postgres-operator
Patched Databases & Caching
from
ghcr.io/zalando/postgres-operator
Pull Reference
ghcr.io/verity-org/zalando/postgres-operator
docker pull ghcr.io/verity-org/zalando/postgres-operator
Copa-Patched Image
Patched in-place from the upstream image using Copa . OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance details
Signed
SLSA L3
SBOM
Rekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/zalando/postgres-operator:v1.14.0
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/zalando/postgres-operator:v1.14.0 \ --owner verity-org
Vulnerability Scan
Found 90 vulnerabilit ies in the original image. 56 fixed by Copa. 34 remaining after patching.
3CRITICAL16HIGH63MEDIUM8LOW
Fix available — pending patch
These vulnerabilities have upstream fixes but could not be automatically patched.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2025-68121 | stdlib | v1.23.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | CRITICAL |
| CVE-2025-22869 | golang.org/x/crypto | v0.31.0 | 0.35.0 | HIGH |
| CVE-2025-22868 | golang.org/x/oauth2 | v0.10.0 | 0.27.0 | HIGH |
| CVE-2025-47907 | stdlib | v1.23.4 | 1.23.12, 1.24.6 | HIGH |
| CVE-2025-58183 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | HIGH |
| CVE-2025-61726 | stdlib | v1.23.4 | 1.24.12, 1.25.6 | HIGH |
| CVE-2025-61728 | stdlib | v1.23.4 | 1.24.12, 1.25.6 | HIGH |
| CVE-2025-61729 | stdlib | v1.23.4 | 1.24.11, 1.25.5 | HIGH |
| CVE-2025-47914 | golang.org/x/crypto | v0.31.0 | 0.45.0 | MEDIUM |
| CVE-2025-58181 | golang.org/x/crypto | v0.31.0 | 0.45.0 | MEDIUM |
| CVE-2025-22870 | golang.org/x/net | v0.25.0 | 0.36.0 | MEDIUM |
| CVE-2025-22872 | golang.org/x/net | v0.25.0 | 0.38.0 | MEDIUM |
| CVE-2024-45336 | stdlib | v1.23.4 | 1.22.11, 1.23.5, 1.24.0-rc.2 | MEDIUM |
| CVE-2024-45341 | stdlib | v1.23.4 | 1.22.11, 1.23.5, 1.24.0-rc.2 | MEDIUM |
| CVE-2025-0913 | stdlib | v1.23.4 | 1.23.10, 1.24.4 | MEDIUM |
| CVE-2025-22866 | stdlib | v1.23.4 | 1.22.12, 1.23.6, 1.24.0-rc.3 | MEDIUM |
| CVE-2025-22871 | stdlib | v1.23.4 | 1.23.8, 1.24.2 | MEDIUM |
| CVE-2025-22873 | stdlib | v1.23.4 | 1.23.9, 1.24.3 | MEDIUM |
| CVE-2025-4673 | stdlib | v1.23.4 | 1.23.10, 1.24.4 | MEDIUM |
| CVE-2025-47906 | stdlib | v1.23.4 | 1.23.12, 1.24.6 | MEDIUM |
| CVE-2025-47912 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-58185 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-58186 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-58187 | stdlib | v1.23.4 | 1.24.9, 1.25.3 | MEDIUM |
| CVE-2025-58188 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-58189 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-61723 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-61724 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-61725 | stdlib | v1.23.4 | 1.24.8, 1.25.2 | MEDIUM |
| CVE-2025-61727 | stdlib | v1.23.4 | 1.24.11, 1.25.5 | MEDIUM |
| CVE-2025-61730 | stdlib | v1.23.4 | 1.24.12, 1.25.6 | MEDIUM |
| CVE-2026-25679 | stdlib | v1.23.4 | 1.25.8, 1.26.1 | MEDIUM |
| CVE-2026-27142 | stdlib | v1.23.4 | 1.25.8, 1.26.1 | MEDIUM |
| CVE-2026-27139 | stdlib | v1.23.4 | 1.25.8, 1.26.1 | LOW |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
ghcr.io/zalando/postgres-operator