Open shawngmc opened 1 year ago
Is this a request for help?: No.
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable: Anchore Engine v1.1.0 Scanned via Grype 0.53.1
What happened: The image has 383 vulnerabilities.
What did you expect to happen: Minimal vulnerabilities, if any
Any relevant log output from /var/log/anchore: N/A
What docker images are you using: anchore/anchore-engine:v1.1.0
How to reproduce the issue: grype docker.io/anchore/anchore-engine
Anything else we need to know:
$ grype docker.io/anchore/anchore-engine:v1.1.0 ✔ Vulnerability DB [no update available] ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [553 packages] ✔ Scanned image [383 vulnerabilities] [0027] WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY Twisted 20.3.0 22.10.0rc1 python GHSA-vg46-2rrj-3647 Medium Twisted 20.3.0 22.1 python GHSA-92x2-jw7w-xvvx High Twisted 20.3.0 22.4.0 python GHSA-c2jg-hw38-jrqq High bzip2-libs 1.0.6-26.el8 (won't fix) rpm CVE-2019-12900 Low cryptsetup-libs 2.3.3-4.el8 0:2.3.3-4.el8_5.1 rpm CVE-2021-4122 Medium curl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-27776 Medium curl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-22576 Medium curl 7.61.1-22.el8 rpm CVE-2022-35252 Low curl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-27774 Medium curl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-27782 Medium curl 7.61.1-22.el8 0:7.61.1-22.el8_6.4 rpm CVE-2022-32206 Medium curl 7.61.1-22.el8 0:7.61.1-22.el8_6.4 rpm CVE-2022-32208 Medium cyrus-sasl-lib 2.1.27-5.el8 0:2.1.27-6.el8_5 rpm CVE-2022-24407 High dbus 1:1.12.8-14.el8 rpm CVE-2022-42012 Medium dbus 1:1.12.8-14.el8 rpm CVE-2022-42011 Medium dbus 1:1.12.8-14.el8 (won't fix) rpm CVE-2020-35512 Low dbus 1:1.12.8-14.el8 rpm CVE-2022-42010 Medium dbus-common 1:1.12.8-14.el8 rpm CVE-2022-42012 Medium dbus-common 1:1.12.8-14.el8 rpm CVE-2022-42011 Medium dbus-common 1:1.12.8-14.el8 (won't fix) rpm CVE-2020-35512 Low dbus-common 1:1.12.8-14.el8 rpm CVE-2022-42010 Medium dbus-daemon 1:1.12.8-14.el8 rpm CVE-2022-42012 Medium dbus-daemon 1:1.12.8-14.el8 (won't fix) rpm CVE-2020-35512 Low dbus-daemon 1:1.12.8-14.el8 rpm CVE-2022-42011 Medium dbus-daemon 1:1.12.8-14.el8 rpm CVE-2022-42010 Medium dbus-libs 1:1.12.8-14.el8 (won't fix) rpm CVE-2020-35512 Low dbus-libs 1:1.12.8-14.el8 rpm CVE-2022-42011 Medium dbus-libs 1:1.12.8-14.el8 rpm CVE-2022-42012 Medium dbus-libs 1:1.12.8-14.el8 rpm CVE-2022-42010 Medium dbus-tools 1:1.12.8-14.el8 (won't fix) rpm CVE-2020-35512 Low dbus-tools 1:1.12.8-14.el8 rpm CVE-2022-42011 Medium dbus-tools 1:1.12.8-14.el8 rpm CVE-2022-42012 Medium dbus-tools 1:1.12.8-14.el8 rpm CVE-2022-42010 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-25236 High expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-25315 High expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2021-46143 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2021-45960 Medium expat 2.2.5-4.el8 (won't fix) rpm CVE-2022-23990 Low expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-22824 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-22823 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-23852 Medium expat 2.2.5-4.el8 rpm CVE-2022-43680 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-25235 High expat 2.2.5-4.el8 0:2.2.5-8.el8_6.3 rpm CVE-2022-40674 High expat 2.2.5-4.el8 0:2.2.5-8.el8_6.2 rpm CVE-2022-25314 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-22827 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-22825 Medium expat 2.2.5-4.el8 0:2.2.5-8.el8_6.2 rpm CVE-2022-25313 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-22822 Medium expat 2.2.5-4.el8 0:2.2.5-4.el8_5.3 rpm CVE-2022-22826 Medium file-libs 5.33-20.el8 (won't fix) rpm CVE-2019-8905 Low file-libs 5.33-20.el8 (won't fix) rpm CVE-2019-8906 Low gdb-gdbserver 8.2-16.el8 rpm CVE-2021-3826 Low github.com/containerd/containerd v1.4.11 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High github.com/containerd/containerd v1.3.4 1.4.12 go-module GHSA-5j5w-g665-5m35 Low github.com/containerd/containerd v1.3.4 1.4.11 go-module GHSA-c2h3-6mxw-7mvq Medium github.com/containerd/containerd v1.3.4 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium github.com/containerd/containerd v1.4.11 1.4.12 go-module GHSA-5j5w-g665-5m35 Low github.com/containerd/containerd v1.4.11 1.5.13 go-module GHSA-5ffw-gxpp-mxpf Medium github.com/containerd/containerd v1.3.4 1.4.8 go-module GHSA-c72p-9xmj-rx3w Medium github.com/containerd/containerd v1.3.4 1.4.13 go-module GHSA-crp2-qrr5-8pq7 High github.com/containerd/containerd v1.3.4 1.3.9 go-module GHSA-36xw-fx78-c5r4 Medium github.com/docker/distribution v2.7.1+incompatible 2.8.0 go-module GHSA-qq97-vm5h-rrhg Low github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2021-21284 Medium github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2018-10892 Medium github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2021-21285 Medium github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2019-13139 High github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2019-5736 High github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2019-16884 High github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2019-13509 High github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible go-module CVE-2020-27534 Medium github.com/gogo/protobuf v1.3.1 1.3.2 go-module GHSA-c3h9-896r-86jm High github.com/hashicorp/go-getter v1.4.1 go-module CVE-2022-29810 Medium github.com/hashicorp/go-getter v1.4.1 1.6.1 go-module GHSA-fcgg-rvwg-jv58 High github.com/hashicorp/go-getter v1.4.1 1.5.11 go-module GHSA-27rq-4943-qcwp Medium github.com/hashicorp/go-getter v1.4.1 go-module CVE-2022-30321 High github.com/hashicorp/go-getter v1.4.1 1.6.1 go-module GHSA-x24g-9w7v-vprh Critical github.com/hashicorp/go-getter v1.4.1 1.6.1 go-module GHSA-cjr4-fv6c-f3mv High github.com/hashicorp/go-getter v1.4.1 go-module CVE-2022-30322 High github.com/hashicorp/go-getter v1.4.1 go-module CVE-2022-30323 High github.com/hashicorp/go-getter v1.4.1 go-module CVE-2022-26945 Critical github.com/hashicorp/go-getter v1.4.1 1.6.1 go-module GHSA-28r2-q6m8-9hpx High github.com/opencontainers/image-spec v1.0.1 1.0.2 go-module GHSA-77vh-xpmg-72qh Low github.com/opencontainers/runc v0.1.1 1.0.0-rc95 go-module GHSA-c3xm-pvg7-gh7r High github.com/opencontainers/runc v0.1.1 1.0.0-rc9 go-module GHSA-fgv8-vj5c-2ppq High github.com/opencontainers/runc v0.1.1 1.0.0-rc3 go-module GHSA-gp4j-w3vj-7299 Medium github.com/opencontainers/runc v0.1.1 1.0.0-rc91 go-module GHSA-g54h-m393-cpwq Low github.com/opencontainers/runc v0.1.1 1.1.2 go-module GHSA-f3fp-gc8g-vw66 Medium github.com/opencontainers/runc v0.1.1 1.0.3 go-module GHSA-v95c-p5hm-xq8f Medium glib2 2.56.4-156.el8 (won't fix) rpm CVE-2018-16428 Low glibc 2.28-164.el8 (won't fix) rpm CVE-2019-1010022 Unknown glibc 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2021-3999 Medium glibc 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23218 Medium glibc 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23219 Medium glibc-common 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23219 Medium glibc-common 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2021-3999 Medium glibc-common 2.28-164.el8 (won't fix) rpm CVE-2019-1010022 Unknown glibc-common 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23218 Medium glibc-langpack-en 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23218 Medium glibc-langpack-en 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2021-3999 Medium glibc-langpack-en 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23219 Medium glibc-langpack-en 2.28-164.el8 (won't fix) rpm CVE-2019-1010022 Unknown glibc-minimal-langpack 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23219 Medium glibc-minimal-langpack 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2022-23218 Medium glibc-minimal-langpack 2.28-164.el8 0:2.28-164.el8_5.3 rpm CVE-2021-3999 Medium glibc-minimal-langpack 2.28-164.el8 (won't fix) rpm CVE-2019-1010022 Unknown gmp 1:6.1.2-10.el8 (won't fix) rpm CVE-2021-43618 Low gnupg2 2.2.20-2.el8 0:2.2.20-3.el8_6 rpm CVE-2022-34903 Medium gnupg2 2.2.20-2.el8 rpm CVE-2022-3219 Low gnutls 3.6.16-4.el8 (won't fix) rpm CVE-2021-4209 Low gnutls 3.6.16-4.el8 0:3.6.16-5.el8_6 rpm CVE-2022-2509 Medium google.golang.org/protobuf v1.24.0 go-module CVE-2015-5237 High google.golang.org/protobuf v1.24.0 go-module CVE-2021-22570 Medium gzip 1.9-12.el8 0:1.9-13.el8_5 rpm CVE-2022-1271 High krb5-libs 1.18.2-14.el8 rpm CVE-2022-42898 High krb5-libs 1.18.2-14.el8 (won't fix) rpm CVE-2020-17049 Medium libarchive 3.3.3-1.el8 (won't fix) rpm CVE-2018-1000879 Low libarchive 3.3.3-1.el8 rpm CVE-2017-14501 Low libarchive 3.3.3-1.el8 0:3.3.3-3.el8_5 rpm CVE-2021-31566 Medium libarchive 3.3.3-1.el8 rpm CVE-2017-14166 Low libarchive 3.3.3-1.el8 0:3.3.3-3.el8_5 rpm CVE-2021-23177 Medium libarchive 3.3.3-1.el8 (won't fix) rpm CVE-2018-1000880 Low libarchive 3.3.3-1.el8 rpm CVE-2022-36227 Low libarchive 3.3.3-1.el8 (won't fix) rpm CVE-2020-21674 Medium libcom_err 1.45.6-2.el8 0:1.45.6-5.el8 rpm CVE-2022-1304 Medium libcurl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-27776 Medium libcurl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-27774 Medium libcurl 7.61.1-22.el8 0:7.61.1-22.el8_6.4 rpm CVE-2022-32206 Medium libcurl 7.61.1-22.el8 0:7.61.1-22.el8_6.4 rpm CVE-2022-32208 Medium libcurl 7.61.1-22.el8 rpm CVE-2022-35252 Low libcurl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-22576 Medium libcurl 7.61.1-22.el8 0:7.61.1-22.el8_6.3 rpm CVE-2022-27782 Medium libgcc 8.5.0-4.el8_5 rpm CVE-2022-27943 Low libgcc 8.5.0-4.el8_5 (won't fix) rpm CVE-2018-20657 Low libgcc 8.5.0-4.el8_5 (won't fix) rpm CVE-2021-42694 Medium libgcc 8.5.0-4.el8_5 (won't fix) rpm CVE-2019-14250 Low libgcrypt 1.8.5-6.el8 (won't fix) rpm CVE-2019-12904 Medium libgcrypt 1.8.5-6.el8 0:1.8.5-7.el8_6 rpm CVE-2021-40528 Medium libksba 1.3.5-7.el8 0:1.3.5-8.el8_6 rpm CVE-2022-3515 High libpq 13.3-1.el8_4 0:13.5-1.el8 rpm CVE-2021-23222 Low libslirp 4.4.0-1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-3595 Low libslirp 4.4.0-1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-3593 Low libslirp 4.4.0-1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-3592 Low libslirp 4.4.0-1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-3594 Low libsolv 0.7.19-1.el8 rpm CVE-2021-44568 Low libssh 0.9.4-3.el8 0:0.9.6-3.el8 rpm CVE-2021-3634 Low libssh-config 0.9.4-3.el8 0:0.9.6-3.el8 rpm CVE-2021-3634 Low libstdc++ 8.5.0-4.el8_5 rpm CVE-2022-27943 Low libstdc++ 8.5.0-4.el8_5 (won't fix) rpm CVE-2019-14250 Low libstdc++ 8.5.0-4.el8_5 (won't fix) rpm CVE-2018-20657 Low libstdc++ 8.5.0-4.el8_5 (won't fix) rpm CVE-2021-42694 Medium libtasn1 4.13-3.el8 rpm CVE-2021-46848 Medium libtasn1 4.13-3.el8 (won't fix) rpm CVE-2018-1000654 Low libtirpc 1.1.4-5.el8 0:1.1.4-6.el8 rpm CVE-2021-46828 Medium libxml2 2.9.7-9.el8_4.2 0:2.9.7-13.el8_6.1 rpm CVE-2022-29824 Medium libxml2 2.9.7-9.el8_4.2 rpm CVE-2022-40304 Medium libxml2 2.9.7-9.el8_4.2 0:2.9.7-12.el8_5 rpm CVE-2022-23308 Medium libxml2 2.9.7-9.el8_4.2 0:2.9.7-15.el8 rpm CVE-2016-3709 Medium libxml2 2.9.7-9.el8_4.2 rpm CVE-2022-40303 Medium libzstd 1.4.4-1.el8 (won't fix) rpm CVE-2021-24032 Low lz4-libs 1.8.3-3.el8_4 (won't fix) rpm CVE-2019-17543 Medium ncurses-base 6.1-9.20180224.el8 (won't fix) rpm CVE-2021-39537 Medium ncurses-base 6.1-9.20180224.el8 (won't fix) rpm CVE-2018-19217 Low ncurses-base 6.1-9.20180224.el8 (won't fix) rpm CVE-2018-19211 Low ncurses-libs 6.1-9.20180224.el8 (won't fix) rpm CVE-2018-19217 Low ncurses-libs 6.1-9.20180224.el8 (won't fix) rpm CVE-2021-39537 Medium ncurses-libs 6.1-9.20180224.el8 (won't fix) rpm CVE-2018-19211 Low openssl 1:1.1.1k-4.el8 1:1.1.1k-5.el8_5 rpm CVE-2021-3712 Medium openssl 1:1.1.1k-4.el8 1:1.1.1k-7.el8_6 rpm CVE-2022-1292 Medium openssl 1:1.1.1k-4.el8 1:1.1.1k-7.el8_6 rpm CVE-2022-2097 Medium openssl 1:1.1.1k-4.el8 1:1.1.1k-7.el8_6 rpm CVE-2022-2068 Medium openssl 1:1.1.1k-4.el8 1:1.1.1k-6.el8_5 rpm CVE-2022-0778 High openssl-libs 1:1.1.1k-4.el8 1:1.1.1k-5.el8_5 rpm CVE-2021-3712 Medium openssl-libs 1:1.1.1k-4.el8 1:1.1.1k-7.el8_6 rpm CVE-2022-2068 Medium openssl-libs 1:1.1.1k-4.el8 1:1.1.1k-7.el8_6 rpm CVE-2022-2097 Medium openssl-libs 1:1.1.1k-4.el8 1:1.1.1k-7.el8_6 rpm CVE-2022-1292 Medium openssl-libs 1:1.1.1k-4.el8 1:1.1.1k-6.el8_5 rpm CVE-2022-0778 High oslo.utils 4.12.0 python CVE-2022-0718 Medium pcre2 10.32-2.el8 0:10.32-3.el8_6 rpm CVE-2022-1586 Medium pip 19.3.1 21.1 python GHSA-5xp3-jfq3-5q8x Medium pip 9.0.3 19.2 python GHSA-gpvv-69j7-gwj8 High pip 9.0.3 21.1 python GHSA-5xp3-jfq3-5q8x Medium pip 21.0.1 21.1 python GHSA-5xp3-jfq3-5q8x Medium platform-python 3.6.8-41.el8 rpm CVE-2020-10735 Medium platform-python 3.6.8-41.el8 rpm CVE-2021-28861 Medium platform-python 3.6.8-41.el8 0:3.6.8-45.el8 rpm CVE-2021-3737 Low platform-python 3.6.8-41.el8 (won't fix) rpm CVE-2019-9674 Low platform-python 3.6.8-41.el8 0:3.6.8-47.el8_6 rpm CVE-2022-0391 Medium platform-python 3.6.8-41.el8 rpm CVE-2007-4559 Medium platform-python 3.6.8-41.el8 0:3.6.8-45.el8 rpm CVE-2021-4189 Medium platform-python 3.6.8-41.el8 rpm CVE-2022-45061 Medium platform-python 3.6.8-41.el8 0:3.6.8-47.el8_6 rpm CVE-2015-20107 Medium platform-python-pip 9.0.3-20.el8 (won't fix) rpm CVE-2018-20225 Low procps-ng 3.3.15-6.el8 (won't fix) rpm CVE-2018-1121 Low protobuf-c 1.3.0-6.el8 rpm CVE-2022-33070 Low python3-libs 3.6.8-41.el8 (won't fix) rpm CVE-2019-9674 Low python3-libs 3.6.8-41.el8 rpm CVE-2020-10735 Medium python3-libs 3.6.8-41.el8 0:3.6.8-45.el8 rpm CVE-2021-3737 Low python3-libs 3.6.8-41.el8 rpm CVE-2021-28861 Medium python3-libs 3.6.8-41.el8 rpm CVE-2007-4559 Medium python3-libs 3.6.8-41.el8 0:3.6.8-45.el8 rpm CVE-2021-4189 Medium python3-libs 3.6.8-41.el8 0:3.6.8-47.el8_6 rpm CVE-2022-0391 Medium python3-libs 3.6.8-41.el8 rpm CVE-2022-45061 Medium python3-libs 3.6.8-41.el8 0:3.6.8-47.el8_6 rpm CVE-2015-20107 Medium python3-libxml2 2.9.7-9.el8_4.2 0:2.9.7-15.el8 rpm CVE-2016-3709 Medium python3-libxml2 2.9.7-9.el8_4.2 0:2.9.7-12.el8_5 rpm CVE-2022-23308 Medium python3-libxml2 2.9.7-9.el8_4.2 rpm CVE-2022-40304 Medium python3-libxml2 2.9.7-9.el8_4.2 0:2.9.7-13.el8_6.1 rpm CVE-2022-29824 Medium python3-libxml2 2.9.7-9.el8_4.2 rpm CVE-2022-40303 Medium python3-pip-wheel 9.0.3-20.el8 (won't fix) rpm CVE-2018-20225 Low python3-rpm 4.14.3-19.el8 rpm CVE-2021-35937 Medium python3-rpm 4.14.3-19.el8 rpm CVE-2021-35938 Medium python3-rpm 4.14.3-19.el8 0:4.14.3-19.el8_5.2 rpm CVE-2021-3521 Medium python3-rpm 4.14.3-19.el8 rpm CVE-2021-35939 Medium python3-unbound 1.7.3-17.el8 rpm CVE-2022-3204 Medium python3-unbound 1.7.3-17.el8 (won't fix) rpm CVE-2019-25033 Medium python3-unbound 1.7.3-17.el8 0:1.16.2-2.el8 rpm CVE-2022-30698 Medium python3-unbound 1.7.3-17.el8 0:1.16.2-2.el8 rpm CVE-2022-30699 Medium python3-unbound 1.7.3-17.el8 (won't fix) rpm CVE-2019-16866 Low python38 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2007-4559 Medium python38 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2020-10735 Medium python38 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2021-28861 Medium python38 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2022-45061 Medium python38-libs 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2022-45061 Medium python38-libs 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2007-4559 Medium python38-libs 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2020-10735 Medium python38-libs 3.8.8-4.module+el8.5.0+12205+a865257a rpm CVE-2021-28861 Medium rpm 4.14.3 python CVE-2021-35939 High rpm 4.14.3 python CVE-2021-35938 High rpm 4.14.3-19.el8 rpm CVE-2021-35937 Medium rpm 4.14.3-19.el8 rpm CVE-2021-35938 Medium rpm 4.14.3-19.el8 rpm CVE-2021-35939 Medium rpm 4.14.3 python CVE-2021-3521 Medium rpm 4.14.3 python CVE-2021-3421 Medium rpm 4.14.3-19.el8 0:4.14.3-19.el8_5.2 rpm CVE-2021-3521 Medium rpm 4.14.3 python CVE-2021-20266 Medium rpm 4.14.3 python CVE-2021-35937 Medium rpm-build-libs 4.14.3-19.el8 rpm CVE-2021-35937 Medium rpm-build-libs 4.14.3-19.el8 rpm CVE-2021-35939 Medium rpm-build-libs 4.14.3-19.el8 rpm CVE-2021-35938 Medium rpm-build-libs 4.14.3-19.el8 0:4.14.3-19.el8_5.2 rpm CVE-2021-3521 Medium rpm-libs 4.14.3-19.el8 rpm CVE-2021-35939 Medium rpm-libs 4.14.3-19.el8 0:4.14.3-19.el8_5.2 rpm CVE-2021-3521 Medium rpm-libs 4.14.3-19.el8 rpm CVE-2021-35937 Medium rpm-libs 4.14.3-19.el8 rpm CVE-2021-35938 Medium runc 1.0.2-1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-43784 Low runc 1.0.2-1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30630 Medium runc 1.0.2-1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30631 Medium runc 1.0.2-1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30632 Medium runc 1.0.2-1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-32189 Low runc 1.0.2-1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-41715 Medium runc 1.0.2-1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30629 Low runc 1.0.2-1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-34558 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-1962 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-32148 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-34558 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-41715 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30631 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30630 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-33198 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2021-3114 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-27664 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2020-28362 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-32189 Low skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-2880 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30632 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 (won't fix) rpm CVE-2020-8945 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-1705 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-2879 Medium skopeo 1:1.4.2-0.1.module+el8.5.0+12582+56d94c81 rpm CVE-2022-30629 Low sqlite-libs 3.26.0-15.el8 (won't fix) rpm CVE-2019-19244 Low sqlite-libs 3.26.0-15.el8 0:3.26.0-16.el8_6 rpm CVE-2020-35527 Medium sqlite-libs 3.26.0-15.el8 rpm CVE-2022-35737 Medium sqlite-libs 3.26.0-15.el8 (won't fix) rpm CVE-2019-9936 Low sqlite-libs 3.26.0-15.el8 (won't fix) rpm CVE-2019-9937 Low sqlite-libs 3.26.0-15.el8 0:3.26.0-16.el8_6 rpm CVE-2020-35525 Low systemd 239-51.el8 (won't fix) rpm CVE-2021-3997 Medium systemd 239-51.el8 0:239-58.el8_6.4 rpm CVE-2022-2526 High systemd 239-51.el8 (won't fix) rpm CVE-2018-20839 Medium systemd 239-51.el8 rpm CVE-2022-3821 Medium systemd-libs 239-51.el8 (won't fix) rpm CVE-2018-20839 Medium systemd-libs 239-51.el8 rpm CVE-2022-3821 Medium systemd-libs 239-51.el8 0:239-58.el8_6.4 rpm CVE-2022-2526 High systemd-libs 239-51.el8 (won't fix) rpm CVE-2021-3997 Medium systemd-pam 239-51.el8 (won't fix) rpm CVE-2018-20839 Medium systemd-pam 239-51.el8 (won't fix) rpm CVE-2021-3997 Medium systemd-pam 239-51.el8 0:239-58.el8_6.4 rpm CVE-2022-2526 High systemd-pam 239-51.el8 rpm CVE-2022-3821 Medium tar 2:1.30-5.el8 (won't fix) rpm CVE-2005-2541 Medium tar 2:1.30-5.el8 (won't fix) rpm CVE-2019-9923 Low tar 2:1.30-5.el8 (won't fix) rpm CVE-2021-20193 Medium unbound-libs 1.7.3-17.el8 (won't fix) rpm CVE-2019-16866 Low unbound-libs 1.7.3-17.el8 0:1.16.2-2.el8 rpm CVE-2022-30698 Medium unbound-libs 1.7.3-17.el8 0:1.16.2-2.el8 rpm CVE-2022-30699 Medium unbound-libs 1.7.3-17.el8 (won't fix) rpm CVE-2019-25033 Medium unbound-libs 1.7.3-17.el8 rpm CVE-2022-3204 Medium urllib3 1.24.2 python CVE-2019-11236 Medium urllib3 1.24.2 python CVE-2021-33503 High urllib3 1.24.2 1.24.3 python GHSA-r64q-w8jr-g9qp Medium urllib3 1.24.2 1.25.9 python GHSA-wqvq-5m8c-6g24 Medium urllib3 1.24.2 python CVE-2020-26137 Medium vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.13 rpm CVE-2022-1154 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2126 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3256 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2286 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2175 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2819 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.12 rpm CVE-2022-0361 Medium vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2021-3974 Low vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2021-46059 Unknown vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3235 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3296 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2206 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2287 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.12 rpm CVE-2022-0261 Medium vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2022-1619 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2345 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2923 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3037 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2946 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2125 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2980 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2849 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.12 rpm CVE-2022-0359 Medium vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.12 rpm CVE-2022-0392 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3705 Low vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2021-3927 Low vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2021-4166 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.4 rpm CVE-2021-4192 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2284 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.12 rpm CVE-2022-0318 Medium vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2022-1720 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2124 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.12 rpm CVE-2022-0413 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2845 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3352 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.4 rpm CVE-2021-4193 Medium vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.4 rpm CVE-2021-3984 Medium vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-19.el8_6.4 rpm CVE-2022-1785 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2207 Low vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2022-0351 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-19.el8_6.4 rpm CVE-2022-1927 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2208 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3153 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-19.el8_6.4 rpm CVE-2022-1897 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2344 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2285 Low vim-minimal 2:8.0.1763-16.el8 (won't fix) rpm CVE-2018-20786 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2343 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.4 rpm CVE-2021-3872 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2129 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2182 Low vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-3234 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-19.el8_6.2 rpm CVE-2022-1629 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2183 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-19.el8_6.2 rpm CVE-2022-1621 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2522 Low vim-minimal 2:8.0.1763-16.el8 2:8.0.1763-16.el8_5.4 rpm CVE-2021-4019 Medium vim-minimal 2:8.0.1763-16.el8 rpm CVE-2022-2210 Low xz-libs 5.2.4-3.el8 0:5.2.4-4.el8_6 rpm CVE-2022-1271 High zlib 1.2.11-17.el8 0:1.2.11-18.el8_5 rpm CVE-2018-25032 High zlib 1.2.11-17.el8 0:1.2.11-19.el8_6 rpm CVE-2022-37434 Medium
Is this a request for help?: No.
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable: Anchore Engine v1.1.0 Scanned via Grype 0.53.1
What happened: The image has 383 vulnerabilities.
What did you expect to happen: Minimal vulnerabilities, if any
Any relevant log output from /var/log/anchore: N/A
What docker images are you using: anchore/anchore-engine:v1.1.0
How to reproduce the issue: grype docker.io/anchore/anchore-engine
Anything else we need to know: