Skip to content

Resolve CVEs in third party dependencies and/or triage #163

Open
Open
Resolve CVEs in third party dependencies and/or triage#163
@patrick-stephens

Description

@patrick-stephens
patrick-stephens
opened on Dec 12, 2025

See fluent/fluent-bit#11283

SQLite (v3.45.2) and c-ares (v1.34.4) used by Fluent bit contain multiple CVEs that were fixed in recent versions: SQLite v3.50.3 and c-ares v1.34.6

CVEs

SQLite v3.45.2:

Critical:

https://nvd.nist.gov/vuln/detail/CVE-2025-6965
https://nvd.nist.gov/vuln/detail/CVE-2025-3277
https://nvd.nist.gov/vuln/detail/CVE-2025-29087

High:

https://nvd.nist.gov/vuln/detail/CVE-2025-7709
https://nvd.nist.gov/vuln/detail/CVE-2025-29088

c-ares v1.34.4

High:

https://nvd.nist.gov/vuln/detail/CVE-2025-31498
https://nvd.nist.gov/vuln/detail/CVE-2025-62408

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions