🛡️ Security Scan Report

Trivy Vulnerability & Secret Scanner
Service: ait-mongo-service
Branch: feature/mail-id-testing
Build: #251
Date: 2026-06-24 12:20:34

0

Critical

3

High

2

Medium

0

Low

0

Secrets

1

Misconfig

🔴 Vulnerabilities (4)
SeverityCVE IDPackageInstalledFixed InDescription
HIGH CVE-2025-4565 protobuf 5.27.2 4.25.8, 5.29.5, 6.31.1 python-protobuf: Unbounded recursion in Python Protobuf
HIGH CVE-2026-0994 protobuf 5.27.2 6.33.5, 5.29.6 python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
MEDIUM CVE-2026-28684 python-dotenv 1.1.1 1.2.2 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
MEDIUM CVE-2026-25645 requests 2.32.4 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation
🔑 Secrets (0)
TypeFileLineMatch
✅ No secrets found
⚙️ Misconfigurations (1)
SeverityIDCheckFileMessage
HIGH DS002 Image user should not be 'root' Dockerfile Specify at least 1 USER command in Dockerfile with non-root user as argument
📄 Raw JSON Report (click to expand)