-
I noticed that the script whitelists Cloudflare, Bing, Yandex and Google but ignores Yahoo. Seems like an oversight.
-
### Description
We use a security-scanner to automatically detect security-problems.
The scanner complained about the following:
Relative URLs can be dangerous since browser may not determine the …
-
We're seeing these reported in the 0.8.16 image.
-
Hi!
We're very happy with the `composer audit` command introduced in Composer 2.4! It helps us a lot in keeping our code secure.
What would be even better is a better integration with our CI pro…
-
## Describe the bug
go-vulnerability-scan is failing CI
## Steps to reproduce
Run CI
## Expected behavior
go-vulnerability-scan passes
## Actual behavior
go-vulnerability-scan fails
ht…
-
Scanning an image with version of OpenSSL 1.1.1k-27 (which is vulnerable) doesn't report it as so although our OVAL file is correctly set.
**Reproducer:**
```
sudo docker run -ti mcr.microsoft.…
-
Review the [NIH Infosec Policy Handbook](https://app.zenhub.com/files/139095537/abc45acd-25d3-458d-920a-ff9f58a7fb7c/download) to answer the following questions:
What does a vulnerability scan repor…
-
When is the next release of caddy planned? Give the recent fixes merged for the http2 ddos, we're eager to update via the main channels (e.g. caddy-builder) without changing our pipelines to build fro…
-
**GWT version:2.8.2 and 2.10.0
##### Description
Our dependancy check report is reporting CVE for our project using gwt, because gwt-servlet depends on protobuf-java 2.5.0.
I found si…
-
# quay.io/solo-io/kubectl:1.13.37
No Vulnerabilities Found for quay.io/solo-io/kubectl:1.13.37 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/kubectl
Vulnerability ID|Package|Severity|…