Only the exit code from the final command in this RUN instruction will be evaluated unless 'pipefail' is set.

Detected docker image with no explicit version attached.

Insecure dependency golang/github.com/mholt/archiver/v3@v3.5.1 (CVE-2024-0406: mholt/archiver: path traversal vulnerability) (no fix available)

Insecure dependency golang/github.com/mholt/archiver/v3@v3.5.1 (CVE-2025-3445: mholt/archiver: A Path Traversal "Zip Slip" vulnerability in mholt/archiver) (no fix available)

Insecure dependency golang/github.com/nwaples/rardecode@v1.1.2 (CVE-2025-11579: github.com/nwaples/rardecode: RarDecode Out Of Memory Crash) (no fix available)

Detected file permissions that are set to more than `0600` (user/owner can read and write). Setting file permissions to higher than `0600` is most likely unnecessary and violates the principle of least privilege.

The application was found setting directory permissions to overly permissive values.

Insecure dependency npm/react-server-dom-webpack@19.0.0 (CVE-2025-55183: next: React Server Components: Source code exposure through crafted HTTP request) (update to 19.0.2)

Insecure dependency npm/react-server-dom-webpack@19.0.0 (CVE-2025-55184: next: React Server Components: Denial of Service via unsafe HTTP deserialization) (update to 19.0.2)

Insecure dependency npm/react-server-dom-webpack@19.0.0 (CVE-2026-23864: React Server Components have multiple Denial of Service Vulnerabilities) (update to 19.0.4)

Insecure dependency npm/qs@6.5.5 (CVE-2025-15284: qs: qs: Denial of Service via improper input validation in array parsing) (update to 6.14.1)

Insecure dependency npm/request@2.88.2 (CVE-2023-28155: request: bypass of SSRF mitigations when following a cross-protocol redirect) (no fix available)

Insecure dependency npm/tough-cookie@2.5.0 (CVE-2023-26136: tough-cookie: prototype pollution in cookie memstore) (update to 4.1.3)

Insecure dependency npm/xml2js@0.4.23 (CVE-2023-0842: node-xml2js: xml2js is vulnerable to prototype pollution) (update to 0.5.0)