CLEANSTART-2026-KO23583

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-KO23583.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-KO23583
Upstream
  • ghsa-78h2-9frx-2jm8
  • ghsa-92mm-2pjq-r785
  • ghsa-gm2x-2g9h-ccm8
  • ghsa-hfvc-g4fc-pqhx
  • ghsa-jhf3-xxhw-2wpp
  • ghsa-q9hv-hpm4-hj6x
  • ghsa-xmrv-pmrh-hhx2
Published
2026-07-13T07:27:55.350468Z
Modified
2026-07-13T08:45:11.591570377Z
Summary
Security fixes for CVE-2025-15558, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-25934, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-34986, CVE-2026-39883, CVE-2026-4660, ghsa-78h2-9frx-2jm8, ghsa-92mm-2pjq-r785, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-jhf3-xxhw-2wpp, ghsa-q9hv-hpm4-hj6x, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.39.0-r0, 1.39.0-r1, 1.39.0-r2, 1.39.0-r3, 1.42.4-r0
Details

Multiple security vulnerabilities affect the syft package. These issues are resolved in later releases. See references for individual vulnerability details.

References

Affected packages

CleanStart / syft

Package

Name
syft

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.42.4-r0

Database specific

source
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-KO23583.json"