Request for patching CVEs

Dear Kafdrop maintainers,

Our security scanner finds the following vulnerabilities in our kafdrop-4.2.0 container image.

Is it possible for you to upgrade the dependencies to the fixed versions?

Thank you for providing Kafdrop!


| Vulnerability | Severity | CVSS3 | Package | Current Version | Fixed in version |
| ------------- | -------- | ----- | ------- | --------------- | ---------------- |
| [CVE-2025-41249](https://nvd.nist.gov/vuln/detail/CVE-2025-41249) | High   | NVD: 7.5 | spring-core   | 6.2.9 | 6.2.11 |
| [CVE-2025-41242](https://nvd.nist.gov/vuln/detail/CVE-2025-41242) | Medium | N/A      | spring-webmvc | 6.2.9 | 6.2.10 |
| [CVE-2025-48924](https://nvd.nist.gov/vuln/detail/CVE-2025-48924) | Low    | NVD: 6.5 | org.apache.commons_commons-lang3 | 3.17.0 | 3.18.0 |

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Request for patching CVEs #802

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability	Severity	CVSS3	Package	Current Version	Fixed in version
CVE-2025-41249	High	NVD: 7.5	spring-core	6.2.9	6.2.11
CVE-2025-41242	Medium	N/A	spring-webmvc	6.2.9	6.2.10
CVE-2025-48924	Low	NVD: 6.5	org.apache.commons_commons-lang3	3.17.0	3.18.0

Request for patching CVEs #802

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions