prometheus-node-exporter

Patched

Monitoring & Observability from quay.io/prometheus/node-exporter

Pull Reference

ghcr.io/verity-org/prometheus/node-exporter

docker pull ghcr.io/verity-org/prometheus/node-exporter

Copa-Patched Image

Patched in-place from the upstream image using Copa . OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.

Supply Chain

Full compliance details

Signed SLSA L3 SBOM Rekor

Verify this artifact

Cosign signature

cosign verify \
  --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  ghcr.io/verity-org/prometheus/node-exporter:v1.10.2

Build provenance

gh attestation verify \
  oci://ghcr.io/verity-org/prometheus/node-exporter:v1.10.2 \
  --owner verity-org

Vulnerability Scan

Found 12 vulnerabilit ies — none have upstream fixes available.

1CRITICAL4HIGH6MEDIUM1LOW

Fix available — pending patch

These vulnerabilities have upstream fixes but could not be automatically patched.

ID	Package	Installed	Fixed	Severity
CVE-2025-68121	stdlib	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	CRITICAL
CVE-2025-52881	github.com/opencontainers/selinux	v1.12.0	1.13.0	HIGH
CVE-2025-61726	stdlib	v1.25.3	1.24.12, 1.25.6	HIGH
CVE-2025-61728	stdlib	v1.25.3	1.24.12, 1.25.6	HIGH
CVE-2025-61729	stdlib	v1.25.3	1.24.11, 1.25.5	HIGH
CVE-2025-47914	golang.org/x/crypto	v0.42.0	0.45.0	MEDIUM
CVE-2025-58181	golang.org/x/crypto	v0.42.0	0.45.0	MEDIUM
CVE-2025-61727	stdlib	v1.25.3	1.24.11, 1.25.5	MEDIUM
CVE-2025-61730	stdlib	v1.25.3	1.24.12, 1.25.6	MEDIUM
CVE-2026-25679	stdlib	v1.25.3	1.25.8, 1.26.1	MEDIUM
CVE-2026-27142	stdlib	v1.25.3	1.25.8, 1.26.1	MEDIUM
CVE-2026-27139	stdlib	v1.25.3	1.25.8, 1.26.1	LOW

Source

Copa (in-place patch)

Platforms

linux/amd64, linux/arm64

Registry

ghcr.io/verity-org

Upstream

quay.io/prometheus/node-exporter