CVEs in latest gitlab-runner image

stroup12 · October 9, 2025, 12:20pm

Problem to solve

Trivy image scanner is flagging the following CVEs for alpine-v18.3.1

CVE-2025-22868 type: Gobinary package: The Go Programming Language version: v0.18.0 fix version: 0.27.0

CVE-2025-46334 type: alpine package: git version: 2.49.0-r0 fix version: 2.49.1-r0

CVE-2025-46334 type: alpine package: git-init-template version: 2.49.0-r0 fix version: 2.49.1-r0

CVE-2025-47907 type: Gobinary package: stdlib version: 1.24.4 fix version: 1.24.6
CVE-2025-48384 type: Alpine package: git version: 2.49.0-r0 fix version: 2.49.1-r0

CVE-2025-48384 type: alpine package: git-init-template version: 2.49.0-r0 fix version: 2.49.1-r0

CVE-2025-48385 type: Alpine package: git version: 2.49.0-r0 fix version: 2.49.1-r0

CVE-2025-48385 type: alpine package: git-init-template version: 2.49.0-r0 fix version: 2.49.1-r0

Steps to reproduce

ran trivy scanner with latest trivy db on the image

Configuration

n/a

Versions

self-hosted runners

Versions

radek.kujawa · October 17, 2025, 7:38pm

Any updates?

Topic		Replies	Views
GitLab 15.7.3 version : security vulnerabilities fixing Community	2	423	February 8, 2023
GitLab 14.1.0 version: Approach to fixing security vulnerabilities Community	2	463	January 6, 2023
Gitlab-CE Omnibus 8.10.0, ClamAV finding Xml.Exploit.CVE_2013_3860-1 How to Use GitLab	2	1565	July 27, 2016
ERROR: Preparation failed: Unable to load image: gitlab-runner-prebuilt Infrastructure as Code & Cloud Native runner , kubernetes	5	3188	May 4, 2020
GitLab 15.8.1 (Helm Chart 6.8.1) version: Third party images vulnerabilities fixing Community	3	787	February 10, 2023

CVEs in latest gitlab-runner image

Steps to reproduce

Configuration

Versions

Related topics