publicWagsHome
/
amcrest2mqtt
mirror of https://github.com/dchesterton/amcrest2mqtt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dependabot/github_actions/docker/setup-buildx-action-2.5.0
dependabot/pip/python-slugify-8.0.1
dependabot/github_actions/docker/build-push-action-4.0.0
dependabot/github_actions/docker/setup-qemu-action-2.1.0
dependabot/github_actions/docker/login-action-2.1.0
main
1.0.16
1.0.15
1.0.14
1.0.13
1.0.12
1.0.11
1.0.10
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c0588bdd4'
${ noResults }
amcrest2mqtt/.trivyignore

35 lines
1.9 KiB
Plaintext
Raw Blame History

# =============================================================================
# System Libraries - Waiting for upstream fixes in python:3.14-slim base image
# =============================================================================
# glibc vulnerabilities - system library, waiting for Debian/Python base image updates
CVE-2026-0861 # glibc: Integer overflow in memalign leads to heap corruption
CVE-2026-0915 # glibc: Information disclosure via zero-valued network query
# libtasn1 - system library dependency, not directly used by amcrest2mqtt
CVE-2025-13151 # libtasn1: DoS via stack-based buffer overflow in asn1_expend_octet_string
# =============================================================================
# curl - Pulled in as system dependency but specific vulnerable features not used
# =============================================================================
# amcrest2mqtt uses Python requests library for HTTP, not curl directly
# These CVEs relate to curl features (SSH, OAuth2, LDAP, cert pinning) not used by this app
CVE-2025-15224 # curl: SSH/SCP/SFTP transfers - not used
CVE-2025-15079 # curl: SSH transfers with specific options - not used
CVE-2025-14819 # curl: TLS with reused easy/multi handles - not used
CVE-2025-14524 # curl: OAuth2 bearer tokens - not used
CVE-2025-14017 # curl: Multi-threaded LDAPS transfers - not used
CVE-2025-13034 # curl: CURLOPT_PINNEDPUBLICKEY option - not used
# =============================================================================
# Other system dependencies not used by application
# =============================================================================
# OpenLDAP - not used by amcrest2mqtt (connects to Amcrest cameras and MQTT only)
CVE-2026-22185 # OpenLDAP LMDB: DoS and Info Disclosure via Heap Buffer Underflow
# libexpat is only pulled in via apt-get install git during build.
# It is not used in the final runtime image or by amcrest2mqtt at all.
CVE-2025-59375
Reference in New Issue View Git Blame Copy Permalink