{ "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi", "issues" : [ { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "govway", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/linkitaly/govway", "fingerprint" : "FALLBACK-3ff4adde", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2026-24515: OsPackageVulnerability\u000a\u000alibexpat: libexpat null pointer dereference\u000a\u000aFor additional help see: **Vulnerability CVE-2026-24515**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|CRITICAL|libexpat|2.7.4-r0|[CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)|\u000a\u000aIn libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-24515\u000aSeverity: CRITICAL\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1409", "severity" : "HIGH", "toString" : "govway(1,0): CVE-2026-24515: : CVE-2026-24515: OsPackageVulnerability\u000a\u000alibexpat: libexpat null pointer dereference\u000a\u000aFor additional help see: **Vulnerability CVE-2026-24515**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|CRITICAL|libexpat|2.7.4-r0|[CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)|\u000a\u000aIn libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-24515\u000aSeverity: CRITICAL\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)", "type" : "CVE-2026-24515" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "govway", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/linkitaly/govway", "fingerprint" : "FALLBACK-1f34d882", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2026-25210: OsPackageVulnerability\u000a\u000alibexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation\u000a\u000aFor additional help see: **Vulnerability CVE-2026-25210**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|libexpat|2.7.4-r0|[CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)|\u000a\u000aIn libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-25210\u000aSeverity: MEDIUM\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1409", "severity" : "NORMAL", "toString" : "govway(1,0): CVE-2026-25210: : CVE-2026-25210: OsPackageVulnerability\u000a\u000alibexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation\u000a\u000aFor additional help see: **Vulnerability CVE-2026-25210**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|libexpat|2.7.4-r0|[CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)|\u000a\u000aIn libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-25210\u000aSeverity: MEDIUM\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)", "type" : "CVE-2026-25210" } ], "size" : 2, "toString" : "2 warnings (high: 1, normal: 1)" }