[sph]

Copied from the defectdojo report (generated on an Elixir 1.19 app on ubuntu noble base image from February 2026):

  Critical CVE-2025-32433 in erlang:27.3
  Critical CVE-2026-28808 in erlang:27.3   
  High CVE-2026-23941 in erlang:27.3 
  High CVE-2026-32144 in erlang:27.3   
  High CVE-2025-48041 in erlang:27.3   
  High CVE-2025-68973 in gpgv:2.4.4-2ubuntu17   
  High CVE-2025-30211 in erlang:27.3
  High CVE-2025-68973 GPGV 2.4.4-2ubuntu17

All these seem to be fixed by upgrading to latest ubuntu image + Erlang/OTP 28.5

[pdimitar]

Thank you. The problem with new OTP releases is that usually there's a X.0.1 release shortly after because something was broken. At least it was that way with 28. I'll wait a few weeks.