Skip to content

0.8.0 flagged with CVE-2023-24538 #805

New issue
New issue
Closed
Closed
0.8.0 flagged with CVE-2023-24538#805
@perry-mitchell

Description

@perry-mitchell
perry-mitchell
opened on Mar 24, 2025

Hello!

I've been releasing the latest tag on Snowflake (SPCS) and have recently seen that pgvector has been flagged as having CVE-2023-24538.

Seems to be a super old CVE too. Any chance an update might be planned with updated dependencies? I've sent an email to the listed address on the Security tab too. Felt it was acceptable to share in an issue as they're so old.

EDIT: After scanning the image further, these vulnerabilities are present:

    ✗ CRITICAL CVE-2024-24790
      https://scout.docker.com/v/CVE-2024-24790?s=golang&n=stdlib&t=golang&vr=%3C1.21.11
      Affected range : <1.21.11
      Fixed version  : 1.21.11

    ✗ CRITICAL CVE-2023-24540
      https://scout.docker.com/v/CVE-2023-24540?s=golang&n=stdlib&t=golang&vr=%3C1.19.9
      Affected range : <1.19.9
      Fixed version  : 1.19.9

    ✗ CRITICAL CVE-2023-24538
      https://scout.docker.com/v/CVE-2023-24538?s=golang&n=stdlib&t=golang&vr=%3C1.19.8
      Affected range : <1.19.8
      Fixed version  : 1.19.8

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions