Skip to main content

enterpriseFrontend Security Scan

View Release Notes
Securityv3.9.2Generated 2026-04-28 05:24:20 UTC
Critical
Clean
High
12 found
Scan Date
Apr 28, 2026

Scanner: Docker Scout

Critical vulnerabilities: 0

High vulnerabilities: 5

Medium vulnerabilities: 7

Critical

No critical vulnerabilities found.

High

CVEPackageInstalledFixedDescription
GHSA-q4gf-8mx6-v5v3next16.1.616.2.3GHSA-q4gf-8mx6-v5v3: Allocation of Resources Without Limits or Throttling
CVE-2026-41672xmldom0.8.120.8.13CVE-2026-41672: XML Injection (aka Blind XPath Injection)
CVE-2026-41673xmldom0.8.120.8.13CVE-2026-41673: Uncontrolled Recursion
CVE-2026-41674xmldom0.8.120.8.13CVE-2026-41674: XML Injection (aka Blind XPath Injection)
CVE-2026-41675xmldom0.8.120.8.13CVE-2026-41675: XML Injection (aka Blind XPath Injection)

Medium

CVEPackageInstalledFixedDescription
CVE-2025-25285endpoint9.0.610.1.3CVE-2025-25285: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CVE-2025-25289request-error5.1.16.1.7CVE-2025-25289: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CVE-2026-27978next16.1.616.1.7CVE-2026-27978: Cross-Site Request Forgery (CSRF)
CVE-2026-29057next16.1.616.1.7CVE-2026-29057: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
GHSA-w5hq-g745-h8pquuid8.3.214.0.0GHSA-w5hq-g745-h8pq: Improper Validation of Specified Index, Position, or Offset in Input
CVE-2026-27979next16.1.616.1.7CVE-2026-27979: Allocation of Resources Without Limits or Throttling
CVE-2026-27980next16.1.616.1.7CVE-2026-27980: Uncontrolled Resource Consumption
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.