chore(findings): aiml/jupyter/aiml-notebook
Summary
aiml/jupyter/aiml-notebook has 217 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-35939 | Twistlock CVE | Critical | tensorflow-2.9.0 |
CVE-2022-21797 | Twistlock CVE | Critical | joblib-1.1.0 |
CVE-2022-35938 | Twistlock CVE | Critical | tensorflow-2.9.0 |
CVE-2022-35937 | Twistlock CVE | Critical | tensorflow-2.9.0 |
CVE-2022-36027 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36026 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36019 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36018 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36017 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36016 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36015 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36014 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36013 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36012 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36011 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36005 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36004 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36003 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36002 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36001 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-36000 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35999 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35998 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35997 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35996 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35995 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35994 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35993 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35992 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35991 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35990 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35989 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35988 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35987 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35986 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35985 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35984 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35983 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35982 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35981 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35979 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35974 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35973 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35972 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35971 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35970 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35969 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35968 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35967 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35966 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35965 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35964 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35963 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35960 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35959 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35952 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35941 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35940 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35935 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-35934 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-1941 | Twistlock CVE | High | protobuf-3.11.2 |
GHSA-4w68-4x85-mjj9 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-fqxc-pvf8-2w9v | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-9cr2-8pwr-fhfq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-v5xg-3q2c-c2r4 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-828c-5j5q-vrjq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-397c-5g2j-qxpv | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-79h2-q768-fpxr | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-p7hr-f446-x6qf | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-9v8w-xmr4-wgxp | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-84jm-4cf3-9jfm | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-97p7-w86h-vcf9 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-wxjj-cgcx-r3vq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-v7vw-577f-vp8x | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-qhw4-wwr7-gjc5 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-9j4v-pp28-mxv7 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-qxpx-j395-pw36 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-wq6q-6m32-9rv9 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-2475-53vw-vp25 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-w62h-8xjm-fv49 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-3pgj-pg6c-r5p7 | Anchore CVE | Medium | oauthlib-3.2.0 |
GHSA-689c-r7h2-fv9v | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-9jmq-rx5f-8jwq | Anchore CVE | Medium | nbconvert-6.5.0 |
GHSA-6hrg-qmvc-2xh8 | Anchore CVE | Critical | joblib-1.1.0 |
GHSA-mgmh-g2v6-mqw5 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-mv8m-8x97-937q | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-4pc4-m9mj-v2r9 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-fv43-93gv-vm8f | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-p2xf-8hgm-hpw5 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-m6cv-4fmf-66xf | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-q2c3-jpmc-gfjx | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-wqmc-pm8c-2jhc | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-g9h5-vr8m-x2h4 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-f7r5-q7cx-h668 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-cv2p-32v3-vhwq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-3pgj-pg6c-r5p7 | Anchore CVE | Medium | oauthlib-3.2.0 |
GHSA-ffjm-4qwc-7cmf | Anchore CVE | High | tensorflow-2.9.0 |
GHSA-h7ff-cfc9-wmmh | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-6hrg-qmvc-2xh8 | Anchore CVE | Critical | joblib-1.1.0 |
GHSA-j43h-pgmg-5hjq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-37jf-mjv6-xfqw | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-m6vp-8q9j-whx4 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-pxrw-j2fv-hx3h | Anchore CVE | High | tensorflow-2.9.0 |
GHSA-f4w6-h4f5-wx45 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-g35r-369w-3fqp | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-mh3m-62v7-68xg | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-7j3m-8g3c-9qqq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-rh87-q4vg-m45j | Anchore CVE | Low | tensorflow-2.9.0 |
GHSA-g468-qj8g-vcjc | Anchore CVE | Low | tensorflow-2.9.0 |
GHSA-9942-r22v-78cp | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-9vqj-64pv-w55c | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-x989-q2pq-4q5x | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-vm7x-4qhj-rrcq | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-vgvh-2pf4-jr2x | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-fhfc-2q7x-929f | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-jqm7-m5q7-3hm5 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-vxv8-r8q2-63xw | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-9fpg-838v-wpv7 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-wr9v-g9vf-c74v | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-q5jv-m6qw-5g37 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-r26c-679w-mrjm | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-v6h3-348g-6h5x | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-jvhc-5hhr-w3v5 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-h5vq-gw2c-pq47 | Anchore CVE | Medium | tensorflow-2.9.0 |
b45294a3b2c8e4cfaa64229b1defdc3d | Anchore Compliance | Critical | |
GHSA-w596-4wvx-j9j6 | Anchore CVE | Medium | py-1.11.0 |
GHSA-w596-4wvx-j9j6 | Anchore CVE | Medium | py-1.11.0 |
CVE-2022-39286 | Twistlock CVE | High | jupyter-core-4.10.0 |
GHSA-m678-f26j-3hrp | Anchore CVE | High | jupyter-core-4.10.0 |
GHSA-m678-f26j-3hrp | Anchore CVE | High | jupyter-core-4.10.0 |
GHSA-39hc-v87j-747x | Anchore CVE | Medium | cryptography-37.0.2 |
CVE-2022-45199 | Twistlock CVE | High | pillow-9.1.1 |
CVE-2022-45198 | Twistlock CVE | High | pillow-9.1.1 |
CVE-2022-41902 | Twistlock CVE | Critical | tensorflow-2.9.0 |
CVE-2022-41900 | Twistlock CVE | Critical | tensorflow-2.9.0 |
CVE-2022-41911 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41910 | Twistlock CVE | Critical | tensorflow-2.9.0 |
CVE-2022-41909 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41908 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41907 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41901 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41899 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41898 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41897 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41896 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41895 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41893 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41891 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41890 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41889 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41888 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41887 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41886 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41885 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41884 | Twistlock CVE | High | tensorflow-2.9.0 |
CVE-2022-41880 | Twistlock CVE | Critical | tensorflow-2.9.0 |
GHSA-xf83-q765-xm6m | Twistlock CVE | Low | tensorflow-2.9.0 |
GHSA-cqvq-fvhr-v6hc | Twistlock CVE | Low | tensorflow-2.9.0 |
CVE-2022-41894 | Twistlock CVE | High | tensorflow-2.9.0 |
GHSA-762h-vpvw-3rcx | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-27rc-728f-x5w2 | Anchore CVE | Medium | tensorflow-2.9.0 |
CVE-2022-45199 | Anchore CVE | High | Pillow-9.1.1 |
GHSA-xxcj-rhqg-m46g | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-8fvv-46hw-vpg3 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-m2vv-5vj5-2hm7 | Anchore CVE | High | Pillow-9.1.1 |
GHSA-mv77-9g28-cwg3 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-hq7g-wwwp-q46h | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-h246-cgh4-7475 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-gq2j-cr96-gvqx | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-g9fm-r5mm-rf9f | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-54pp-c6pp-7fpx | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-xf83-q765-xm6m | Anchore CVE | Low | tensorflow-2.9.0 |
GHSA-368v-7v32-52fx | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-xvwp-h6jv-7472 | Anchore CVE | High | tensorflow-2.9.0 |
GHSA-8w5g-3wcv-9g2j | Anchore CVE | Medium | tensorflow-2.9.0 |
CVE-2022-45199 | Anchore CVE | High | Pillow-9.1.1 |
GHSA-67pf-62xr-q35m | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-frqp-wp83-qggv | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-pf36-r9c6-h97j | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-6x99-gv2v-q76v | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-jq6x-99hj-q636 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-cqvq-fvhr-v6hc | Anchore CVE | Low | tensorflow-2.9.0 |
GHSA-f2w8-jw48-fr7j | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-m2vv-5vj5-2hm7 | Anchore CVE | High | Pillow-9.1.1 |
GHSA-66vq-54fq-6jvv | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-rjx6-v474-2ch9 | Anchore CVE | Medium | tensorflow-2.9.0 |
GHSA-cg88-rpvp-cjv5 | Anchore CVE | High | tensorflow-2.9.0 |
GHSA-rmg2-f698-wq35 | Anchore CVE | Medium | tensorflow-2.9.0 |
CVE-2022-45939 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8 |
CVE-2022-45939 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8 |
CVE-2022-45907 | Twistlock CVE | Critical | torch-1.11.0 |
GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2021.10.8 |
GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2022.9.24 |
GHSA-47fc-vmwq-366v | Anchore CVE | Critical | torch-1.11.0 |
GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2021.10.8 |
CVE-2022-37454 | Anchore CVE | Critical | python-3.8.15 |
GHSA-47fc-vmwq-366v | Anchore CVE | Critical | torch-1.11.0 |
CVE-2022-24999 | Twistlock CVE | Medium | nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-24999 | Twistlock CVE | Medium | nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-24999 | Twistlock CVE | Medium | npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-0235 | Twistlock CVE | Medium | npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-0235 | Twistlock CVE | Medium | nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-0235 | Twistlock CVE | Medium | nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2017-15897 | Twistlock CVE | Low | nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2017-15897 | Twistlock CVE | Low | nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2017-15897 | Twistlock CVE | Low | npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-29244 | Anchore CVE | Medium | nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-29244 | Anchore CVE | Medium | nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-29244 | Anchore CVE | Medium | npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74 |
CVE-2022-29244 | Anchore CVE | Medium | nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74 |
GHSA-hcpj-qp55-gfph | Anchore CVE | High | GitPython-3.1.29 |
CVE-2022-40897 | Twistlock CVE | High | setuptools-56.0.0 |
GHSA-r9hx-vwmv-q579 | Anchore CVE | High | setuptools-62.1.0 |
GHSA-qwmp-2cf2-g9g6 | Anchore CVE | High | wheel-0.37.1 |
GHSA-qwmp-2cf2-g9g6 | Anchore CVE | High | wheel-0.37.1 |
GHSA-r9hx-vwmv-q579 | Anchore CVE | High | setuptools-56.0.0 |
GHSA-r9hx-vwmv-q579 | Anchore CVE | High | setuptools-62.1.0 |
VAT: https://vat.dso.mil/vat/image?imageName=aiml/jupyter/aiml-notebook&tag=3.4.7&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/aiml/jupyter/aiml-notebook/-/jobs/13116896
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.