[GH-ISSUE #2572] [FEAT]: Tackle vulnerabilities head on #1667

Closed
opened 2026-02-22 18:25:57 -05:00 by yindo · 1 comment
Owner

Originally created by @Stono on GitHub (Nov 3, 2024).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/2572

What would you like to see?

This is a bit nebulous but tracking anyway, when running docker scout against the image there's a lot of CVEs.

The following are from the app directly:

  APP DIRECTORY vulnerable components:
    pkg:npm/axios@1.6.8 (CVE-2024-39338)
      ┗━━━━ /app/server/node_modules/axios/package.json
    pkg:npm/body-parser@1.20.2 (CVE-2024-45590)
      ┗━━━━ /app/collector/node_modules/body-parser/package.json
      ┗━━━━ /app/server/node_modules/body-parser/package.json
    pkg:npm/fast-xml-parser@4.3.6 (CVE-2024-41818)
      ┗━━━━ /app/server/node_modules/fast-xml-parser/package.json
    pkg:npm/path-to-regexp@0.1.7 (CVE-2024-45296)
      ┗━━━━ /app/collector/node_modules/path-to-regexp/package.json
      ┗━━━━ /app/server/node_modules/path-to-regexp/package.json
    pkg:npm/taffydb@2.6.2 (CVE-2019-10790)
      ┗━━━━ /app/collector/node_modules/protobufjs/cli/node_modules/taffydb/package.json
      ┗━━━━ /app/server/node_modules/onnx-proto/node_modules/protobufjs/cli/node_modules/taffydb/package.json
    pkg:npm/ws@8.14.2 (CVE-2024-37890)
      ┗━━━━ /app/collector/node_modules/ws/package.json
    pkg:npm/express@4.19.2 (CVE-2024-43796)
      ┗━━━━ /app/collector/node_modules/express/package.json
      ┗━━━━ /app/server/node_modules/express/package.json
    pkg:npm/langchain@0.1.36 (CVE-2024-7774)
      ┗━━━━ /app/collector/node_modules/langchain/package.json
      ┗━━━━ /app/server/node_modules/langchain/package.json
    pkg:npm/langchain@0.2.12 (CVE-2024-7774)
      ┗━━━━ /app/collector/node_modules/@langchain/community/node_modules/langchain/package.json
    pkg:npm/send@0.18.0 (CVE-2024-43799)
      ┗━━━━ /app/collector/node_modules/send/package.json
      ┗━━━━ /app/server/node_modules/send/package.json
    pkg:npm/serve-static@1.15.0 (CVE-2024-43800)
      ┗━━━━ /app/collector/node_modules/serve-static/package.json
      ┗━━━━ /app/server/node_modules/serve-static/package.json
    pkg:npm/cookie@0.6.0 (CVE-2024-47764)
      ┗━━━━ /app/collector/node_modules/cookie/package.json
      ┗━━━━ /app/server/node_modules/cookie/package.json

And the following are from the base image (ubuntu):

  BASE IMAGE vulnerable components (these won't fail your build):
    pkg:deb/ubuntu/linux@5.15.0-122.132?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-27397, CVE-2024-38630, CVE-2013-7445, CVE-2015-8553, CVE-2016-8660, CVE-2018-17977, CVE-2018-7191, CVE-2021-3714, CVE-2021-3864, CVE-2021-4095, CVE-2021-47432, CVE-2021-47472, CVE-2021-47599, CVE-2021-47615, CVE-2022-0400, CVE-2022-0480, CVE-2022-0995, CVE-2022-1205, CVE-2022-1247, CVE-2022-25836, CVE-2022-2961, CVE-2022-3238, CVE-2022-3523, CVE-2022-38457, CVE-2022-40133, CVE-2022-4543, CVE-2022-48628, CVE-2022-48633, CVE-2022-48646, CVE-2022-48667, CVE-2022-48668, CVE-2022-48673, CVE-2022-48703, CVE-2022-48706, CVE-2022-48744, CVE-2022-48766, CVE-2022-48771, CVE-2022-48816, CVE-2022-48887, CVE-2022-48893, CVE-2022-48895, CVE-2022-48900, CVE-2022-48929, CVE-2022-48976, CVE-2022-48979, CVE-2022-48990, CVE-2022-48998, CVE-2023-0030, CVE-2023-0160, CVE-2023-1193, CVE-2023-2007, CVE-2023-26242, CVE-2023-31082, CVE-2023-45896, CVE-2023-52452, CVE-2023-52481, CVE-2023-52485, CVE-2023-52508, CVE-2023-52561, CVE-2023-52569, CVE-2023-52572, CVE-2023-52576, CVE-2023-52582, CVE-2023-52586, CVE-2023-52589, CVE-2023-52590, CVE-2023-52591, CVE-2023-52593, CVE-2023-52624, CVE-2023-52625, CVE-2023-52632, CVE-2023-52634, CVE-2023-52648, CVE-2023-52653, CVE-2023-52657, CVE-2023-52660, CVE-2023-52664, CVE-2023-52671, CVE-2023-52673, CVE-2023-52676, CVE-2023-52682, CVE-2023-52700, CVE-2023-52701, CVE-2023-52732, CVE-2023-52737, CVE-2023-52749, CVE-2023-52751, CVE-2023-52757, CVE-2023-52761, CVE-2023-52802, CVE-2023-52812, CVE-2023-52829, CVE-2023-52831, CVE-2023-52837, CVE-2023-52857, CVE-2023-52879, CVE-2023-52888, CVE-2023-52904, CVE-2023-52905, CVE-2023-52911, CVE-2023-52912, CVE-2023-52913, CVE-2023-52916, CVE-2023-52917, CVE-2023-6610, CVE-2024-26595, CVE-2024-26605, CVE-2024-26639, CVE-2024-26647, CVE-2024-26648, CVE-2024-26656, CVE-2024-26658, CVE-2024-26662, CVE-2024-26672, CVE-2024-26686, CVE-2024-26691, CVE-2024-26699, CVE-2024-26700, CVE-2024-26714, CVE-2024-26718, CVE-2024-26719, CVE-2024-26720, CVE-2024-26726, CVE-2024-26739, CVE-2024-26740, CVE-2024-26742, CVE-2024-26756, CVE-2024-26757, CVE-2024-26758, CVE-2024-26759, CVE-2024-26767, CVE-2024-26770, CVE-2024-26775, CVE-2024-26807, CVE-2024-26822, CVE-2024-26837, CVE-2024-26842, CVE-2024-26844, CVE-2024-26853, CVE-2024-26866, CVE-2024-26869, CVE-2024-26876, CVE-2024-26905, CVE-2024-26928, CVE-2024-26938, CVE-2024-26944, CVE-2024-26945, CVE-2024-26948, CVE-2024-26953, CVE-2024-26954, CVE-2024-26962, CVE-2024-26982, CVE-2024-26983, CVE-2024-27002, CVE-2024-27005, CVE-2024-27010, CVE-2024-27014, CVE-2024-27025, CVE-2024-27032, CVE-2024-27035, CVE-2024-27041, CVE-2024-27056, CVE-2024-27057, CVE-2024-27062, CVE-2024-27072, CVE-2024-27389, CVE-2024-27400, CVE-2024-27402, CVE-2024-27407, CVE-2024-27408, CVE-2024-27418, CVE-2024-27435, CVE-2024-35784, CVE-2024-35790, CVE-2024-35794, CVE-2024-35799, CVE-2024-35801, CVE-2024-35803, CVE-2024-35808, CVE-2024-35826, CVE-2024-35832, CVE-2024-35839, CVE-2024-35843, CVE-2024-35861, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35866, CVE-2024-35867, CVE-2024-35868, CVE-2024-35869, CVE-2024-35870, CVE-2024-35875, CVE-2024-35878, CVE-2024-35887, CVE-2024-35892, CVE-2024-35908, CVE-2024-35920, CVE-2024-35924, CVE-2024-35926, CVE-2024-35928, CVE-2024-35929, CVE-2024-35931, CVE-2024-35932, CVE-2024-35937, CVE-2024-35939, CVE-2024-35941, CVE-2024-35942, CVE-2024-35943, CVE-2024-35945, CVE-2024-35946, CVE-2024-35948, CVE-2024-35949, CVE-2024-35956, CVE-2024-35959, CVE-2024-35965, CVE-2024-35966, CVE-2024-35967, CVE-2024-35971, CVE-2024-35979, CVE-2024-35995, CVE-2024-35998, CVE-2024-35999, CVE-2024-36000, CVE-2024-36003, CVE-2024-36009, CVE-2024-36012, CVE-2024-36013, CVE-2024-36021, CVE-2024-36022, CVE-2024-36024, CVE-2024-36026, CVE-2024-36244, CVE-2024-36478, CVE-2024-36479, CVE-2024-36885, CVE-2024-36893, CVE-2024-36898, CVE-2024-36899, CVE-2024-36900, CVE-2024-36903, CVE-2024-36907, CVE-2024-36908, CVE-2024-36909, CVE-2024-36910, CVE-2024-36911, CVE-2024-36912, CVE-2024-36913, CVE-2024-36914, CVE-2024-36915, CVE-2024-36917, CVE-2024-36918, CVE-2024-36920, CVE-2024-36921, CVE-2024-36922, CVE-2024-36923, CVE-2024-36924, CVE-2024-36927, CVE-2024-36945, CVE-2024-36948, CVE-2024-36949, CVE-2024-36951, CVE-2024-36966, CVE-2024-36970, CVE-2024-37021, CVE-2024-37354, CVE-2024-38306, CVE-2024-38540, CVE-2024-38541, CVE-2024-38543, CVE-2024-38544, CVE-2024-38545, CVE-2024-38553, CVE-2024-38554, CVE-2024-38556, CVE-2024-38557, CVE-2024-38564, CVE-2024-38594, CVE-2024-38608, CVE-2024-38625, CVE-2024-38628, CVE-2024-38632, CVE-2024-39293, CVE-2024-39298, CVE-2024-39463, CVE-2024-39497, CVE-2024-39508, CVE-2024-40900, CVE-2024-40910, CVE-2024-40918, CVE-2024-40953, CVE-2024-40965, CVE-2024-40966, CVE-2024-40969, CVE-2024-40972, CVE-2024-40973, CVE-2024-40975, CVE-2024-40977, CVE-2024-40979, CVE-2024-40982, CVE-2024-40989, CVE-2024-40998, CVE-2024-40999, CVE-2024-41001, CVE-2024-41008, CVE-2024-41013, CVE-2024-41014, CVE-2024-41016, CVE-2024-41023, CVE-2024-41030, CVE-2024-41031, CVE-2024-41036, CVE-2024-41045, CVE-2024-41050, CVE-2024-41062, CVE-2024-41066, CVE-2024-41067, CVE-2024-41069, CVE-2024-41074, CVE-2024-41075, CVE-2024-41079, CVE-2024-41080, CVE-2024-41082, CVE-2024-41088, CVE-2024-42063, CVE-2024-42067, CVE-2024-42091, CVE-2024-42107, CVE-2024-42110, CVE-2024-42116, CVE-2024-42117, CVE-2024-42118, CVE-2024-42122, CVE-2024-42125, CVE-2024-42128, CVE-2024-42129, CVE-2024-42134, CVE-2024-42135, CVE-2024-42139, CVE-2024-42144, CVE-2024-42146, CVE-2024-42147, CVE-2024-42151, CVE-2024-42155, CVE-2024-42226, CVE-2024-42230, CVE-2024-42239, CVE-2024-42252, CVE-2024-42253, CVE-2024-42273, CVE-2024-42291, CVE-2024-42315, CVE-2024-42319, CVE-2024-42320, CVE-2024-42321, CVE-2024-42322, CVE-2024-43819, CVE-2024-43823, CVE-2024-43824, CVE-2024-43831, CVE-2024-43832, CVE-2024-43842, CVE-2024-43844, CVE-2024-43866, CVE-2024-43872, CVE-2024-43895, CVE-2024-43898, CVE-2024-43899, CVE-2024-43900, CVE-2024-43903, CVE-2024-43904, CVE-2024-43906, CVE-2024-43910, CVE-2024-43911, CVE-2024-43912, CVE-2024-43913, CVE-2024-44931, CVE-2024-44938, CVE-2024-44939, CVE-2024-44949, CVE-2024-44950, CVE-2024-44955, CVE-2024-44956, CVE-2024-44957, CVE-2024-44961, CVE-2024-44962, CVE-2024-44963, CVE-2024-44970, CVE-2024-44972, CVE-2024-45010, CVE-2024-45015, CVE-2024-45016, CVE-2024-45017, CVE-2024-46678, CVE-2024-46681, CVE-2024-46695, CVE-2024-46705, CVE-2024-46715, CVE-2024-46716, CVE-2024-46717, CVE-2024-46718, CVE-2024-46720, CVE-2024-46726, CVE-2024-46727, CVE-2024-46728, CVE-2024-46729, CVE-2024-46730, CVE-2024-46733, CVE-2024-46742, CVE-2024-46748, CVE-2024-46749, CVE-2024-46751, CVE-2024-46753, CVE-2024-46754, CVE-2024-46762, CVE-2024-46765, CVE-2024-46770, CVE-2024-46774, CVE-2024-46775, CVE-2024-46776, CVE-2024-46778, CVE-2024-46784, CVE-2024-46787, CVE-2024-46802, CVE-2024-46803, CVE-2024-46806, CVE-2024-46808, CVE-2024-46809, CVE-2024-46811, CVE-2024-46812, CVE-2024-46813, CVE-2024-46816, CVE-2024-46820, CVE-2024-46821, CVE-2024-46823, CVE-2024-46825, CVE-2024-46826, CVE-2024-46827, CVE-2024-46830, CVE-2024-46833, CVE-2024-46834, CVE-2024-46835, CVE-2024-46836, CVE-2024-46841, CVE-2024-46842, CVE-2024-46843, CVE-2024-46848, CVE-2024-46849, CVE-2024-46852, CVE-2024-46853, CVE-2024-46854, CVE-2024-46855, CVE-2024-46857, CVE-2024-46858, CVE-2024-46859, CVE-2024-46860, CVE-2024-46861, CVE-2024-46865, CVE-2024-46870, CVE-2024-46871, CVE-2024-47658, CVE-2024-47661, CVE-2024-47662, CVE-2024-47664, CVE-2024-47666, CVE-2024-47670, CVE-2024-47671, CVE-2024-47672, CVE-2024-47673, CVE-2024-47674, CVE-2024-47678, CVE-2024-47679, CVE-2024-47683, CVE-2024-47684, CVE-2024-47685, CVE-2024-47689, CVE-2024-47690, CVE-2024-47691, CVE-2024-47692, CVE-2024-47693, CVE-2024-47695, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47699, CVE-2024-47701, CVE-2024-47703, CVE-2024-47704, CVE-2024-47705, CVE-2024-47706, CVE-2024-47707, CVE-2024-47709, CVE-2024-47710, CVE-2024-47712, CVE-2024-47713, CVE-2024-47718, CVE-2024-47720, CVE-2024-47723, CVE-2024-47725, CVE-2024-47726, CVE-2024-47728, CVE-2024-47730, CVE-2024-47734, CVE-2024-47735, CVE-2024-47736, CVE-2024-47737, CVE-2024-47738, CVE-2024-47739, CVE-2024-47740, CVE-2024-47742, CVE-2024-47745, CVE-2024-47747, CVE-2024-47748, CVE-2024-47749, CVE-2024-47755, CVE-2024-47756, CVE-2024-47757, CVE-2024-49851, CVE-2024-49852, CVE-2024-49855, CVE-2024-49856, CVE-2024-49858, CVE-2024-49859, CVE-2024-49860, CVE-2024-49861, CVE-2024-49863, CVE-2024-49866, CVE-2024-49867, CVE-2024-49868, CVE-2024-49870, CVE-2024-49871, CVE-2024-49875, CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49880, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49886, CVE-2024-49887, CVE-2024-49888, CVE-2024-49889, CVE-2024-49890, CVE-2024-49891, CVE-2024-49892, CVE-2024-49893, CVE-2024-49894, CVE-2024-49895, CVE-2024-49896, CVE-2024-49897, CVE-2024-49898, CVE-2024-49899, CVE-2024-49900, CVE-2024-49901, CVE-2024-49902, CVE-2024-49903, CVE-2024-49904, CVE-2024-49905, CVE-2024-49906, CVE-2024-49907, CVE-2024-49908, CVE-2024-49909, CVE-2024-49910, CVE-2024-49911, CVE-2024-49912, CVE-2024-49913, CVE-2024-49914, CVE-2024-49915, CVE-2024-49916, CVE-2024-49917, CVE-2024-49918, CVE-2024-49919, CVE-2024-49920, CVE-2024-49921, CVE-2024-49922, CVE-2024-49923, CVE-2024-49924, CVE-2024-49925, CVE-2024-49926, CVE-2024-49927, CVE-2024-49928, CVE-2024-49929, CVE-2024-49930, CVE-2024-49931, CVE-2024-49932, CVE-2024-49933, CVE-2024-49934, CVE-2024-49935, CVE-2024-49936, CVE-2024-49937, CVE-2024-49938, CVE-2024-49939, CVE-2024-49940, CVE-2024-49944, CVE-2024-49945, CVE-2024-49946, CVE-2024-49948, CVE-2024-49949, CVE-2024-49950, CVE-2024-49952, CVE-2024-49954, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49960, CVE-2024-49961, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965, CVE-2024-49966, CVE-2024-49967, CVE-2024-49968, CVE-2024-49969, CVE-2024-49970, CVE-2024-49971, CVE-2024-49972, CVE-2024-49973, CVE-2024-49974, CVE-2024-49975, CVE-2024-49977, CVE-2024-49978, CVE-2024-49981, CVE-2024-49982, CVE-2024-49983, CVE-2024-49985, CVE-2024-49987, CVE-2024-49988, CVE-2024-49989, CVE-2024-49990, CVE-2024-49991, CVE-2024-49992, CVE-2024-49993, CVE-2024-49994, CVE-2024-49995, CVE-2024-49996, CVE-2024-49997, CVE-2024-49998, CVE-2024-50000, CVE-2024-50001, CVE-2024-50002, CVE-2024-50003, CVE-2024-50004, CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50009, CVE-2024-50010, CVE-2024-50012, CVE-2024-50013, CVE-2024-50014, CVE-2024-50015, CVE-2024-50016, CVE-2024-50017, CVE-2024-50018, CVE-2024-50019, CVE-2024-50024, CVE-2024-50028, CVE-2024-50031, CVE-2024-50033, CVE-2024-50034, CVE-2024-50035, CVE-2024-50036, CVE-2024-50038, CVE-2024-50039, CVE-2024-50040, CVE-2024-50041, CVE-2024-50044, CVE-2024-50045, CVE-2024-50046, CVE-2024-50047, CVE-2024-50048, CVE-2024-50049, CVE-2024-50055, CVE-2024-50056, CVE-2024-50057, CVE-2024-50058, CVE-2024-50059, CVE-2024-50060, CVE-2024-50061, CVE-2024-50062, CVE-2024-50063, CVE-2024-50067, CVE-2024-50072, CVE-2024-50073, CVE-2024-50074, CVE-2024-50082, CVE-2024-50083, CVE-2024-50085, CVE-2024-50086, CVE-2017-0537, CVE-2017-13165, CVE-2017-13693, CVE-2018-1121, CVE-2018-12928, CVE-2018-12929, CVE-2018-12930, CVE-2018-12931, CVE-2019-14899, CVE-2019-15213, CVE-2019-19378, CVE-2019-19814, CVE-2020-14304, CVE-2020-35501, CVE-2021-26934, CVE-2022-3114, CVE-2022-41848, CVE-2022-44032, CVE-2022-44033, CVE-2022-44034, CVE-2022-45884, CVE-2022-45885, CVE-2022-45888, CVE-2023-33053, CVE-2023-4010, CVE-2023-4133, CVE-2024-0564, CVE-2024-26896, CVE-2024-27011)
      ┗━━━━ /usr/share/doc/linux-libc-dev/copyright
      ┗━━━━ /var/lib/dpkg/info/linux-libc-dev:amd64.md5sums
      ┗━━━━ ...and 963 other locations
    pkg:npm/braces@3.0.2 (CVE-2024-4068)
      ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/braces/package.json
    pkg:npm/ip@2.0.0 (CVE-2024-29415, CVE-2023-42282)
      ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/ip/package.json
    pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-3109, CVE-2022-3341, CVE-2022-3964, CVE-2022-48434, CVE-2023-49502, CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51798, CVE-2024-31578, CVE-2024-32230, CVE-2024-7055)
      ┗━━━━ /usr/share/doc/ffmpeg/copyright
      ┗━━━━ /var/lib/dpkg/info/ffmpeg.md5sums
      ┗━━━━ ...and 52 other locations
    pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-4039, CVE-2021-3826, CVE-2021-46195, CVE-2022-27943)
      ┗━━━━ /usr/share/doc/gcc-11-base/copyright
      ┗━━━━ /var/lib/dpkg/info/cpp-11.md5sums
      ┗━━━━ ...and 995 other locations
    pkg:deb/ubuntu/gcc-12@12.3.0-1ubuntu1~22.04?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-4039, CVE-2022-27943)
      ┗━━━━ /usr/share/doc/gcc-12-base/copyright
      ┗━━━━ /var/lib/dpkg/info/gcc-12-base:amd64.md5sums
      ┗━━━━ ...and 29 other locations
    pkg:deb/ubuntu/intel-mediasdk@22.3.0-1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-45221, CVE-2023-47169, CVE-2023-48368, CVE-2023-22656, CVE-2023-47282)
      ┗━━━━ /usr/share/doc/libmfx1/copyright
      ┗━━━━ /var/lib/dpkg/info/libmfx1:amd64.md5sums
      ┗━━━━ ...and 14 other locations
    pkg:deb/ubuntu/krb5@1.19.2-2ubuntu0.3?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2024-26458, CVE-2024-26461)
      ┗━━━━ /usr/share/doc/libgssapi-krb5-2/copyright
      ┗━━━━ /var/lib/dpkg/info/libgssapi-krb5-2:amd64.md5sums
      ┗━━━━ ...and 19 other locations
    pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-2236)
      ┗━━━━ /usr/share/doc/libgcrypt20/copyright
      ┗━━━━ /var/lib/dpkg/info/libgcrypt20:amd64.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/libsndfile@1.0.31-2ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-33064, CVE-2021-4156)
      ┗━━━━ /usr/share/doc/libsndfile1/copyright
      ┗━━━━ /var/lib/dpkg/info/libsndfile1:amd64.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/nodejs@18.20.4-1nodesource1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-40735, CVE-2023-5363, CVE-2024-6119, CVE-2019-1563, CVE-2021-23840, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-9143)
      ┗━━━━ /usr/share/doc/nodejs/copyright
      ┗━━━━ /var/lib/dpkg/info/nodejs.md5sums
      ┗━━━━ ...and 3986 other locations
    pkg:deb/ubuntu/openjpeg2@2.4.0-6ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-39328, CVE-2023-39329, CVE-2019-6988, CVE-2021-29338, CVE-2021-3575)
      ┗━━━━ /usr/share/doc/libopenjp2-7/copyright
      ┗━━━━ /var/lib/dpkg/info/libopenjp2-7:amd64.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.16?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-6119, CVE-2024-2511, CVE-2024-41996, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535)
      ┗━━━━ /usr/share/doc/libssl3/copyright
      ┗━━━━ /var/lib/dpkg/info/libssl3:amd64.md5sums
      ┗━━━━ ...and 9 other locations
    pkg:deb/ubuntu/pixman@0.40.0-1ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-37769)
      ┗━━━━ /usr/share/doc/libpixman-1-0/copyright
      ┗━━━━ /var/lib/dpkg/info/libpixman-1-0:amd64.md5sums
      ┗━━━━ ...and 5 other locations
    pkg:npm/got@9.6.0 (CVE-2022-33987)
      ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/got/package.json
    pkg:npm/micromatch@4.0.5 (CVE-2024-4067)
      ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/micromatch/package.json
    pkg:npm/tar@6.2.0 (CVE-2024-28863)
      ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/tar/package.json
    pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2017-13716, CVE-2018-20657, CVE-2019-1010204, CVE-2022-27943, CVE-2022-48064)
      ┗━━━━ /usr/share/doc/binutils/copyright
      ┗━━━━ /var/lib/dpkg/info/binutils.md5sums
      ┗━━━━ ...and 186 other locations
    pkg:deb/ubuntu/cairo@1.16.0-5ubuntu2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2017-7475, CVE-2018-18064, CVE-2019-6461)
      ┗━━━━ /usr/share/doc/libcairo-gobject2/copyright
      ┗━━━━ /var/lib/dpkg/info/libcairo-gobject2:amd64.md5sums
      ┗━━━━ ...and 9 other locations
    pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1.2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2016-2781)
      ┗━━━━ /usr/share/doc/coreutils/copyright
      ┗━━━━ /var/lib/dpkg/info/coreutils.md5sums
      ┗━━━━ ...and 110 other locations
    pkg:deb/ubuntu/dbus@1.12.20-2ubuntu4.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-34969)
      ┗━━━━ /usr/share/doc/dbus/copyright
      ┗━━━━ /var/lib/dpkg/info/dbus.conffiles
      ┗━━━━ ...and 35 other locations
    pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.11?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2018-1000021)
      ┗━━━━ /usr/share/doc/git/copyright
      ┗━━━━ /var/lib/dpkg/info/git.conffiles
      ┗━━━━ ...and 94 other locations
    pkg:deb/ubuntu/glibc@2.35-0ubuntu3.8?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2016-20013)
      ┗━━━━ /usr/share/doc/libc-bin/copyright
      ┗━━━━ /var/lib/dpkg/info/libc-bin.conffiles
      ┗━━━━ ...and 816 other locations
    pkg:deb/ubuntu/gnupg2@2.2.27-3ubuntu2.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-3219)
      ┗━━━━ /usr/share/doc/dirmngr/copyright
      ┗━━━━ /var/lib/dpkg/info/dirmngr.md5sums
      ┗━━━━ ...and 110 other locations
    pkg:deb/ubuntu/harfbuzz@2.7.4-1ubuntu3.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-25193)
      ┗━━━━ /usr/share/doc/libharfbuzz0b/copyright
      ┗━━━━ /var/lib/dpkg/info/libharfbuzz0b:amd64.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/libpng1.6@1.6.37-3build5?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-3857)
      ┗━━━━ /usr/share/doc/libpng16-16/copyright
      ┗━━━━ /var/lib/dpkg/info/libpng16-16:amd64.md5sums
      ┗━━━━ ...and 5 other locations
    pkg:deb/ubuntu/ncurses@6.3-2ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-45918, CVE-2023-50495)
      ┗━━━━ /usr/share/doc/libtinfo6/copyright
      ┗━━━━ /var/lib/dpkg/info/libncurses6:amd64.md5sums
      ┗━━━━ ...and 78 other locations
    pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.18?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-41996)
      ┗━━━━ /usr/share/doc/libssl3/copyright
      ┗━━━━ /var/lib/dpkg/info/openssl.conffiles
      ┗━━━━ ...and 8 other locations
    pkg:deb/ubuntu/patch@2.7.6-7build2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2018-6952, CVE-2021-45261)
      ┗━━━━ /usr/share/doc/patch/copyright
      ┗━━━━ /var/lib/dpkg/info/patch.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/pcre2@10.39-3ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-41409)
      ┗━━━━ /usr/share/doc/libpcre2-8-0/copyright
      ┗━━━━ /var/lib/dpkg/info/libpcre2-8-0:amd64.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/pcre3@2:8.39-13ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2017-11164)
      ┗━━━━ /usr/share/doc/libpcre3/copyright
      ┗━━━━ /var/lib/dpkg/info/libpcre3:amd64.md5sums
      ┗━━━━ ...and 5 other locations
    pkg:deb/ubuntu/shadow@1:4.8.1-2ubuntu2.2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-29383)
      ┗━━━━ /usr/share/doc/login/copyright
      ┗━━━━ /var/lib/dpkg/info/login.conffiles
      ┗━━━━ ...and 51 other locations
    pkg:deb/ubuntu/systemd@249.11-0ubuntu3.12?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-7008)
      ┗━━━━ /usr/share/doc/libpam-systemd/copyright
      ┗━━━━ /var/lib/dpkg/info/libpam-systemd:amd64.md5sums
      ┗━━━━ ...and 425 other locations
    pkg:deb/ubuntu/tiff@4.3.0-6ubuntu0.10?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-6716)
      ┗━━━━ /usr/share/doc/libtiff5/copyright
      ┗━━━━ /var/lib/dpkg/info/libtiff5:amd64.md5sums
      ┗━━━━ ...and 4 other locations
    pkg:deb/ubuntu/xdg-utils@1.1.3-4.1ubuntu3~22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-4055)
      ┗━━━━ /usr/share/doc/xdg-utils/copyright
      ┗━━━━ /var/lib/dpkg/info/xdg-utils.md5sums
      ┗━━━━ ...and 13 other locations

Given the vast access a tool like this has; some sort of strategy around reducing these (either via updates/diff modules, or different base images) would be a good shout (or documenting here which have been reviewed + considered not a risk, etc).

Originally created by @Stono on GitHub (Nov 3, 2024). Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/2572 ### What would you like to see? This is a bit nebulous but tracking anyway, when running `docker scout` against the image there's a lot of CVEs. The following are from the app directly: ``` APP DIRECTORY vulnerable components: pkg:npm/axios@1.6.8 (CVE-2024-39338) ┗━━━━ /app/server/node_modules/axios/package.json pkg:npm/body-parser@1.20.2 (CVE-2024-45590) ┗━━━━ /app/collector/node_modules/body-parser/package.json ┗━━━━ /app/server/node_modules/body-parser/package.json pkg:npm/fast-xml-parser@4.3.6 (CVE-2024-41818) ┗━━━━ /app/server/node_modules/fast-xml-parser/package.json pkg:npm/path-to-regexp@0.1.7 (CVE-2024-45296) ┗━━━━ /app/collector/node_modules/path-to-regexp/package.json ┗━━━━ /app/server/node_modules/path-to-regexp/package.json pkg:npm/taffydb@2.6.2 (CVE-2019-10790) ┗━━━━ /app/collector/node_modules/protobufjs/cli/node_modules/taffydb/package.json ┗━━━━ /app/server/node_modules/onnx-proto/node_modules/protobufjs/cli/node_modules/taffydb/package.json pkg:npm/ws@8.14.2 (CVE-2024-37890) ┗━━━━ /app/collector/node_modules/ws/package.json pkg:npm/express@4.19.2 (CVE-2024-43796) ┗━━━━ /app/collector/node_modules/express/package.json ┗━━━━ /app/server/node_modules/express/package.json pkg:npm/langchain@0.1.36 (CVE-2024-7774) ┗━━━━ /app/collector/node_modules/langchain/package.json ┗━━━━ /app/server/node_modules/langchain/package.json pkg:npm/langchain@0.2.12 (CVE-2024-7774) ┗━━━━ /app/collector/node_modules/@langchain/community/node_modules/langchain/package.json pkg:npm/send@0.18.0 (CVE-2024-43799) ┗━━━━ /app/collector/node_modules/send/package.json ┗━━━━ /app/server/node_modules/send/package.json pkg:npm/serve-static@1.15.0 (CVE-2024-43800) ┗━━━━ /app/collector/node_modules/serve-static/package.json ┗━━━━ /app/server/node_modules/serve-static/package.json pkg:npm/cookie@0.6.0 (CVE-2024-47764) ┗━━━━ /app/collector/node_modules/cookie/package.json ┗━━━━ /app/server/node_modules/cookie/package.json ``` And the following are from the base image (ubuntu): ``` BASE IMAGE vulnerable components (these won't fail your build): pkg:deb/ubuntu/linux@5.15.0-122.132?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-27397, CVE-2024-38630, CVE-2013-7445, CVE-2015-8553, CVE-2016-8660, CVE-2018-17977, CVE-2018-7191, CVE-2021-3714, CVE-2021-3864, CVE-2021-4095, CVE-2021-47432, CVE-2021-47472, CVE-2021-47599, CVE-2021-47615, CVE-2022-0400, CVE-2022-0480, CVE-2022-0995, CVE-2022-1205, CVE-2022-1247, CVE-2022-25836, CVE-2022-2961, CVE-2022-3238, CVE-2022-3523, CVE-2022-38457, CVE-2022-40133, CVE-2022-4543, CVE-2022-48628, CVE-2022-48633, CVE-2022-48646, CVE-2022-48667, CVE-2022-48668, CVE-2022-48673, CVE-2022-48703, CVE-2022-48706, CVE-2022-48744, CVE-2022-48766, CVE-2022-48771, CVE-2022-48816, CVE-2022-48887, CVE-2022-48893, CVE-2022-48895, CVE-2022-48900, CVE-2022-48929, CVE-2022-48976, CVE-2022-48979, CVE-2022-48990, CVE-2022-48998, CVE-2023-0030, CVE-2023-0160, CVE-2023-1193, CVE-2023-2007, CVE-2023-26242, CVE-2023-31082, CVE-2023-45896, CVE-2023-52452, CVE-2023-52481, CVE-2023-52485, CVE-2023-52508, CVE-2023-52561, CVE-2023-52569, CVE-2023-52572, CVE-2023-52576, CVE-2023-52582, CVE-2023-52586, CVE-2023-52589, CVE-2023-52590, CVE-2023-52591, CVE-2023-52593, CVE-2023-52624, CVE-2023-52625, CVE-2023-52632, CVE-2023-52634, CVE-2023-52648, CVE-2023-52653, CVE-2023-52657, CVE-2023-52660, CVE-2023-52664, CVE-2023-52671, CVE-2023-52673, CVE-2023-52676, CVE-2023-52682, CVE-2023-52700, CVE-2023-52701, CVE-2023-52732, CVE-2023-52737, CVE-2023-52749, CVE-2023-52751, CVE-2023-52757, CVE-2023-52761, CVE-2023-52802, CVE-2023-52812, CVE-2023-52829, CVE-2023-52831, CVE-2023-52837, CVE-2023-52857, CVE-2023-52879, CVE-2023-52888, CVE-2023-52904, CVE-2023-52905, CVE-2023-52911, CVE-2023-52912, CVE-2023-52913, CVE-2023-52916, CVE-2023-52917, CVE-2023-6610, CVE-2024-26595, CVE-2024-26605, CVE-2024-26639, CVE-2024-26647, CVE-2024-26648, CVE-2024-26656, CVE-2024-26658, CVE-2024-26662, CVE-2024-26672, CVE-2024-26686, CVE-2024-26691, CVE-2024-26699, CVE-2024-26700, CVE-2024-26714, CVE-2024-26718, CVE-2024-26719, CVE-2024-26720, CVE-2024-26726, CVE-2024-26739, CVE-2024-26740, CVE-2024-26742, CVE-2024-26756, CVE-2024-26757, CVE-2024-26758, CVE-2024-26759, CVE-2024-26767, CVE-2024-26770, CVE-2024-26775, CVE-2024-26807, CVE-2024-26822, CVE-2024-26837, CVE-2024-26842, CVE-2024-26844, CVE-2024-26853, CVE-2024-26866, CVE-2024-26869, CVE-2024-26876, CVE-2024-26905, CVE-2024-26928, CVE-2024-26938, CVE-2024-26944, CVE-2024-26945, CVE-2024-26948, CVE-2024-26953, CVE-2024-26954, CVE-2024-26962, CVE-2024-26982, CVE-2024-26983, CVE-2024-27002, CVE-2024-27005, CVE-2024-27010, CVE-2024-27014, CVE-2024-27025, CVE-2024-27032, CVE-2024-27035, CVE-2024-27041, CVE-2024-27056, CVE-2024-27057, CVE-2024-27062, CVE-2024-27072, CVE-2024-27389, CVE-2024-27400, CVE-2024-27402, CVE-2024-27407, CVE-2024-27408, CVE-2024-27418, CVE-2024-27435, CVE-2024-35784, CVE-2024-35790, CVE-2024-35794, CVE-2024-35799, CVE-2024-35801, CVE-2024-35803, CVE-2024-35808, CVE-2024-35826, CVE-2024-35832, CVE-2024-35839, CVE-2024-35843, CVE-2024-35861, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35865, CVE-2024-35866, CVE-2024-35867, CVE-2024-35868, CVE-2024-35869, CVE-2024-35870, CVE-2024-35875, CVE-2024-35878, CVE-2024-35887, CVE-2024-35892, CVE-2024-35908, CVE-2024-35920, CVE-2024-35924, CVE-2024-35926, CVE-2024-35928, CVE-2024-35929, CVE-2024-35931, CVE-2024-35932, CVE-2024-35937, CVE-2024-35939, CVE-2024-35941, CVE-2024-35942, CVE-2024-35943, CVE-2024-35945, CVE-2024-35946, CVE-2024-35948, CVE-2024-35949, CVE-2024-35956, CVE-2024-35959, CVE-2024-35965, CVE-2024-35966, CVE-2024-35967, CVE-2024-35971, CVE-2024-35979, CVE-2024-35995, CVE-2024-35998, CVE-2024-35999, CVE-2024-36000, CVE-2024-36003, CVE-2024-36009, CVE-2024-36012, CVE-2024-36013, CVE-2024-36021, CVE-2024-36022, CVE-2024-36024, CVE-2024-36026, CVE-2024-36244, CVE-2024-36478, CVE-2024-36479, CVE-2024-36885, CVE-2024-36893, CVE-2024-36898, CVE-2024-36899, CVE-2024-36900, CVE-2024-36903, CVE-2024-36907, CVE-2024-36908, CVE-2024-36909, CVE-2024-36910, CVE-2024-36911, CVE-2024-36912, CVE-2024-36913, CVE-2024-36914, CVE-2024-36915, CVE-2024-36917, CVE-2024-36918, CVE-2024-36920, CVE-2024-36921, CVE-2024-36922, CVE-2024-36923, CVE-2024-36924, CVE-2024-36927, CVE-2024-36945, CVE-2024-36948, CVE-2024-36949, CVE-2024-36951, CVE-2024-36966, CVE-2024-36970, CVE-2024-37021, CVE-2024-37354, CVE-2024-38306, CVE-2024-38540, CVE-2024-38541, CVE-2024-38543, CVE-2024-38544, CVE-2024-38545, CVE-2024-38553, CVE-2024-38554, CVE-2024-38556, CVE-2024-38557, CVE-2024-38564, CVE-2024-38594, CVE-2024-38608, CVE-2024-38625, CVE-2024-38628, CVE-2024-38632, CVE-2024-39293, CVE-2024-39298, CVE-2024-39463, CVE-2024-39497, CVE-2024-39508, CVE-2024-40900, CVE-2024-40910, CVE-2024-40918, CVE-2024-40953, CVE-2024-40965, CVE-2024-40966, CVE-2024-40969, CVE-2024-40972, CVE-2024-40973, CVE-2024-40975, CVE-2024-40977, CVE-2024-40979, CVE-2024-40982, CVE-2024-40989, CVE-2024-40998, CVE-2024-40999, CVE-2024-41001, CVE-2024-41008, CVE-2024-41013, CVE-2024-41014, CVE-2024-41016, CVE-2024-41023, CVE-2024-41030, CVE-2024-41031, CVE-2024-41036, CVE-2024-41045, CVE-2024-41050, CVE-2024-41062, CVE-2024-41066, CVE-2024-41067, CVE-2024-41069, CVE-2024-41074, CVE-2024-41075, CVE-2024-41079, CVE-2024-41080, CVE-2024-41082, CVE-2024-41088, CVE-2024-42063, CVE-2024-42067, CVE-2024-42091, CVE-2024-42107, CVE-2024-42110, CVE-2024-42116, CVE-2024-42117, CVE-2024-42118, CVE-2024-42122, CVE-2024-42125, CVE-2024-42128, CVE-2024-42129, CVE-2024-42134, CVE-2024-42135, CVE-2024-42139, CVE-2024-42144, CVE-2024-42146, CVE-2024-42147, CVE-2024-42151, CVE-2024-42155, CVE-2024-42226, CVE-2024-42230, CVE-2024-42239, CVE-2024-42252, CVE-2024-42253, CVE-2024-42273, CVE-2024-42291, CVE-2024-42315, CVE-2024-42319, CVE-2024-42320, CVE-2024-42321, CVE-2024-42322, CVE-2024-43819, CVE-2024-43823, CVE-2024-43824, CVE-2024-43831, CVE-2024-43832, CVE-2024-43842, CVE-2024-43844, CVE-2024-43866, CVE-2024-43872, CVE-2024-43895, CVE-2024-43898, CVE-2024-43899, CVE-2024-43900, CVE-2024-43903, CVE-2024-43904, CVE-2024-43906, CVE-2024-43910, CVE-2024-43911, CVE-2024-43912, CVE-2024-43913, CVE-2024-44931, CVE-2024-44938, CVE-2024-44939, CVE-2024-44949, CVE-2024-44950, CVE-2024-44955, CVE-2024-44956, CVE-2024-44957, CVE-2024-44961, CVE-2024-44962, CVE-2024-44963, CVE-2024-44970, CVE-2024-44972, CVE-2024-45010, CVE-2024-45015, CVE-2024-45016, CVE-2024-45017, CVE-2024-46678, CVE-2024-46681, CVE-2024-46695, CVE-2024-46705, CVE-2024-46715, CVE-2024-46716, CVE-2024-46717, CVE-2024-46718, CVE-2024-46720, CVE-2024-46726, CVE-2024-46727, CVE-2024-46728, CVE-2024-46729, CVE-2024-46730, CVE-2024-46733, CVE-2024-46742, CVE-2024-46748, CVE-2024-46749, CVE-2024-46751, CVE-2024-46753, CVE-2024-46754, CVE-2024-46762, CVE-2024-46765, CVE-2024-46770, CVE-2024-46774, CVE-2024-46775, CVE-2024-46776, CVE-2024-46778, CVE-2024-46784, CVE-2024-46787, CVE-2024-46802, CVE-2024-46803, CVE-2024-46806, CVE-2024-46808, CVE-2024-46809, CVE-2024-46811, CVE-2024-46812, CVE-2024-46813, CVE-2024-46816, CVE-2024-46820, CVE-2024-46821, CVE-2024-46823, CVE-2024-46825, CVE-2024-46826, CVE-2024-46827, CVE-2024-46830, CVE-2024-46833, CVE-2024-46834, CVE-2024-46835, CVE-2024-46836, CVE-2024-46841, CVE-2024-46842, CVE-2024-46843, CVE-2024-46848, CVE-2024-46849, CVE-2024-46852, CVE-2024-46853, CVE-2024-46854, CVE-2024-46855, CVE-2024-46857, CVE-2024-46858, CVE-2024-46859, CVE-2024-46860, CVE-2024-46861, CVE-2024-46865, CVE-2024-46870, CVE-2024-46871, CVE-2024-47658, CVE-2024-47661, CVE-2024-47662, CVE-2024-47664, CVE-2024-47666, CVE-2024-47670, CVE-2024-47671, CVE-2024-47672, CVE-2024-47673, CVE-2024-47674, CVE-2024-47678, CVE-2024-47679, CVE-2024-47683, CVE-2024-47684, CVE-2024-47685, CVE-2024-47689, CVE-2024-47690, CVE-2024-47691, CVE-2024-47692, CVE-2024-47693, CVE-2024-47695, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47699, CVE-2024-47701, CVE-2024-47703, CVE-2024-47704, CVE-2024-47705, CVE-2024-47706, CVE-2024-47707, CVE-2024-47709, CVE-2024-47710, CVE-2024-47712, CVE-2024-47713, CVE-2024-47718, CVE-2024-47720, CVE-2024-47723, CVE-2024-47725, CVE-2024-47726, CVE-2024-47728, CVE-2024-47730, CVE-2024-47734, CVE-2024-47735, CVE-2024-47736, CVE-2024-47737, CVE-2024-47738, CVE-2024-47739, CVE-2024-47740, CVE-2024-47742, CVE-2024-47745, CVE-2024-47747, CVE-2024-47748, CVE-2024-47749, CVE-2024-47755, CVE-2024-47756, CVE-2024-47757, CVE-2024-49851, CVE-2024-49852, CVE-2024-49855, CVE-2024-49856, CVE-2024-49858, CVE-2024-49859, CVE-2024-49860, CVE-2024-49861, CVE-2024-49863, CVE-2024-49866, CVE-2024-49867, CVE-2024-49868, CVE-2024-49870, CVE-2024-49871, CVE-2024-49875, CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49880, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49886, CVE-2024-49887, CVE-2024-49888, CVE-2024-49889, CVE-2024-49890, CVE-2024-49891, CVE-2024-49892, CVE-2024-49893, CVE-2024-49894, CVE-2024-49895, CVE-2024-49896, CVE-2024-49897, CVE-2024-49898, CVE-2024-49899, CVE-2024-49900, CVE-2024-49901, CVE-2024-49902, CVE-2024-49903, CVE-2024-49904, CVE-2024-49905, CVE-2024-49906, CVE-2024-49907, CVE-2024-49908, CVE-2024-49909, CVE-2024-49910, CVE-2024-49911, CVE-2024-49912, CVE-2024-49913, CVE-2024-49914, CVE-2024-49915, CVE-2024-49916, CVE-2024-49917, CVE-2024-49918, CVE-2024-49919, CVE-2024-49920, CVE-2024-49921, CVE-2024-49922, CVE-2024-49923, CVE-2024-49924, CVE-2024-49925, CVE-2024-49926, CVE-2024-49927, CVE-2024-49928, CVE-2024-49929, CVE-2024-49930, CVE-2024-49931, CVE-2024-49932, CVE-2024-49933, CVE-2024-49934, CVE-2024-49935, CVE-2024-49936, CVE-2024-49937, CVE-2024-49938, CVE-2024-49939, CVE-2024-49940, CVE-2024-49944, CVE-2024-49945, CVE-2024-49946, CVE-2024-49948, CVE-2024-49949, CVE-2024-49950, CVE-2024-49952, CVE-2024-49954, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49960, CVE-2024-49961, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965, CVE-2024-49966, CVE-2024-49967, CVE-2024-49968, CVE-2024-49969, CVE-2024-49970, CVE-2024-49971, CVE-2024-49972, CVE-2024-49973, CVE-2024-49974, CVE-2024-49975, CVE-2024-49977, CVE-2024-49978, CVE-2024-49981, CVE-2024-49982, CVE-2024-49983, CVE-2024-49985, CVE-2024-49987, CVE-2024-49988, CVE-2024-49989, CVE-2024-49990, CVE-2024-49991, CVE-2024-49992, CVE-2024-49993, CVE-2024-49994, CVE-2024-49995, CVE-2024-49996, CVE-2024-49997, CVE-2024-49998, CVE-2024-50000, CVE-2024-50001, CVE-2024-50002, CVE-2024-50003, CVE-2024-50004, CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50009, CVE-2024-50010, CVE-2024-50012, CVE-2024-50013, CVE-2024-50014, CVE-2024-50015, CVE-2024-50016, CVE-2024-50017, CVE-2024-50018, CVE-2024-50019, CVE-2024-50024, CVE-2024-50028, CVE-2024-50031, CVE-2024-50033, CVE-2024-50034, CVE-2024-50035, CVE-2024-50036, CVE-2024-50038, CVE-2024-50039, CVE-2024-50040, CVE-2024-50041, CVE-2024-50044, CVE-2024-50045, CVE-2024-50046, CVE-2024-50047, CVE-2024-50048, CVE-2024-50049, CVE-2024-50055, CVE-2024-50056, CVE-2024-50057, CVE-2024-50058, CVE-2024-50059, CVE-2024-50060, CVE-2024-50061, CVE-2024-50062, CVE-2024-50063, CVE-2024-50067, CVE-2024-50072, CVE-2024-50073, CVE-2024-50074, CVE-2024-50082, CVE-2024-50083, CVE-2024-50085, CVE-2024-50086, CVE-2017-0537, CVE-2017-13165, CVE-2017-13693, CVE-2018-1121, CVE-2018-12928, CVE-2018-12929, CVE-2018-12930, CVE-2018-12931, CVE-2019-14899, CVE-2019-15213, CVE-2019-19378, CVE-2019-19814, CVE-2020-14304, CVE-2020-35501, CVE-2021-26934, CVE-2022-3114, CVE-2022-41848, CVE-2022-44032, CVE-2022-44033, CVE-2022-44034, CVE-2022-45884, CVE-2022-45885, CVE-2022-45888, CVE-2023-33053, CVE-2023-4010, CVE-2023-4133, CVE-2024-0564, CVE-2024-26896, CVE-2024-27011) ┗━━━━ /usr/share/doc/linux-libc-dev/copyright ┗━━━━ /var/lib/dpkg/info/linux-libc-dev:amd64.md5sums ┗━━━━ ...and 963 other locations pkg:npm/braces@3.0.2 (CVE-2024-4068) ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/braces/package.json pkg:npm/ip@2.0.0 (CVE-2024-29415, CVE-2023-42282) ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/ip/package.json pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-3109, CVE-2022-3341, CVE-2022-3964, CVE-2022-48434, CVE-2023-49502, CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51798, CVE-2024-31578, CVE-2024-32230, CVE-2024-7055) ┗━━━━ /usr/share/doc/ffmpeg/copyright ┗━━━━ /var/lib/dpkg/info/ffmpeg.md5sums ┗━━━━ ...and 52 other locations pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-4039, CVE-2021-3826, CVE-2021-46195, CVE-2022-27943) ┗━━━━ /usr/share/doc/gcc-11-base/copyright ┗━━━━ /var/lib/dpkg/info/cpp-11.md5sums ┗━━━━ ...and 995 other locations pkg:deb/ubuntu/gcc-12@12.3.0-1ubuntu1~22.04?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-4039, CVE-2022-27943) ┗━━━━ /usr/share/doc/gcc-12-base/copyright ┗━━━━ /var/lib/dpkg/info/gcc-12-base:amd64.md5sums ┗━━━━ ...and 29 other locations pkg:deb/ubuntu/intel-mediasdk@22.3.0-1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-45221, CVE-2023-47169, CVE-2023-48368, CVE-2023-22656, CVE-2023-47282) ┗━━━━ /usr/share/doc/libmfx1/copyright ┗━━━━ /var/lib/dpkg/info/libmfx1:amd64.md5sums ┗━━━━ ...and 14 other locations pkg:deb/ubuntu/krb5@1.19.2-2ubuntu0.3?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2024-26458, CVE-2024-26461) ┗━━━━ /usr/share/doc/libgssapi-krb5-2/copyright ┗━━━━ /var/lib/dpkg/info/libgssapi-krb5-2:amd64.md5sums ┗━━━━ ...and 19 other locations pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-2236) ┗━━━━ /usr/share/doc/libgcrypt20/copyright ┗━━━━ /var/lib/dpkg/info/libgcrypt20:amd64.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/libsndfile@1.0.31-2ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-33064, CVE-2021-4156) ┗━━━━ /usr/share/doc/libsndfile1/copyright ┗━━━━ /var/lib/dpkg/info/libsndfile1:amd64.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/nodejs@18.20.4-1nodesource1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-40735, CVE-2023-5363, CVE-2024-6119, CVE-2019-1563, CVE-2021-23840, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-9143) ┗━━━━ /usr/share/doc/nodejs/copyright ┗━━━━ /var/lib/dpkg/info/nodejs.md5sums ┗━━━━ ...and 3986 other locations pkg:deb/ubuntu/openjpeg2@2.4.0-6ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-39328, CVE-2023-39329, CVE-2019-6988, CVE-2021-29338, CVE-2021-3575) ┗━━━━ /usr/share/doc/libopenjp2-7/copyright ┗━━━━ /var/lib/dpkg/info/libopenjp2-7:amd64.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.16?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-6119, CVE-2024-2511, CVE-2024-41996, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535) ┗━━━━ /usr/share/doc/libssl3/copyright ┗━━━━ /var/lib/dpkg/info/libssl3:amd64.md5sums ┗━━━━ ...and 9 other locations pkg:deb/ubuntu/pixman@0.40.0-1ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-37769) ┗━━━━ /usr/share/doc/libpixman-1-0/copyright ┗━━━━ /var/lib/dpkg/info/libpixman-1-0:amd64.md5sums ┗━━━━ ...and 5 other locations pkg:npm/got@9.6.0 (CVE-2022-33987) ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/got/package.json pkg:npm/micromatch@4.0.5 (CVE-2024-4067) ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/micromatch/package.json pkg:npm/tar@6.2.0 (CVE-2024-28863) ┗━━━━ /root/.npm/_npx/3f6d3ce19cc8f028/node_modules/xpm/node_modules/tar/package.json pkg:deb/ubuntu/binutils@2.38-4ubuntu2.6?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2017-13716, CVE-2018-20657, CVE-2019-1010204, CVE-2022-27943, CVE-2022-48064) ┗━━━━ /usr/share/doc/binutils/copyright ┗━━━━ /var/lib/dpkg/info/binutils.md5sums ┗━━━━ ...and 186 other locations pkg:deb/ubuntu/cairo@1.16.0-5ubuntu2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2017-7475, CVE-2018-18064, CVE-2019-6461) ┗━━━━ /usr/share/doc/libcairo-gobject2/copyright ┗━━━━ /var/lib/dpkg/info/libcairo-gobject2:amd64.md5sums ┗━━━━ ...and 9 other locations pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1.2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2016-2781) ┗━━━━ /usr/share/doc/coreutils/copyright ┗━━━━ /var/lib/dpkg/info/coreutils.md5sums ┗━━━━ ...and 110 other locations pkg:deb/ubuntu/dbus@1.12.20-2ubuntu4.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-34969) ┗━━━━ /usr/share/doc/dbus/copyright ┗━━━━ /var/lib/dpkg/info/dbus.conffiles ┗━━━━ ...and 35 other locations pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.11?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2018-1000021) ┗━━━━ /usr/share/doc/git/copyright ┗━━━━ /var/lib/dpkg/info/git.conffiles ┗━━━━ ...and 94 other locations pkg:deb/ubuntu/glibc@2.35-0ubuntu3.8?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2016-20013) ┗━━━━ /usr/share/doc/libc-bin/copyright ┗━━━━ /var/lib/dpkg/info/libc-bin.conffiles ┗━━━━ ...and 816 other locations pkg:deb/ubuntu/gnupg2@2.2.27-3ubuntu2.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-3219) ┗━━━━ /usr/share/doc/dirmngr/copyright ┗━━━━ /var/lib/dpkg/info/dirmngr.md5sums ┗━━━━ ...and 110 other locations pkg:deb/ubuntu/harfbuzz@2.7.4-1ubuntu3.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-25193) ┗━━━━ /usr/share/doc/libharfbuzz0b/copyright ┗━━━━ /var/lib/dpkg/info/libharfbuzz0b:amd64.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/libpng1.6@1.6.37-3build5?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-3857) ┗━━━━ /usr/share/doc/libpng16-16/copyright ┗━━━━ /var/lib/dpkg/info/libpng16-16:amd64.md5sums ┗━━━━ ...and 5 other locations pkg:deb/ubuntu/ncurses@6.3-2ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-45918, CVE-2023-50495) ┗━━━━ /usr/share/doc/libtinfo6/copyright ┗━━━━ /var/lib/dpkg/info/libncurses6:amd64.md5sums ┗━━━━ ...and 78 other locations pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.18?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-41996) ┗━━━━ /usr/share/doc/libssl3/copyright ┗━━━━ /var/lib/dpkg/info/openssl.conffiles ┗━━━━ ...and 8 other locations pkg:deb/ubuntu/patch@2.7.6-7build2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2018-6952, CVE-2021-45261) ┗━━━━ /usr/share/doc/patch/copyright ┗━━━━ /var/lib/dpkg/info/patch.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/pcre2@10.39-3ubuntu0.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-41409) ┗━━━━ /usr/share/doc/libpcre2-8-0/copyright ┗━━━━ /var/lib/dpkg/info/libpcre2-8-0:amd64.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/pcre3@2:8.39-13ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2017-11164) ┗━━━━ /usr/share/doc/libpcre3/copyright ┗━━━━ /var/lib/dpkg/info/libpcre3:amd64.md5sums ┗━━━━ ...and 5 other locations pkg:deb/ubuntu/shadow@1:4.8.1-2ubuntu2.2?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-29383) ┗━━━━ /usr/share/doc/login/copyright ┗━━━━ /var/lib/dpkg/info/login.conffiles ┗━━━━ ...and 51 other locations pkg:deb/ubuntu/systemd@249.11-0ubuntu3.12?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2023-7008) ┗━━━━ /usr/share/doc/libpam-systemd/copyright ┗━━━━ /var/lib/dpkg/info/libpam-systemd:amd64.md5sums ┗━━━━ ...and 425 other locations pkg:deb/ubuntu/tiff@4.3.0-6ubuntu0.10?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2024-6716) ┗━━━━ /usr/share/doc/libtiff5/copyright ┗━━━━ /var/lib/dpkg/info/libtiff5:amd64.md5sums ┗━━━━ ...and 4 other locations pkg:deb/ubuntu/xdg-utils@1.1.3-4.1ubuntu3~22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04 (CVE-2022-4055) ┗━━━━ /usr/share/doc/xdg-utils/copyright ┗━━━━ /var/lib/dpkg/info/xdg-utils.md5sums ┗━━━━ ...and 13 other locations ``` Given the vast access a tool like this has; some sort of strategy around reducing these (either via updates/diff modules, or different base images) would be a good shout (or documenting [here](https://github.com/Mintplex-Labs/anything-llm/security) which have been reviewed + considered not a risk, etc).
yindo added the enhancementfeature request labels 2026-02-22 18:25:57 -05:00
yindo closed this issue 2026-02-22 18:25:58 -05:00
Author
Owner

@Stono commented on GitHub (Nov 3, 2024):

Just realised your build has vex files in it 👍

@Stono commented on GitHub (Nov 3, 2024): Just realised your build has vex files in it 👍
yindo changed title from [FEAT]: Tackle vulnerabilities head on to [GH-ISSUE #2572] [FEAT]: Tackle vulnerabilities head on 2026-06-05 14:42:01 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#1667