-
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches.
See the module entry in go.mod: https://github.com/aquasecurity/trivy-operator/…
-
## Is your feature request related to a problem?
Original Issue: https://github.com/cnrancher/hangar/issues/15
Split the **container image CVE scanning & SBOM outputs** functionality into this s…
-
### What happened?
```
2024-05-13
Problem:
--------
These symptoms seem to hint at one or more bugs.
There's a mismatch between the octet order in both the IPv4 and IPv6 addresses
added…
-
**Expected behavior and actual behavior:**
Expexted: when using a CVE ID, e.g. `CVE-2022-42889`, while exporting a CVE list, I expect only projects to be exported which have the CVE I used for filter…
-
We build a container image based on this project, and AWS Inspector is showing quite a few HIGH findings, all centered around golang generally, and many of them involving `net` and `grpc` specifically…
-
### SY0-701 Themenbereiche
- Allgemeine Sicherheitskonzepte / General Security Concepts: 12%
- Bedrohungen, Schwachstellen und Gegenmaßnahmen / Threats, Vulnerabilities, and Mitigations: 22%
- Sich…
-
**What happened**:
Scan a container that has only python3-lxml-4.7.1-150200.3.10.1.x86_64 installed, then, get the following: CVE-2022-2309
```
lxml 4.7.1…
-
Hi, I'd like to ask if it's possible for a new release of this tool be made with the version constraint on **tqdm** relaxed?
Unfortunately there is this (admittedly innocuous) vulnerability [CVE-20…
ghost updated
6 months ago
-
Following is an updated report from an image scanner. You have replied here https://github.com/Redocly/redoc/issues/2481 on CVE-2023-43787 but there are two new issues: CVE-2023-52425 and CVE-2024-25…
-
### What would you like to be added?
CVE-2023-45288 / [GO-2024-2687](https://pkg.go.dev/vuln/GO-2024-2687) was recently published. We need to:
### Go version bump
- [x] main: #17707
- [x] re…