-
**Describe the bug**
Since the last update, our jobs have been failing to execute the "Central Analyzer" ;
```
[ERROR] Could not connect to Central search. Analysis failed.
java.io.IOException: F…
-
We don't detect https://nvd.nist.gov/vuln/detail/CVE-2010-3708.
-
We are using the pinot-jdbc-client : 0.12.1 and there are multiple downstream dependencies with serious, known vulnerabilities. We looked, and 0.12.1 is the latest version available. Can you please up…
-
KPL uses
```XML
com.google.protobuf
protobuf-java
2.6.1
```
Which is the version from Oct 22, 2014
Anyone using the newer versions (or anythi…
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189 reported by cve-checker.
-
We are currently using `v7.13.0` and saw the `Arbitrary Code Execution` bug that was fixed in `v7.16.3`. This breaks a current workflow we have where in `InteractiveShellApp.exec_lines` we import a bu…
-
See https://hackerone.com/reports/274267 for example
-
### Current Behavior:
CVE-2019-17571 is a new vulnerability that Dependency Track 3.7.1 failed to listed as a vulnerability for log4j.
### Steps to Reproduce:
In one of our project log4j versio…
-
### Package URl
pkg:maven/io.netty/netty-handler@4.1.109.Final
### CPE
cpe:2.3:a:netty:netty:4.1.109:*:*:*:*:*:*:*
### CVE
CVE-2023-4586 and sonatype-2020-0026
### ODC Integration
…
-
The underlying version of libexpat packaged in node-expat is most likely vulnerable to the vulnerability documented for libexpat < 2.4.4
- https://nvd.nist.gov/vuln/detail/CVE-2022-23852
- https://g…