kube-arangodb 1.3.1 - Security Vulnerabilities

[nnaik25]

We are seeing below vulnerabilities reported for kube-arangodb 1.3.1

[8.5] [CVE-2025-53547] [helm.sh/helm/v3] [v3.17.3]
[8.1] [CVE-2024-36623] [github.com/docker/docker] [v25.0.6+incompatible]
[7.8] [CVE-2025-8941] [libpam0g] [1.5.3-5ubuntu5.5]
[7.8] [CVE-2025-8941] [libpam-runtime] [1.5.3-5ubuntu5.5]
[7.8] [CVE-2025-8941] [libpam-modules] [1.5.3-5ubuntu5.5]
[7.8] [CVE-2025-8941] [libpam-modules-bin] [1.5.3-5ubuntu5.5]
[7.5] [CVE-2025-61725] [stdlib] [v1.24.5]
[7.5] [CVE-2025-61723] [stdlib] [v1.24.5]
[7.5] [CVE-2025-58188] [stdlib] [v1.24.5]
[7.5] [CVE-2025-58187] [stdlib] [v1.24.5]
[7.5] [CVE-2024-41996] [openssl] [3.0.13-0ubuntu3.6]
[7.5] [CVE-2024-41996] [libssl3t64] [3.0.13-0ubuntu3.6]
[7.3] [CVE-2024-25621] [github.com/containerd/containerd] [v1.7.27]
[7.0] [CVE-2025-47907] [stdlib] [v1.24.5]
[6.5] [CVE-2025-55199] [helm.sh/helm/v3] [v3.17.3]
[6.5] [CVE-2025-55198] [helm.sh/helm/v3] [v3.17.3]
[6.5] [CVE-2025-47906] [stdlib] [v1.24.5]
[6.5] [CVE-2024-36621] [github.com/docker/docker] [v25.0.6+incompatible]
[6.5] [CVE-2024-36620] [github.com/docker/docker] [v25.0.6+incompatible]
[6.5] [CVE-2016-2781] [coreutils] [9.4-3ubuntu6.1]
[5.9] [CVE-2024-2236] [libgcrypt20] [1.10.3-2build1]
[5.3] [CVE-2025-61724] [stdlib] [v1.24.5]
[5.3] [CVE-2025-58189] [stdlib] [v1.24.5]
[5.3] [CVE-2025-58186] [stdlib] [v1.24.5]
[5.3] [CVE-2025-58185] [stdlib] [v1.24.5]
[5.3] [CVE-2025-47912] [stdlib] [v1.24.5]
[4.3] [CVE-2025-58183] [stdlib] [v1.24.5]
[4.1] [CVE-2025-45582] [tar] [1.35+dfsg-3build1]
[3.6] [CVE-2024-56433] [passwd] [1:4.13+dfsg1-4ubuntu3.2]
[3.6] [CVE-2024-56433] [login] [1:4.13+dfsg1-4ubuntu3.2]
[3.3] [CVE-2022-3219] [gpgv] [2.4.4-2ubuntu17.3]
[3.3] [CVE-2022-3219] [gpgv] [2.4.4-2ubuntu17.3]
[3.0] [CVE-2025-64329] [github.com/containerd/containerd] [v1.7.27]

Tool used is aqua scan

We are using below docker image

https://hub.docker.com/r/arangodb/kube-arangodb/tags

docker pull arangodb/kube-arangodb:1.3.1

Let me know if any more info is required. Will update this ticket accordingly

[ajanikow]

Hello!

About High:

• stdlib - will be included in the next release, as it has been published after our release.
• Helm is only in the CLI, which we do not use (so we did not see it in the scanners). We will fix it in the next release.

Best Regards,
Adam.

[ajanikow]

Hello!

Helm has not been fixed, as our Scanner did not identify it as an issue (Dependency, but not in use).

We will bump it in the 1.3.2 Release.

Best Regards,
Adam.