Patch CVEs on Alpine Linux
StackPatch indexes the Alpine secdb (secdb.alpinelinux.org) for 5 Alpine Linux releases: v3.21 · v3.20 · v3.19 · v3.18 · edge. The workflow below shows the exact apk commands to detect, remediate, and verify a CVE.
5-second free check
curl https://mindsparkstack.com/scan.sh | bash
On Alpine Linux the agent uses apk info -v to enumerate installed packages, then matches against secdb.alpinelinux.org via the StackPatch matcher API. Source as plain text.
Manual workflow
1. Enumerate installed packages
apk info -v | head -200
2. Look up an example CVE
CVE-2022-0778 — affects
opensslon Alpine Linux. Each CVE page shows the exact fixed_version per release.3. Upgrade with apk
apk update && apk add --upgrade <package>
4. Verify the version landed
Re-run the quickscan, or use the per-package check listed above.
Alpine Linux-specific notes
- • Alpine packages have a -rN revision suffix; comparison is base-version + revision.
- • Alpine is the default base for many official Docker images (node:alpine, python:alpine).
- • Alpine secdb is a single per-release JSON; updates daily.
Other distros
Continuous monitoring across all your Alpine Linux servers
Hourly inventory + matcher + email/webhook alerts + public audit URL per server. $99 lifetime, 50 founder seats. Works on every Alpine Linux release listed above.