-
Our vulnerability scanner found these while scanning the [cube.js](https://github.com/cube-js/cube.js) Docker image. Here is a list of CVEs affecting lodash 3.10.1:
- CVE-2019-10744
- CVE-2021-23…
-
### Describe your feature request
We would like to request a new method in the Nuclei SDK module that allows users to specify targets, templates, and a callback method for execution.
This method s…
-
Hi maintainers, many thanks for writing and providing this authorizer!
We are security-scanning our images and noticed CVE-2023-2976 and CVE-2020-8908 popping up. Both of these have been fixed by h…
-
**Background**: Today we have scanning implemented using [`snyk`](https://github.com/kubernetes/sig-security/blob/main/sig-security-tooling/vulnerability-mgmt/build-time-dependencies.md). It has worke…
-
**Describe the bug**
Multiple High and Critical CVEs found in the tb-node image. Image built from `master` branch and scanned with https://github.com/anchore/grype.
```shell
json …
-
This project imports the go module `istio.io/istio` which uses unadorned semver tags rather than the go standard `v` prefixed release tags. The consequence is that `go mod tidy` always replaced the `g…
-
The test script currently does not really check whether any patch-level update that **targets** any critical CVEs is deployed in time.
Furthermore, the standard is a bit vague about whether this pa…
-
**What would you like to be added**:
It would be good to add the `pkg.Source.Name` and `pkg.Source.Digest` information to the matchable product identifiers when using VEX documents to filter out vu…
-
Hello team,
I am writing to you because of the following:
Reviewing past vulnerabilities found in Kaniko, I encountered the Platform One log for hardened containers, and there is a Kaniko repo t…
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…