
CVE-2025-27113	Anchore CVE	Low	libxml2-2.9.13-14.el9_7	0.00184	false
CVE-2025-1152	Twistlock CVE	Low	gdb-16.3-2.el9	0.00181	false
CVE-2025-1152	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00181	false
CVE-2025-1150	Twistlock CVE	Low	gdb-16.3-2.el9	0.00181	false
CVE-2025-1150	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00181	false
CVE-2025-1151	Twistlock CVE	Low	gdb-16.3-2.el9	0.00167	false
CVE-2025-1151	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00167	false
CVE-2023-32636	Twistlock CVE	Low	glib2-2.68.4-18.el9_7	0.00165	false
CVE-2023-32636	Anchore CVE	Low	glib2-2.68.4-18.el9_7	0.00165	false
CVE-2025-6069	Twistlock CVE	Medium	python3.9-3.9.23-2.el9	0.00163	false
CVE-2025-6069	Anchore CVE	Medium	python3-3.9.23-2.el9	0.00163	false
CVE-2025-6069	Anchore CVE	Medium	python3-libs-3.9.23-2.el9	0.00163	false
CVE-2020-12413	Anchore CVE	Low	nss-softokn-freebl-3.112.0-4.el9_4	0.00157	false
CVE-2020-12413	Anchore CVE	Low	nss-softokn-3.112.0-4.el9_4	0.00157	false
CVE-2020-12413	Anchore CVE	Low	nss-3.112.0-4.el9_4	0.00157	false
CVE-2020-12413	Anchore CVE	Low	nspr-4.36.0-4.el9_4	0.00157	false
CVE-2020-12413	Anchore CVE	Low	nss-util-3.112.0-4.el9_4	0.00157	false
CVE-2020-12413	Anchore CVE	Low	nss-sysinit-3.112.0-4.el9_4	0.00157	false
CVE-2020-12413	Twistlock CVE	Low	nss-3.112.0-4.el9_4	0.00157	false
CVE-2024-13176	Twistlock CVE	Low	openssl-1:3.5.1-4.el9_7	0.00123	false
CVE-2024-13176	Anchore CVE	Low	openssl-1:3.5.1-4.el9_7	0.00123	false
CVE-2024-13176	Anchore CVE	Low	openssl-libs-1:3.5.1-4.el9_7	0.00123	false
CVE-2025-8291	Twistlock CVE	Medium	python3.9-3.9.23-2.el9	0.00113	false
CVE-2025-8291	Anchore CVE	Medium	python3-3.9.23-2.el9	0.00113	false
CVE-2025-8291	Anchore CVE	Medium	python3-libs-3.9.23-2.el9	0.00113	false
CVE-2025-9086	Twistlock CVE	Medium	curl-7.76.1-34.el9	0.00095	false
CVE-2025-9086	Anchore CVE	Medium	curl-minimal-7.76.1-34.el9	0.00095	false
CVE-2025-9086	Anchore CVE	Medium	libcurl-minimal-7.76.1-34.el9	0.00095	false
CVE-2025-7039	Twistlock CVE	Low	glib2-2.68.4-18.el9_7	0.00093	false
CVE-2023-45322	Anchore CVE	Low	libxml2-2.9.13-14.el9_7	0.00076	false
CVE-2025-3360	Twistlock CVE	Low	glib2-2.68.4-18.el9_7	0.00068	false
CVE-2025-3360	Anchore CVE	Low	glib2-2.68.4-18.el9_7	0.00068	false
CVE-2024-43168	Twistlock CVE	Low	unbound-1.16.2-21.el9	0.00068	false
CVE-2024-43168	Anchore CVE	Low	unbound-libs-1.16.2-21.el9	0.00068	false
CVE-2025-13836	Anchore CVE	Medium	python3-libs-3.9.23-2.el9	0.00066	false
CVE-2025-13836	Anchore CVE	Medium	python3-3.9.23-2.el9	0.00066	false
CVE-2025-13836	Twistlock CVE	Medium	python3.9-3.9.23-2.el9	0.00066	false
CVE-2025-1377	Twistlock CVE	Low	elfutils-0.193-1.el9	0.00064	false
CVE-2025-1377	Anchore CVE	Low	elfutils-libelf-0.193-1.el9	0.00064	false
CVE-2025-1377	Anchore CVE	Low	elfutils-default-yama-scope-0.193-1.el9	0.00064	false
CVE-2025-1377	Anchore CVE	Low	elfutils-libs-0.193-1.el9	0.00064	false
CVE-2025-1376	Twistlock CVE	Low	elfutils-0.193-1.el9	0.00064	false
CVE-2025-1376	Anchore CVE	Low	elfutils-libs-0.193-1.el9	0.00064	false
CVE-2025-1376	Anchore CVE	Low	elfutils-libelf-0.193-1.el9	0.00064	false
CVE-2025-1376	Anchore CVE	Low	elfutils-default-yama-scope-0.193-1.el9	0.00064	false
CVE-2025-11411	Twistlock CVE	Medium	unbound-1.16.2-21.el9	0.00062	false
CVE-2025-11411	Anchore CVE	Medium	unbound-libs-1.16.2-21.el9	0.00062	false
CVE-2025-1371	Twistlock CVE	Low	elfutils-0.193-1.el9	0.00052	false
CVE-2025-1371	Anchore CVE	Low	elfutils-libelf-0.193-1.el9	0.00052	false
CVE-2025-1371	Anchore CVE	Low	elfutils-libs-0.193-1.el9	0.00052	false
CVE-2025-1371	Anchore CVE	Low	elfutils-default-yama-scope-0.193-1.el9	0.00052	false
CVE-2023-50495	Twistlock CVE	Low	ncurses-6.2-12.20210508.el9	0.00051	false
CVE-2023-50495	Anchore CVE	Low	ncurses-libs-6.2-12.20210508.el9	0.00051	false
CVE-2023-50495	Anchore CVE	Low	ncurses-base-6.2-12.20210508.el9	0.00051	false
CVE-2024-7531	Anchore CVE	Low	nss-sysinit-3.112.0-4.el9_4	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-softokn-freebl-3.112.0-4.el9_4	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-softokn-3.112.0-4.el9_4	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nspr-4.36.0-4.el9_4	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-util-3.112.0-4.el9_4	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-3.112.0-4.el9_4	0.00050	false
CVE-2024-7531	Twistlock CVE	Low	nss-3.112.0-4.el9_4	0.00050	false
CVE-2022-27943	Twistlock CVE	Low	gcc-11.5.0-11.el9	0.00050	false
CVE-2022-27943	Anchore CVE	Low	libstdc++-11.5.0-11.el9	0.00050	false
CVE-2025-14512	Twistlock CVE	Medium	glib2-2.68.4-18.el9_7	0.00034	false
CVE-2025-14512	Anchore CVE	Medium	glib2-2.68.4-18.el9_7	0.00034	false
CVE-2024-57360	Twistlock CVE	Low	gdb-16.3-2.el9	0.00028	false
CVE-2024-57360	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00028	false
CVE-2025-9232	Twistlock CVE	Low	openssl-1:3.5.1-4.el9_7	0.00027	false
CVE-2025-9232	Anchore CVE	Low	openssl-libs-1:3.5.1-4.el9_7	0.00027	false
CVE-2025-9232	Anchore CVE	Low	openssl-1:3.5.1-4.el9_7	0.00027	false
CVE-2025-11081	Twistlock CVE	Medium	gdb-16.3-2.el9	0.00027	false
CVE-2025-11081	Anchore CVE	Medium	gdb-gdbserver-16.3-2.el9	0.00027	false
CVE-2025-5915	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00026	false
CVE-2025-5915	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00026	false
CVE-2025-11083	Twistlock CVE	Medium	gdb-16.3-2.el9	0.00026	false
CVE-2025-11083	Anchore CVE	Medium	gdb-gdbserver-16.3-2.el9	0.00026	false
CVE-2024-43167	Twistlock CVE	Low	unbound-1.16.2-21.el9	0.00026	false
CVE-2024-43167	Anchore CVE	Low	unbound-libs-1.16.2-21.el9	0.00026	false
CVE-2025-5916	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00023	false
CVE-2025-5916	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00023	false
CVE-2025-4516	Twistlock CVE	Medium	python3.9-3.9.23-2.el9	0.00023	false
CVE-2025-4516	Anchore CVE	Medium	python3-3.9.23-2.el9	0.00023	false
CVE-2025-4516	Anchore CVE	Medium	python3-libs-3.9.23-2.el9	0.00023	false
CVE-2025-11840	Twistlock CVE	Low	gdb-16.3-2.el9	0.00023	false
CVE-2025-11840	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-11495	Twistlock CVE	Low	gdb-16.3-2.el9	0.00023	false
CVE-2025-11495	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-11494	Twistlock CVE	Low	gdb-16.3-2.el9	0.00023	false
CVE-2025-11494	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-11414	Twistlock CVE	Low	gdb-16.3-2.el9	0.00023	false
CVE-2025-11414	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-11413	Twistlock CVE	Low	gdb-16.3-2.el9	0.00023	false
CVE-2025-11413	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-11412	Twistlock CVE	Low	gdb-16.3-2.el9	0.00023	false
CVE-2025-11412	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-11082	Twistlock CVE	Medium	gdb-16.3-2.el9	0.00023	false
CVE-2025-11082	Anchore CVE	Medium	gdb-gdbserver-16.3-2.el9	0.00023	false
CVE-2025-60753	Anchore CVE	Medium	libarchive-3.5.3-6.el9_6	0.00020	false
CVE-2025-60753	Twistlock CVE	Medium	libarchive-3.5.3-6.el9_6	0.00020	false
CVE-2025-5245	Twistlock CVE	Medium	gdb-16.3-2.el9	0.00020	false
CVE-2025-5245	Anchore CVE	Medium	gdb-gdbserver-16.3-2.el9	0.00020	false
CVE-2025-5918	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00019	false
CVE-2025-5918	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00019	false
CVE-2025-5917	Anchore CVE	Low	libarchive-3.5.3-6.el9_6	0.00019	false
CVE-2025-5917	Twistlock CVE	Low	libarchive-3.5.3-6.el9_6	0.00019	false
CVE-2025-3198	Twistlock CVE	Low	gdb-16.3-2.el9	0.00019	false
CVE-2025-3198	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00019	false
CVE-2025-13837	Twistlock CVE	Medium	python3.9-3.9.23-2.el9	0.00018	false
CVE-2025-13837	Anchore CVE	Medium	python3-libs-3.9.23-2.el9	0.00018	false
CVE-2025-13837	Anchore CVE	Medium	python3-3.9.23-2.el9	0.00018	false
CVE-2024-0232	Twistlock CVE	Low	sqlite-3.34.1-9.el9_7	0.00018	false
CVE-2024-0232	Anchore CVE	Low	sqlite-libs-3.34.1-9.el9_7	0.00018	false
CVE-2025-66382	Twistlock CVE	Low	expat-2.5.0-5.el9_7.1	0.00017	false
CVE-2025-66382	Anchore CVE	Low	expat-2.5.0-5.el9_7.1	0.00017	false
CVE-2025-6170	Twistlock CVE	Low	libxml2-2.9.13-14.el9_7	0.00017	false
CVE-2025-6170	Anchore CVE	Low	libxml2-2.9.13-14.el9_7	0.00017	false
CVE-2025-6075	Twistlock CVE	Low	python3.9-3.9.23-2.el9	0.00017	false
CVE-2025-6075	Anchore CVE	Low	python3-3.9.23-2.el9	0.00017	false
CVE-2025-6075	Anchore CVE	Low	python3-libs-3.9.23-2.el9	0.00017	false
CVE-2025-10966	Twistlock CVE	Medium	curl-7.76.1-34.el9	0.00017	false
CVE-2025-10966	Anchore CVE	Medium	libcurl-minimal-7.76.1-34.el9	0.00017	false
CVE-2025-10966	Anchore CVE	Medium	curl-minimal-7.76.1-34.el9	0.00017	false
CVE-2025-5278	Anchore CVE	Medium	coreutils-single-8.32-39.el9	0.00016	false
CVE-2025-5278	Twistlock CVE	Medium	coreutils-8.32-39.el9	0.00016	false
CVE-2025-13601	Twistlock CVE	Medium	glib2-2.68.4-18.el9_7	0.00015	false
CVE-2025-13601	Anchore CVE	Medium	glib2-2.68.4-18.el9_7	0.00015	false
CVE-2025-14104	Twistlock CVE	Medium	util-linux-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	util-linux-core-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	libmount-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	util-linux-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	libsmartcols-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	libuuid-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	libblkid-2.37.4-21.el9	0.00014	false
CVE-2025-14104	Anchore CVE	Medium	libfdisk-2.37.4-21.el9	0.00014	false
CVE-2025-11839	Twistlock CVE	Low	gdb-16.3-2.el9	0.00014	false
CVE-2025-11839	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00014	false
CVE-2024-25260	Twistlock CVE	Low	elfutils-0.193-1.el9	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-default-yama-scope-0.193-1.el9	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libelf-0.193-1.el9	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libs-0.193-1.el9	0.00014	false
CVE-2023-30571	Anchore CVE	Medium	libarchive-3.5.3-6.el9_6	0.00014	false
CVE-2023-30571	Twistlock CVE	Medium	libarchive-3.5.3-6.el9_6	0.00014	false
CVE-2022-47011	Twistlock CVE	Low	gdb-16.3-2.el9	0.00009	false
CVE-2022-47011	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00009	false
CVE-2022-47010	Twistlock CVE	Low	gdb-16.3-2.el9	0.00009	false
CVE-2022-47010	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00009	false
CVE-2022-47007	Twistlock CVE	Low	gdb-16.3-2.el9	0.00009	false
CVE-2022-47007	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	0.00009	false
CVE-2025-52099	Anchore CVE	Medium	sqlite-libs-3.34.1-9.el9_7	N/A	false
CVE-2023-2222	Anchore CVE	Low	gdb-gdbserver-16.3-2.el9	N/A	false
b18c88ddeab24abfb92ae2ccddb0b022	Anchore Compliance	Low		N/A	N/A
addbb93c22e9b0988b8b40392a4538cb	Anchore Compliance	Low		N/A	N/A
CCE-83623-9	OSCAP Compliance	Medium		N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=phylum/locksmith&tag=1.0.2&branch=master

Tasks

Contributor:

Apply the StatusReview label to this issue for a merge request review and wait for feedback

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Dec 13, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information