Seeing vulnerabilities for jinja package

Is this a bug report or feature request?

Bug Report

Deviation from expected behavior: docker scout cves rook/ceph:master|grep jinja i New version 1.15.1 available (installed version is 1.14.0) at https://github.com/docker/scout-cli ✓ SBOM of image already cached, 775 packages indexed ✗ Detected 71 vulnerable packages with a total of 1780 vulnerabilities

What's next: View base image update recommendations → docker scout recommendations rook/ceph:master

0C 0H 2M 0L jinja2 2.11.3 pkg:pypi/jinja2@2.11.3 https://scout.docker.com/v/CVE-2024-34064?s=github&n=jinja2&t=pypi&vr=%3C3.1.4 https://scout.docker.com/v/CVE-2024-22195?s=github&n=jinja2&t=pypi&vr=%3C3.1.3 0C 0H 1M 0L python-jinja2 2.11.3-6.el9 pkg:rpm/centos/python-jinja2@2.11.3-6.el9?os_name=centos&os_version=9 https://scout.docker.com/v/CVE-2024-22195?s=redhat&n=python-jinja2&ns=centos&t=rpm&osn=centos&osv=9&vr=%3E%3D0

Expected behavior: No vuls should be seen

How to reproduce it (minimal and precise): run docker scout

File(s) to submit:

Cluster CR (custom resource), typically called cluster.yaml, if necessary

Logs to submit:

docker scout cves rook/ceph:master|grep jinja i New version 1.15.1 available (installed version is 1.14.0) at https://github.com/docker/scout-cli ✓ SBOM of image already cached, 775 packages indexed ✗ Detected 71 vulnerable packages with a total of 1780 vulnerabilities

What's next: View base image update recommendations → docker scout recommendations rook/ceph:master

docker run -it --entrypoint /bin/bash rook/ceph:master [rook@abcd /]$ [rook@abcd /]$ [rook@abcd /]$ [rook@abcd /]$ python3 -c "import jinja2; print(jinja2.version)" 2.11.3

Latest version is 3.1.4 and some of the vulnerabilities are fixed there. Ref: https://scout.docker.com/vulnerabilities/id/CVE-2024-34064?s=github&n=jinja2&t=pypi&vr=%3C3.1.4

rook / rook

Seeing vulnerabilities for jinja package #15007