Tools / Firezone / Security

Security Deep Dive

Firezone

Security posture and CVE patch evidence from tracked releases.

Back to Tool

15 high-severity dependency CVEs affects macos-client-1.5.16.

Review the dependency vulnerabilities below.

— Signed — SLSA — SBOM ✗ Security policy Weekly cadence · 0d median Active maintainer

Trust Signals — 2 of 9 Present

Evidence already collected from releases and repository metadata.

2/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Unknown

GitHub SBOM API Latest release

—

SECURITY.md Absent

GitHub repository metadata Repository policy

Checked: 22d ago

Release cadence: weekly Present

0d median over recent releases Release history

Latest release: today

Maintainer active Present

Recent commit activity Repository

Last commit: today

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: today

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: today

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: today

5.2/10 Security Score

Dependency Exposure 65 transitive dependency CVEs found in the latest SBOM.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

6d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

1.50 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 30.6/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

6.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

6.9

10%

supply chain risk: 30.64 transitive cves: 0c/15h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 6d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 30.6/100

0 Transitive critical CVEs

0 KEV-transitive CVEs

68% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

2309 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

Still affecting latest (0) All (65)

High 15 Medium 23 Low 4 Unknown 23

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2024-43398	high	—	rexml	3.2.5	macos-client-1.5.16
CVE-2024-47220	high	—	webrick	1.7.0	macos-client-1.5.16
CVE-2025-27610	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-46727	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-59830	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-61770	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-61771	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-61772	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-61919	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-22860	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34230	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34785	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34829	high	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-35611	high	—	addressable	2.8.1	macos-client-1.5.16
CVE-2026-44665	high	—	fast-xml-builder	1.1.5	macos-client-1.5.16
CVE-2024-25126	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2024-35176	medium	—	rexml	3.2.5	macos-client-1.5.16
CVE-2024-39908	medium	—	rexml	3.2.5	macos-client-1.5.16
CVE-2024-41123	medium	—	rexml	3.2.5	macos-client-1.5.16
CVE-2024-41946	medium	—	rexml	3.2.5	macos-client-1.5.16
CVE-2024-49761	medium	—	rexml	3.2.5	macos-client-1.5.16
CVE-2025-14762	medium	—	aws-sdk-s3	1.114.0	macos-client-1.5.16
CVE-2025-25184	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-27111	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-32441	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-61780	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2025-6442	medium	—	webrick	1.7.0	macos-client-1.5.16
CVE-2026-25500	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-25765	medium	—	faraday	1.4.3	macos-client-1.5.16
CVE-2026-26961	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34763	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34786	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34826	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34830	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-34831	medium	—	rack	2.2.7	macos-client-1.5.16
CVE-2026-42184	medium	—	tauri	2.10.2	macos-client-1.5.16
CVE-2026-44664	medium	—	fast-xml-builder	1.1.5	macos-client-1.5.16
GHSA-wrw7-89jp-8q8g	medium	—	glib	0.18.5	macos-client-1.5.16
CVE-2024-26141	low	—	rack	2.2.7	macos-client-1.5.16
CVE-2024-26146	low	—	rack	2.2.7	macos-client-1.5.16
GHSA-2p6r-x3vv-xqm2	low	—	rpassword	7.4.0	macos-client-1.5.16
GHSA-cq8v-f236-94qc	low	—	rand	0.8.5	macos-client-1.5.16
RUSTSEC-2020-0095	unknown	—	difference	2.0.0	macos-client-1.5.16
RUSTSEC-2024-0370	unknown	—	proc-macro-error	1.0.4	macos-client-1.5.16
RUSTSEC-2024-0384	unknown	—	instant	0.1.13	macos-client-1.5.16
RUSTSEC-2024-0411	unknown	—	gdkwayland-sys	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0412	unknown	—	gdk	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0413	unknown	—	atk	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0414	unknown	—	gdkx11-sys	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0415	unknown	—	gtk	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0416	unknown	—	atk-sys	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0417	unknown	—	gdkx11	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0418	unknown	—	gdk-sys	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0419	unknown	—	gtk3-macros	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0420	unknown	—	gtk-sys	0.18.2	macos-client-1.5.16
RUSTSEC-2024-0429	unknown	—	glib	0.18.5	macos-client-1.5.16
RUSTSEC-2024-0436	unknown	—	paste	1.0.15	macos-client-1.5.16
RUSTSEC-2025-0012	unknown	—	backoff	0.4.0	macos-client-1.5.16
RUSTSEC-2025-0057	unknown	—	fxhash	0.2.1	macos-client-1.5.16
RUSTSEC-2025-0075	unknown	—	unic-char-range	0.9.0	macos-client-1.5.16
RUSTSEC-2025-0080	unknown	—	unic-common	0.9.0	macos-client-1.5.16
RUSTSEC-2025-0081	unknown	—	unic-char-property	0.9.0	macos-client-1.5.16
RUSTSEC-2025-0098	unknown	—	unic-ucd-version	0.9.0	macos-client-1.5.16
RUSTSEC-2025-0100	unknown	—	unic-ucd-ident	0.9.0	macos-client-1.5.16
RUSTSEC-2026-0097	unknown	—	rand	0.8.5	macos-client-1.5.16

Showing 65 of 65