The following CVEs from ceph require a golang version >=1.23.7

https://bugzilla.redhat.com/show_bug.cgi?id=2333197
https://bugzilla.redhat.com/show_bug.cgi?id=2342745 https://bugzilla.redhat.com/show_bug.cgi?id=2348755 
https://bugzilla.redhat.com/show_bug.cgi?id=2353422

IBM(contains more dependencies of dependencies)
Critical:
https://nvd.nist.gov/vuln/detail/CVE-2024-45337
high:
https://nvd.nist.gov/vuln/detail/CVE-2024-8986
https://nvd.nist.gov/vuln/detail/CVE-2025-30204
https://nvd.nist.gov/vuln/detail/CVE-2025-30204
https://nvd.nist.gov/vuln/detail/CVE-2025-27152
https://nvd.nist.gov/vuln/detail/CVE-2025-22869
Medium:
https://nvd.nist.gov/vuln/detail/CVE-2024-36621
https://nvd.nist.gov/vuln/detail/CVE-2024-36621

In terms of bugs we're not currently tracked on:
We're 2 major releases behind in golang. 1.22.x has 5 CVEs fixed, 1.23.x has 6, and 1.24.x has 2. We will be using a version of golang that was released in July 2024. These are just in golang. Grafana has several security advisories[1,2] since the release last December, not to mention the numerous transitive and indirect dependencies that they update regularly. 

[1]https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/ 1 high, 2 medium
[2]https://grafana.com/blog/2024/11/12/grafana-security-release-medium-severity-security-fix-for-cve-2024-9476/  1 medium

Currently we cannot fix these as the OpenShift golang builder latest version is at 1.23.6. This creates a dependency on openhift build team to upgrade the golang version so we can proceed further.

     golang version <=1.23.6

     golang version >=1.23.7

    We can also help in building if the process is documented somewhere.