The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
This looks like one of those days where vendors wind up marked as UNKNOWN, which I thought was fixed by the recent changes to the OSV parsing of linked issues. So I'm not sure what's going on here.
@mastersans and @inosmeet -- if these are blocking you from continuing to work / get PRs merged, please go ahead and make a PR that moves those 24 tests into the network-mayfail github actions job and we'll sort them out later.
This looks like one of those days where vendors wind up marked as UNKNOWN, which I thought was fixed by the recent changes to the OSV parsing of linked issues. So I'm not sure what's going on here.
@mastersans and @inosmeet -- if these are blocking you from continuing to work / get PRs merged, please go ahead and make a PR that moves those 24 tests into the network-mayfail github actions job and we'll sort them out later.