Skip to content

🚨 Security: Critical issues in mcp-clickhouse container #360

New issue
New issue
Open
Open
🚨 Security: Critical issues in mcp-clickhouse container#360
Labels
criticalsecuritytrivy
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 2, 2026

🚨 Security Scan Alert

A periodic security scan found critical issues in the container image:

  • Image: ghcr.io/stacklok/dockyard/uvx/mcp-clickhouse:0.2.0
  • Critical vulnerabilities: 3
  • High vulnerabilities: 5
  • Secrets detected: 0

Details

See the Security tab for full details.

Critical Vulnerabilities

  • CVE-2025-15467 in libssl3t64: openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
  • CVE-2025-15467 in openssl: openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
  • CVE-2025-15467 in openssl-provider-legacy: openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

Automated security scan from periodic-security-scan workflow

Metadata

Metadata

Assignees

No one assigned

    Labels

    criticalsecuritytrivy

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions