-
# Overview
There's been a couple of high profile compromises of downstream dependencies in the NodeJS ecosystem. We should build security checks for this into our CI process, and fail the build to …
-
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:CVE-2020-14782
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Version*…
-
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:CVE-2020-14781
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Version*…
-
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:CVE-2020-14797
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Version*…
-
Dear GitHub team,
it would be nice, if your security advisories would also be available in the [Common Security Advisory Framework](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html). CSAF sp…
-
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:CVE-2019-2999
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Versio…
-
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:CVE-2019-2949
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Versio…
-
:bug: Originally reported by @farvour in https://github.com/docker/build-push-action/pull/746#issuecomment-1377806123, tracking here since the original issue is about adding attestations fields in doc…
-
Jet uses `org.apache.avro:avro-ipc` in version `1.9.2` which includes `jquery-1.4.2.min.js` which has some vulnerabilities - https://ossindex.sonatype.org/component/pkg:npm/jquery@1.4.2.min (but canno…
-
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:CVE-2021-35564
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Versi…