rabbitmq-topology-operator
PatchedMessaging & Streamingfrom
mirror.gcr.io/rabbitmqoperator/messaging-topology-operatorPull Reference
ghcr.io/verity-org/rabbitmqoperator/messaging-topology-operator
docker pull ghcr.io/verity-org/rabbitmqoperator/messaging-topology-operator
Available Versions
1.19.1latest14 CVEs fixed6 remaining
1.19.024 CVEs fixed6 remaining
1.18.331 CVEs fixed
Copa-Patched Image
Patched in-place from the upstream image usingCopa. OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance detailsSignedSLSA L3SBOMRekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/rabbitmqoperator/messaging-topology-operator:1.19.1
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/rabbitmqoperator/messaging-topology-operator:1.19.1 \ --owner verity-org
Vulnerability Scan
Found 20 vulnerabilities in the original image. 14 fixed by Copa. 6 remaining after patching.
10 HIGH7 MEDIUM3 UNKNOWN
Fix available — pending patch
These vulnerabilities have upstream fixes but could not be automatically patched.
- CVE-2026-25681HIGH
- Package
- golang.org/x/net
- Installed
- v0.54.0
- Fixed
- 0.55.0
- CVE-2026-27136HIGH
- Package
- golang.org/x/net
- Installed
- v0.54.0
- Fixed
- 0.55.0
- CVE-2026-39821HIGH
- Package
- golang.org/x/net
- Installed
- v0.54.0
- Fixed
- 0.55.0
- CVE-2026-25680MEDIUM
- Package
- golang.org/x/net
- Installed
- v0.54.0
- Fixed
- 0.55.0
- CVE-2026-42502MEDIUM
- Package
- golang.org/x/net
- Installed
- v0.54.0
- Fixed
- 0.55.0
- CVE-2026-42506MEDIUM
- Package
- golang.org/x/net
- Installed
- v0.54.0
- Fixed
- 0.55.0
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-25681 | golang.org/x/net | v0.54.0 | 0.55.0 | HIGH |
| CVE-2026-27136 | golang.org/x/net | v0.54.0 | 0.55.0 | HIGH |
| CVE-2026-39821 | golang.org/x/net | v0.54.0 | 0.55.0 | HIGH |
| CVE-2026-25680 | golang.org/x/net | v0.54.0 | 0.55.0 | MEDIUM |
| CVE-2026-42502 | golang.org/x/net | v0.54.0 | 0.55.0 | MEDIUM |
| CVE-2026-42506 | golang.org/x/net | v0.54.0 | 0.55.0 | MEDIUM |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
mirror.gcr.io/rabbitmqoperator/messaging-topology-operator
Version
1.19.1