🚨 Security: Critical issues in mcp-server-neon container

[github-actions]

🚨 Security Scan Alert

A periodic security scan found critical issues in the container image:

• Image: ghcr.io/stacklok/dockyard/npx/mcp-server-neon:0.6.5
• Critical vulnerabilities: 4
• High vulnerabilities: 39
• Secrets detected: 0

Details

See the Security tab for full details.

Critical Vulnerabilities

• CVE-2025-15467 in libcrypto3: openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
• CVE-2025-15467 in libssl3: openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
• CVE-2026-22184 in zlib: zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility
• CVE-2025-55182 in next: next: React Server Components: Pre-authentication remote code execution via unsafe deserialization

---

Automated security scan from periodic-security-scan workflow

[github-actions]

Updated Scan Results

🚨 Security Scan Alert

A periodic security scan found critical issues in the container image:

• Image: ghcr.io/stacklok/dockyard/npx/mcp-server-neon:0.6.5
• Critical vulnerabilities: 2
• High vulnerabilities: 32
• Secrets detected: 0

Details

See the Security tab for full details.

Critical Vulnerabilities

• CVE-2026-22184 in zlib: zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility
• CVE-2025-55182 in next: next: React Server Components: Pre-authentication remote code execution via unsafe deserialization

---

Automated security scan from periodic-security-scan workflow