chore(findings): opensource/debezium

Summary

opensource/debezium has 671 new findings discovered during continuous monitoring.

Layer: opensource/debian/java-21:21.0.7 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/debezium&tag=3.1.1.Final&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2023-44487	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.94414	true
CVE-2023-44487	Anchore CVE	High	grpc-google-cloud-pubsublite-v1-1.12.8	0.94414	true
CVE-2023-33246	Anchore CVE	Critical	rocketmq-proto-2.0.3	0.94362	true
CVE-2022-1471	Twistlock CVE	Critical	org.yaml_snakeyaml-1.26	0.93849	false
CVE-2022-1471	Twistlock CVE	Critical	org.yaml_snakeyaml-1.29	0.93849	false
CVE-2022-1471	Twistlock CVE	Critical	org.yaml_snakeyaml-1.30	0.93849	false
CVE-2021-28169	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.92092	false
CVE-2021-28169	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.92092	false
CVE-2023-37582	Anchore CVE	Critical	rocketmq-proto-2.0.3	0.88376	false
CVE-2023-26048	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.36142	false
CVE-2023-26048	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.36142	false
CVE-2020-27223	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.28074	false
CVE-2020-27223	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.28074	false
CVE-2019-10241	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.21602	false
CVE-2019-10241	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.21602	false
CVE-2016-5397	Twistlock CVE	High	libthrift-0.9.2	0.07814	false
CVE-2016-5397	Anchore CVE	High	libthrift-0.9.2	0.07814	false
CVE-2019-10247	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.05572	false
CVE-2019-10247	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.05572	false
CVE-2021-28165	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Twistlock CVE	High	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.04692	false
CVE-2021-28165	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.04692	false
CVE-2015-3254	Twistlock CVE	Medium	libthrift-0.9.2	0.02686	false
CVE-2015-3254	Anchore CVE	Medium	libthrift-0.9.2	0.02686	false
CVE-2023-40167	Twistlock CVE	Medium	org.eclipse.jetty_jetty-http-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	0.02542	false
CVE-2023-40167	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.02542	false
CVE-2019-16869	Twistlock CVE	High	io.netty_netty-all-4.0.44.Final	0.01901	false
CVE-2020-7768	Anchore CVE	Critical	grpc-google-cloud-pubsublite-v1-1.12.8	0.01836	false
CVE-2022-25647	Twistlock CVE	High	com.google.code.gson_gson-2.8.6	0.01666	false
CVE-2024-47561	Twistlock CVE	Critical	org.apache.avro_avro-1.10.1	0.01594	false
CVE-2024-47561	Twistlock CVE	Critical	org.apache.avro_avro-1.10.2	0.01594	false
CVE-2022-2048	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01411	false
CVE-2022-2048	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01411	false
CVE-2019-10246	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.01235	false
CVE-2023-36478	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01086	false
CVE-2023-36478	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.01086	false
CVE-2022-2047	Twistlock CVE	Low	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Twistlock CVE	Low	org.eclipse.jetty_jetty-http-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00878	false
CVE-2022-2047	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00878	false
CVE-2024-9823	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00803	false
CVE-2023-34453	Anchore CVE	High	snappy-java-1.1.1.7	0.00796	false
CVE-2022-45688	Twistlock CVE	High	org.json_json-20211205	0.00705	false
CVE-2019-0205	Twistlock CVE	High	libthrift-0.9.2	0.00698	false
CVE-2018-11798	Twistlock CVE	Medium	libthrift-0.9.2	0.00629	false
CVE-2023-36479	Twistlock CVE	Low	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-server-9.4.12.v20180830	0.00627	false
CVE-2023-36479	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00627	false
CVE-2023-34462	Twistlock CVE	Medium	io.netty_netty-handler-4.1.77.Final	0.00563	false
CVE-2021-34428	Twistlock CVE	Low	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Twistlock CVE	Low	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-http-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-servlet-9.4.12.v20180830	0.00557	false
CVE-2021-34428	Anchore CVE	Low	jetty-io-9.4.12.v20180830	0.00557	false
CVE-2022-38749	Twistlock CVE	Medium	org.yaml_snakeyaml-1.29	0.00534	false
CVE-2022-38749	Twistlock CVE	Medium	org.yaml_snakeyaml-1.26	0.00534	false
CVE-2022-38749	Twistlock CVE	Medium	org.yaml_snakeyaml-1.30	0.00534	false
CVE-2023-5072	Twistlock CVE	High	org.json_json-20211205	0.00525	false
CVE-2023-34455	Anchore CVE	High	snappy-java-1.1.1.7	0.00447	false
CVE-2024-26308	Twistlock CVE	Medium	org.apache.commons_commons-compress-1.21	0.00430	false
CVE-2023-46120	Twistlock CVE	Medium	com.rabbitmq_amqp-client-5.16.0	0.00421	false
CVE-2023-6378	Twistlock CVE	High	ch.qos.logback_logback-core-1.3.5	0.00385	false
CVE-2023-6378	Twistlock CVE	High	ch.qos.logback_logback-classic-1.3.5	0.00385	false
CVE-2025-23015	Twistlock CVE	Low	cassandra-all-5.0.2	0.00372	false
CVE-2025-23015	Twistlock CVE	Low	cassandra-all-4.1.7	0.00372	false
CVE-2025-23015	Twistlock CVE	Low	cassandra-all-3.11.12	0.00372	false
CVE-2020-27218	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00352	false
CVE-2020-27218	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00352	false
CVE-2023-3635	Twistlock CVE	Medium	okio-jvm-3.0.0	0.00335	false
CVE-2022-25857	Twistlock CVE	High	org.yaml_snakeyaml-1.29	0.00299	false
CVE-2022-25857	Twistlock CVE	High	org.yaml_snakeyaml-1.30	0.00299	false
CVE-2022-25857	Twistlock CVE	High	org.yaml_snakeyaml-1.26	0.00299	false
CVE-2024-22201	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00293	false
CVE-2023-33201	Twistlock CVE	Medium	org.bouncycastle_bcprov-ext-jdk15on-1.69.00.0	0.00289	false
CVE-2023-33201	Twistlock CVE	Medium	org.bouncycastle_bcprov-jdk15on-1.69.0	0.00289	false
CVE-2023-26049	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Twistlock CVE	Low	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00263	false
CVE-2023-26049	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00263	false
CVE-2025-48924	Twistlock CVE	Medium	commons-lang_commons-lang-2.6	0.00258	false
CVE-2025-48924	Twistlock CVE	Medium	org.apache.commons_commons-lang3-3.14.0	0.00258	false
CVE-2025-48924	Twistlock CVE	Medium	org.apache.commons_commons-lang3-3.13.0	0.00258	false
CVE-2025-48924	Twistlock CVE	Medium	org.apache.commons_commons-lang3-3.1	0.00258	false
CVE-2025-48924	Twistlock CVE	Medium	org.apache.commons_commons-lang3-3.11	0.00258	false
CVE-2025-27818	Anchore CVE	High	kafka-clients-3.9.0	0.00226	false
CVE-2025-27818	Anchore CVE	High	kafka-clients-3.9.0	0.00226	false
CVE-2025-27818	Anchore CVE	High	kafka-clients-3.9.0	0.00226	false
CVE-2025-27818	Anchore CVE	High	kafka-clients-3.9.0	0.00226	false
CVE-2025-1634	Twistlock CVE	High	io.quarkus_quarkus-resteasy-3.15.3	0.00215	false
CVE-2024-47554	Twistlock CVE	Low	commons-io_commons-io-2.8.0	0.00213	false
CVE-2022-38752	Twistlock CVE	Medium	org.yaml_snakeyaml-1.29	0.00209	false
CVE-2022-38752	Twistlock CVE	Medium	org.yaml_snakeyaml-1.26	0.00209	false
CVE-2022-38752	Twistlock CVE	Medium	org.yaml_snakeyaml-1.30	0.00209	false
CVE-2024-29857	Twistlock CVE	Medium	org.bouncycastle_bcprov-jdk15on-1.69.0	0.00203	false
CVE-2023-34454	Anchore CVE	High	snappy-java-1.1.1.7	0.00201	false
CVE-2024-12798	Twistlock CVE	Medium	ch.qos.logback_logback-core-1.2.13	0.00186	false
CVE-2024-12798	Twistlock CVE	Medium	ch.qos.logback_logback-core-1.3.5	0.00186	false
CVE-2022-42004	Twistlock CVE	High	com.fasterxml.jackson.core_jackson-databind-2.13.2.1	0.00181	false
CVE-2025-50106	Twistlock CVE	High	java-21.0.7	0.00174	false
CVE-2025-30749	Twistlock CVE	High	java-21.0.7	0.00174	false
CVE-2022-38751	Twistlock CVE	Medium	org.yaml_snakeyaml-1.29	0.00173	false
CVE-2022-38751	Twistlock CVE	Medium	org.yaml_snakeyaml-1.26	0.00173	false
CVE-2022-38751	Twistlock CVE	Medium	org.yaml_snakeyaml-1.30	0.00173	false
CVE-2024-53990	Twistlock CVE	Critical	org.asynchttpclient_async-http-client-2.12.1	0.00170	false
CVE-2022-42003	Twistlock CVE	High	com.fasterxml.jackson.core_jackson-databind-2.13.2.1	0.00169	false
CVE-2022-33684	Anchore CVE	High	pulsar-client-messagecrypto-bc-2.10.1	0.00166	false
CVE-2022-33684	Anchore CVE	High	pulsar-client-admin-api-2.10.1	0.00166	false
CVE-2022-33684	Anchore CVE	High	pulsar-common-2.10.1	0.00166	false
CVE-2022-33684	Anchore CVE	High	pulsar-client-original-2.10.1	0.00166	false
CVE-2022-33684	Anchore CVE	High	pulsar-client-2.10.1	0.00166	false
CVE-2022-33684	Anchore CVE	High	pulsar-client-api-2.10.1	0.00166	false
CVE-2022-33684	Anchore CVE	High	pulsar-transaction-common-2.10.1	0.00166	false
CVE-2020-27216	Twistlock CVE	High	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00164	false
CVE-2020-27216	Anchore CVE	High	jetty-server-9.4.12.v20180830	0.00164	false
CVE-2025-24970	Twistlock CVE	High	io.netty_netty-handler-4.1.115.Final	0.00156	false
CVE-2024-43126	Anchore CVE	High	opentelemetry-exporter-sender-okhttp-1.39.0	0.00141	false
CVE-2022-32531	Anchore CVE	Medium	bookkeeper-common-allocator-4.14.5	0.00125	false
CVE-2025-46392	Twistlock CVE	Low	commons-configuration_commons-configuration-1.10	0.00117	false
CVE-2023-33953	Anchore CVE	High	grpc-google-cloud-pubsublite-v1-1.12.8	0.00116	false
CVE-2025-25193	Twistlock CVE	Medium	io.netty_netty-common-4.1.115.Final	0.00113	false
CVE-2025-25193	Twistlock CVE	Medium	io.netty_netty-common-4.1.77.Final	0.00113	false
CVE-2024-8184	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-servlet-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00113	false
CVE-2024-8184	Anchore CVE	Medium	jetty-io-9.4.12.v20180830	0.00113	false
CVE-2018-1320	Twistlock CVE	High	libthrift-0.9.2	0.00112	false
CVE-2025-30751	Anchore CVE	High	ojdbc11-23.5.0.24.07	0.00105	false
CVE-2025-30751	Anchore CVE	High	orai18n-23.5.0.24.07	0.00105	false
CVE-2023-30428	Anchore CVE	High	pulsar-client-2.10.1	0.00098	false
CVE-2023-30428	Anchore CVE	High	pulsar-common-2.10.1	0.00098	false
CVE-2023-30428	Anchore CVE	High	pulsar-client-api-2.10.1	0.00098	false
CVE-2023-30428	Anchore CVE	High	pulsar-client-admin-api-2.10.1	0.00098	false
CVE-2023-30428	Anchore CVE	High	pulsar-client-original-2.10.1	0.00098	false
CVE-2023-30428	Anchore CVE	High	pulsar-transaction-common-2.10.1	0.00098	false
CVE-2023-30428	Anchore CVE	High	pulsar-client-messagecrypto-bc-2.10.1	0.00098	false
CVE-2023-51437	Anchore CVE	High	pulsar-client-api-2.10.1	0.00097	false
CVE-2023-51437	Anchore CVE	High	pulsar-client-admin-api-2.10.1	0.00097	false
CVE-2023-51437	Anchore CVE	High	pulsar-client-messagecrypto-bc-2.10.1	0.00097	false
CVE-2023-51437	Anchore CVE	High	pulsar-client-original-2.10.1	0.00097	false
CVE-2023-51437	Anchore CVE	High	pulsar-transaction-common-2.10.1	0.00097	false
CVE-2023-51437	Anchore CVE	High	pulsar-client-2.10.1	0.00097	false
CVE-2023-51437	Anchore CVE	High	pulsar-common-2.10.1	0.00097	false
CVE-2024-6763	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.56.v20240826	0.00090	false
CVE-2024-6763	Twistlock CVE	Medium	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00090	false
CVE-2024-6763	Twistlock CVE	Medium	org.eclipse.jetty_jetty-http-9.4.12.v20180830	0.00090	false
CVE-2024-6763	Twistlock CVE	Medium	org.eclipse.jetty_jetty-http-9.4.56.v20240826	0.00090	false
CVE-2024-36114	Twistlock CVE	High	io.airlift_aircompressor-0.20	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-common-2.10.1	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-transaction-common-2.10.1	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-client-api-2.10.1	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-client-original-2.10.1	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-client-messagecrypto-bc-2.10.1	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-client-2.10.1	0.00089	false
CVE-2023-37579	Anchore CVE	Medium	pulsar-client-admin-api-2.10.1	0.00089	false
CVE-2025-30701	Anchore CVE	High	ojdbc11-23.5.0.24.07	0.00081	false
CVE-2025-30701	Anchore CVE	High	orai18n-23.5.0.24.07	0.00081	false
CVE-2022-38750	Twistlock CVE	Medium	org.yaml_snakeyaml-1.30	0.00079	false
CVE-2022-38750	Twistlock CVE	Medium	org.yaml_snakeyaml-1.29	0.00079	false
CVE-2022-38750	Twistlock CVE	Medium	org.yaml_snakeyaml-1.26	0.00079	false
CVE-2025-24860	Twistlock CVE	Low	cassandra-all-4.1.7	0.00077	false
CVE-2025-24860	Twistlock CVE	Low	cassandra-all-5.0.2	0.00077	false
CVE-2022-41881	Twistlock CVE	Medium	io.netty_netty-codec-haproxy-4.1.77.Final	0.00077	false
CVE-2022-41854	Twistlock CVE	Medium	org.yaml_snakeyaml-1.30	0.00076	false
CVE-2022-41854	Twistlock CVE	Medium	org.yaml_snakeyaml-1.29	0.00076	false
CVE-2022-41854	Twistlock CVE	Medium	org.yaml_snakeyaml-1.26	0.00076	false
CVE-2023-43642	Anchore CVE	High	snappy-java-1.1.1.7	0.00073	false
CVE-2025-52999	Twistlock CVE	High	com.fasterxml.jackson.core_jackson-core-2.13.2	0.00072	false
CVE-2025-30733	Anchore CVE	Medium	orai18n-23.5.0.24.07	0.00069	false
CVE-2025-30733	Anchore CVE	Medium	ojdbc11-23.5.0.24.07	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-client-messagecrypto-bc-2.10.1	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-common-2.10.1	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-client-admin-api-2.10.1	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-transaction-common-2.10.1	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-client-api-2.10.1	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-client-original-2.10.1	0.00069	false
CVE-2023-30429	Anchore CVE	High	pulsar-client-2.10.1	0.00069	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-transaction-common-2.10.1	0.00063	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-client-messagecrypto-bc-2.10.1	0.00063	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-client-original-2.10.1	0.00063	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-common-2.10.1	0.00063	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-client-2.10.1	0.00063	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-client-admin-api-2.10.1	0.00063	false
CVE-2023-31007	Anchore CVE	Medium	pulsar-client-api-2.10.1	0.00063	false
CVE-2023-39410	Twistlock CVE	High	org.apache.avro_avro-1.10.2	0.00061	false
CVE-2023-39410	Twistlock CVE	High	org.apache.avro_avro-1.10.1	0.00061	false
CVE-2023-39410	Anchore CVE	High	avro-protobuf-1.10.2	0.00061	false
CVE-2023-33202	Twistlock CVE	Medium	org.bouncycastle_bcprov-ext-jdk15on-1.69.00.0	0.00059	false
CVE-2023-33202	Twistlock CVE	Medium	org.bouncycastle_bcprov-jdk15on-1.69.0	0.00059	false
CVE-2025-48734	Twistlock CVE	Low	commons-beanutils_commons-beanutils-1.9.4	0.00056	false
CVE-2025-8916	Twistlock CVE	Medium	org.bouncycastle_bcpkix-jdk15on-1.69.00.0	0.00055	false
CVE-2025-55163	Twistlock CVE	High	io.netty_netty-codec-http2-4.1.115.Final	0.00055	false
CVE-2025-50059	Twistlock CVE	Low	java-21.0.7	0.00054	false
CVE-2025-58056	Twistlock CVE	Low	io.netty_netty-codec-http-4.1.77.Final	0.00050	false
CVE-2025-58056	Twistlock CVE	Low	io.netty_netty-codec-http-4.1.115.Final	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-transaction-common-2.10.1	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-client-original-2.10.1	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-client-admin-api-2.10.1	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-client-2.10.1	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-client-messagecrypto-bc-2.10.1	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-client-api-2.10.1	0.00050	false
CVE-2023-37544	Anchore CVE	High	pulsar-common-2.10.1	0.00050	false
CVE-2024-39657	Anchore CVE	High	opentelemetry-exporter-sender-okhttp-1.39.0	0.00048	false
CVE-2024-29025	Twistlock CVE	Medium	io.netty_netty-codec-http-4.1.77.Final	0.00048	false
CVE-2024-12801	Twistlock CVE	Low	ch.qos.logback_logback-core-1.2.13	0.00048	false
CVE-2024-12801	Twistlock CVE	Low	ch.qos.logback_logback-core-1.3.5	0.00048	false
CVE-2024-30171	Twistlock CVE	Medium	org.bouncycastle_bcprov-jdk15on-1.69.0	0.00045	false
CVE-2025-58057	Twistlock CVE	Medium	io.netty_netty-codec-4.1.115.Final	0.00042	false
CVE-2025-58057	Twistlock CVE	Medium	io.netty_netty-codec-4.1.77.Final	0.00042	false
CVE-2023-2976	Twistlock CVE	High	com.google.guava_guava-31.0.1-jre	0.00042	false
CVE-2023-2976	Twistlock CVE	High	guava-24.1.1.jre	0.00042	false
CVE-2023-2976	Twistlock CVE	High	com.google.guava_guava-24.1.1-jre	0.00042	false
CVE-2025-49574	Twistlock CVE	Medium	io.quarkus_quarkus-vertx-3.15.3	0.00041	false
CVE-2024-13009	Twistlock CVE	High	org.eclipse.jetty_jetty-server-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-servlets-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-continuation-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-server-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-util-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-io-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-http-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-client-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-security-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-servlet-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-io-9.4.56.v20240826	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-http-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Anchore CVE	High	jetty-util-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Twistlock CVE	Low	org.eclipse.jetty_jetty-io-9.4.12.v20180830	0.00040	false
CVE-2024-13009	Twistlock CVE	Low	org.eclipse.jetty_jetty-io-9.4.56.v20240826	0.00040	false
CVE-2025-30754	Twistlock CVE	Low	java-21.0.7	0.00036	false
CVE-2023-0833	Anchore CVE	Medium	okhttp-4.8.1	0.00036	false
CVE-2025-26467	Twistlock CVE	Low	cassandra-all-4.1.7	0.00034	false
CVE-2025-26467	Twistlock CVE	Low	cassandra-all-3.11.12	0.00034	false
CVE-2025-26467	Twistlock CVE	Low	cassandra-all-5.0.2	0.00034	false
CVE-2024-27137	Twistlock CVE	Low	cassandra-all-4.1.7	0.00033	false
CVE-2024-27137	Twistlock CVE	Low	cassandra-all-5.0.2	0.00033	false
CVE-2025-50066	Anchore CVE	Low	ojdbc11-23.5.0.24.07	0.00032	false
CVE-2025-50066	Anchore CVE	Low	orai18n-23.5.0.24.07	0.00032	false
CVE-2025-30750	Anchore CVE	Low	ojdbc11-23.5.0.24.07	0.00026	false
CVE-2025-30750	Anchore CVE	Low	orai18n-23.5.0.24.07	0.00026	false
CVE-2023-32732	Anchore CVE	Medium	grpc-google-cloud-pubsublite-v1-1.12.8	0.00023	false
CVE-2024-47535	Twistlock CVE	Medium	io.netty_netty-common-4.1.77.Final	0.00021	false
CVE-2020-36843	Twistlock CVE	Medium	net.i2p.crypto_eddsa-0.3.0	0.00016	false
CVE-2025-50070	Anchore CVE	Medium	ojdbc11-23.5.0.24.07	0.00015	false
CVE-2023-35116	Anchore CVE	Medium	jackson-databind-2.13.2.1	0.00015	false
CVE-2024-25710	Twistlock CVE	Medium	org.apache.commons_commons-compress-1.21	0.00012	false
CVE-2020-8908	Twistlock CVE	Low	com.google.guava_guava-24.1.1-jre	0.00009	false
CVE-2020-8908	Twistlock CVE	Low	guava-24.1.1.jre	0.00009	false
CVE-2020-8908	Twistlock CVE	Low	com.google.guava_guava-31.0.1-jre	0.00009	false
CVE-2022-24329	Twistlock CVE	Medium	kotlin-stdlib-1.4.21-release-351	0.00002	false
PRISMA-2023-0067	Twistlock CVE	High	com.fasterxml.jackson.core_jackson-core-2.13.2	N/A	N/A
PRISMA-2021-0182	Twistlock CVE	Medium	org.eclipse.jetty_jetty-servlet-9.4.12.v20180830	N/A	N/A
PRISMA-2021-0182	Twistlock CVE	Medium	org.eclipse.jetty_jetty-server-9.4.12.v20180830	N/A	N/A
PRISMA-2021-0055	Twistlock CVE	Low	commons-codec_commons-codec-1.9	N/A	N/A
GHSA-xq3w-v528-46rv	Anchore CVE	Medium	netty-common-4.1.77.Final	N/A	N/A
GHSA-xc67-hjx6-cgg6	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-xc67-hjx6-cgg6	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-xc67-hjx6-cgg6	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-xc67-hjx6-cgg6	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-wxr5-93ph-8wr9	Anchore CVE	High	commons-beanutils-1.9.4	N/A	N/A
GHSA-wmcc-9vch-jmx4	Anchore CVE	High	cassandra-all-3.11.12	N/A	N/A
GHSA-wmcc-9vch-jmx4	Anchore CVE	High	cassandra-all-5.0.2	N/A	N/A
GHSA-wmcc-9vch-jmx4	Anchore CVE	High	cassandra-all-4.1.7	N/A	N/A
GHSA-wjxj-f8rg-99wx	Anchore CVE	High	libthrift-0.9.2	N/A	N/A
GHSA-wjxj-5m7g-mg7q	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-wjxj-5m7g-mg7q	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-wjxj-5m7g-mg7q	Anchore CVE	Medium	bcprov-ext-jdk15on-1.69	N/A	N/A
GHSA-wjxj-5m7g-mg7q	Anchore CVE	Medium	bcprov-ext-jdk15on-1.69	N/A	N/A
GHSA-w37g-rhq8-7m4j	Anchore CVE	Medium	snakeyaml-1.30	N/A	N/A
GHSA-w37g-rhq8-7m4j	Anchore CVE	Medium	snakeyaml-1.29	N/A	N/A
GHSA-w37g-rhq8-7m4j	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-w37g-rhq8-7m4j	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-w37g-rhq8-7m4j	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-w33c-445m-f8w7	Anchore CVE	Medium	okio-2.8.0	N/A	N/A
GHSA-w33c-445m-f8w7	Anchore CVE	Medium	okio-2.8.0	N/A	N/A
GHSA-w33c-445m-f8w7	Anchore CVE	Medium	okio-jvm-3.0.0	N/A	N/A
GHSA-w33c-445m-f8w7	Anchore CVE	Medium	okio-2.8.0	N/A	N/A
GHSA-w33c-445m-f8w7	Anchore CVE	Medium	okio-2.8.0	N/A	N/A
GHSA-vx85-mj8c-4qm6	Anchore CVE	Medium	libthrift-0.9.2	N/A	N/A
GHSA-vmq6-5m68-f53m	Anchore CVE	High	logback-classic-1.3.5	N/A	N/A
GHSA-vmq6-5m68-f53m	Anchore CVE	High	logback-core-1.3.5	N/A	N/A
GHSA-vgq5-3255-v292	Anchore CVE	Medium	kafka-clients-3.9.0	N/A	N/A
GHSA-vgq5-3255-v292	Anchore CVE	Medium	kafka-clients-3.9.0	N/A	N/A
GHSA-vgq5-3255-v292	Anchore CVE	Medium	kafka-clients-3.9.0	N/A	N/A
GHSA-vgq5-3255-v292	Anchore CVE	Medium	kafka-clients-3.9.0	N/A	N/A
GHSA-v435-xc8x-wvr9	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-v435-xc8x-wvr9	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-rj7p-rfgp-852x	Anchore CVE	High	libthrift-0.9.2	N/A	N/A
GHSA-rhrv-645h-fjfh	Anchore CVE	High	avro-1.10.1	N/A	N/A
GHSA-rhrv-645h-fjfh	Anchore CVE	High	avro-1.10.1	N/A	N/A
GHSA-rhrv-645h-fjfh	Anchore CVE	High	avro-1.10.2	N/A	N/A
GHSA-rhrv-645h-fjfh	Anchore CVE	High	avro-1.10.1	N/A	N/A
GHSA-rgv9-q543-rqg4	Anchore CVE	High	jackson-databind-2.13.2.1	N/A	N/A
GHSA-rgfx-7p65-3ff4	Anchore CVE	Medium	cassandra-all-4.1.7	N/A	N/A
GHSA-rgfx-7p65-3ff4	Anchore CVE	Medium	cassandra-all-5.0.2	N/A	N/A
GHSA-r7pg-v2c8-mfg3	Anchore CVE	Critical	avro-1.10.2	N/A	N/A
GHSA-r7pg-v2c8-mfg3	Anchore CVE	Critical	avro-1.10.1	N/A	N/A
GHSA-r7pg-v2c8-mfg3	Anchore CVE	Critical	avro-1.10.1	N/A	N/A
GHSA-r7pg-v2c8-mfg3	Anchore CVE	Critical	avro-1.10.1	N/A	N/A
GHSA-r28m-g6j9-r2h5	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-r28m-g6j9-r2h5	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-r28m-g6j9-r2h5	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-r28m-g6j9-r2h5	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-qw69-rqj8-6qw8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-qw69-rqj8-6qw8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-qw69-rqj8-6qw8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-qw69-rqj8-6qw8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-qh8g-58pp-2wxh	Anchore CVE	Medium	jetty-http-9.4.56.v20240826	N/A	N/A
GHSA-qh8g-58pp-2wxh	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-qh8g-58pp-2wxh	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-qh8g-58pp-2wxh	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-qh8g-58pp-2wxh	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-q4rv-gq96-w7c5	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-q4rv-gq96-w7c5	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-q4rv-gq96-w7c5	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-q4rv-gq96-w7c5	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-pvp8-3xj6-8c6x	Anchore CVE	Low	commons-configuration-1.10	N/A	N/A
GHSA-prj3-ccx8-p6x4	Anchore CVE	High	netty-codec-http2-4.1.115.Final	N/A	N/A
GHSA-pr98-23f8-jwxv	Anchore CVE	Medium	logback-core-1.3.5	N/A	N/A
GHSA-pr98-23f8-jwxv	Anchore CVE	Medium	logback-core-1.2.13	N/A	N/A
GHSA-pr98-23f8-jwxv	Anchore CVE	Medium	logback-core-1.2.13	N/A	N/A
GHSA-pr98-23f8-jwxv	Anchore CVE	Medium	logback-core-1.2.13	N/A	N/A
GHSA-p979-4mfw-53vg	Anchore CVE	High	netty-all-4.0.44.Final	N/A	N/A
GHSA-p53j-g8pw-4w5f	Anchore CVE	Medium	eddsa-0.3.0	N/A	N/A
GHSA-p26g-97m4-6q7c	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-p26g-97m4-6q7c	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-p26g-97m4-6q7c	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-p26g-97m4-6q7c	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-mm8h-8587-p46h	Anchore CVE	Medium	amqp-client-5.16.0	N/A	N/A
GHSA-mjmj-j48q-9wg2	Anchore CVE	High	snakeyaml-1.26	N/A	N/A
GHSA-mjmj-j48q-9wg2	Anchore CVE	High	snakeyaml-1.26	N/A	N/A
GHSA-mjmj-j48q-9wg2	Anchore CVE	High	snakeyaml-1.26	N/A	N/A
GHSA-mjmj-j48q-9wg2	Anchore CVE	High	snakeyaml-1.30	N/A	N/A
GHSA-mjmj-j48q-9wg2	Anchore CVE	High	snakeyaml-1.29	N/A	N/A
GHSA-mfj5-cf8g-g2fv	Anchore CVE	Critical	async-http-client-2.12.1	N/A	N/A
GHSA-m6cp-vxjx-65j6	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m6cp-vxjx-65j6	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m6cp-vxjx-65j6	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m6cp-vxjx-65j6	Anchore CVE	Low	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m394-8rww-3jr7	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m394-8rww-3jr7	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m394-8rww-3jr7	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-m394-8rww-3jr7	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-jjjh-jjxp-wpff	Anchore CVE	High	jackson-databind-2.13.2.1	N/A	N/A
GHSA-j288-q9x7-2f5v	Anchore CVE	Medium	commons-lang3-3.14.0	N/A	N/A
GHSA-j288-q9x7-2f5v	Anchore CVE	Medium	commons-lang-2.6	N/A	N/A
GHSA-j288-q9x7-2f5v	Anchore CVE	Medium	commons-lang3-3.1	N/A	N/A
GHSA-j288-q9x7-2f5v	Anchore CVE	Medium	commons-lang3-3.11	N/A	N/A
GHSA-j288-q9x7-2f5v	Anchore CVE	Medium	commons-lang3-3.13.0	N/A	N/A
GHSA-j288-q9x7-2f5v	Anchore CVE	Medium	commons-lang3-3.11	N/A	N/A
GHSA-hr8g-6v94-x4m9	Anchore CVE	Medium	bcprov-ext-jdk15on-1.69	N/A	N/A
GHSA-hr8g-6v94-x4m9	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-hr8g-6v94-x4m9	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-hr8g-6v94-x4m9	Anchore CVE	Medium	bcprov-ext-jdk15on-1.69	N/A	N/A
GHSA-hmr7-m48g-48f6	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-hmr7-m48g-48f6	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-hmr7-m48g-48f6	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-hmr7-m48g-48f6	Anchore CVE	Medium	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-hhhw-99gj-p3c3	Anchore CVE	Medium	snakeyaml-1.30	N/A	N/A
GHSA-hhhw-99gj-p3c3	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-hhhw-99gj-p3c3	Anchore CVE	Medium	snakeyaml-1.29	N/A	N/A
GHSA-hhhw-99gj-p3c3	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-hhhw-99gj-p3c3	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-h46c-h94j-95f3	Anchore CVE	High	jackson-core-2.13.2	N/A	N/A
GHSA-h46c-h94j-95f3	Anchore CVE	High	jackson-core-2.13.2	N/A	N/A
GHSA-g8m5-722r-8whq	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-g8m5-722r-8whq	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-g8m5-722r-8whq	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-g8m5-722r-8whq	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-fx2c-96vj-985v	Anchore CVE	Medium	netty-codec-haproxy-4.1.77.Final	N/A	N/A
GHSA-cj7v-27pg-wf7q	Anchore CVE	Low	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-cj7v-27pg-wf7q	Anchore CVE	Low	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-cj7v-27pg-wf7q	Anchore CVE	Low	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-cj7v-27pg-wf7q	Anchore CVE	Low	jetty-http-9.4.12.v20180830	N/A	N/A
GHSA-c4r9-r8fh-9vj2	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-c4r9-r8fh-9vj2	Anchore CVE	Medium	snakeyaml-1.29	N/A	N/A
GHSA-c4r9-r8fh-9vj2	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-c4r9-r8fh-9vj2	Anchore CVE	Medium	snakeyaml-1.30	N/A	N/A
GHSA-c4r9-r8fh-9vj2	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-9w3m-gqgf-c4p9	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-9w3m-gqgf-c4p9	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-9w3m-gqgf-c4p9	Anchore CVE	Medium	snakeyaml-1.29	N/A	N/A
GHSA-9w3m-gqgf-c4p9	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-9w3m-gqgf-c4p9	Anchore CVE	Medium	snakeyaml-1.30	N/A	N/A
GHSA-98wm-3w3q-mw94	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-98wm-3w3q-mw94	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-98wm-3w3q-mw94	Anchore CVE	Medium	snakeyaml-1.30	N/A	N/A
GHSA-98wm-3w3q-mw94	Anchore CVE	Medium	snakeyaml-1.29	N/A	N/A
GHSA-98wm-3w3q-mw94	Anchore CVE	Medium	snakeyaml-1.26	N/A	N/A
GHSA-973x-65j7-xcf4	Anchore CVE	High	aircompressor-0.20	N/A	N/A
GHSA-9623-mj7j-p9v4	Anchore CVE	Medium	quarkus-vertx-3.15.3	N/A	N/A
GHSA-8xfc-gm6g-vgpv	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-8xfc-gm6g-vgpv	Anchore CVE	Medium	bcprov-jdk15on-1.69	N/A	N/A
GHSA-86wm-rrjm-8wh8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-86wm-rrjm-8wh8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-86wm-rrjm-8wh8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-86wm-rrjm-8wh8	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-7vx9-xjhr-rw6h	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-7vx9-xjhr-rw6h	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-7vx9-xjhr-rw6h	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-7vx9-xjhr-rw6h	Anchore CVE	Medium	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-7g45-4rm6-3mm3	Anchore CVE	Medium	guava-24.1.1-jre	N/A	N/A
GHSA-7g45-4rm6-3mm3	Anchore CVE	Medium	guava-24.1.1-jre	N/A	N/A
GHSA-7g45-4rm6-3mm3	Anchore CVE	Medium	guava-24.1.1-jre	N/A	N/A
GHSA-7g45-4rm6-3mm3	Anchore CVE	Medium	guava-31.0.1-jre	N/A	N/A
GHSA-78wr-2p64-hpwj	Anchore CVE	High	commons-io-2.8.0	N/A	N/A
GHSA-6v67-2wr5-gvf4	Anchore CVE	Low	logback-core-1.2.13	N/A	N/A
GHSA-6v67-2wr5-gvf4	Anchore CVE	Low	logback-core-1.2.13	N/A	N/A
GHSA-6v67-2wr5-gvf4	Anchore CVE	Low	logback-core-1.2.13	N/A	N/A
GHSA-6v67-2wr5-gvf4	Anchore CVE	Low	logback-core-1.3.5	N/A	N/A
GHSA-6mjq-h674-j845	Anchore CVE	Medium	netty-handler-4.1.77.Final	N/A	N/A
GHSA-5mg8-w23w-74h3	Anchore CVE	Low	guava-31.0.1-jre	N/A	N/A
GHSA-5mg8-w23w-74h3	Anchore CVE	Low	guava-24.1.1-jre	N/A	N/A
GHSA-5mg8-w23w-74h3	Anchore CVE	Low	guava-24.1.1-jre	N/A	N/A
GHSA-5mg8-w23w-74h3	Anchore CVE	Low	guava-24.1.1-jre	N/A	N/A
GHSA-5jpm-x58v-624v	Anchore CVE	Medium	netty-codec-http-4.1.77.Final	N/A	N/A
GHSA-4jrv-ppp4-jm57	Anchore CVE	High	gson-2.8.6	N/A	N/A
GHSA-4jrv-ppp4-jm57	Anchore CVE	High	gson-2.8.6	N/A	N/A
GHSA-4jrv-ppp4-jm57	Anchore CVE	High	gson-2.8.6	N/A	N/A
GHSA-4jq9-2xhw-jpx7	Anchore CVE	High	json-20211205	N/A	N/A
GHSA-4g9r-vxhx-9pgx	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4g9r-vxhx-9pgx	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4g9r-vxhx-9pgx	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4g9r-vxhx-9pgx	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4g8c-wm8x-jfhw	Anchore CVE	High	netty-handler-4.1.115.Final	N/A	N/A
GHSA-4g8c-wm8x-jfhw	Anchore CVE	High	netty-handler-4.1.115.Final	N/A	N/A
GHSA-4fwr-mh5q-hchh	Anchore CVE	High	quarkus-resteasy-3.15.3	N/A	N/A
GHSA-4cx2-fc23-5wg6	Anchore CVE	Medium	bcpkix-jdk15on-1.69	N/A	N/A
GHSA-4cx2-fc23-5wg6	Anchore CVE	Medium	bcpkix-jdk15on-1.69	N/A	N/A
GHSA-4265-ccf5-phj5	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4265-ccf5-phj5	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4265-ccf5-phj5	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-4265-ccf5-phj5	Anchore CVE	Medium	commons-compress-1.21	N/A	N/A
GHSA-3vqj-43w4-2q58	Anchore CVE	High	json-20211205	N/A	N/A
GHSA-3mc7-4q67-w48m	Anchore CVE	High	snakeyaml-1.30	N/A	N/A
GHSA-3mc7-4q67-w48m	Anchore CVE	High	snakeyaml-1.29	N/A	N/A
GHSA-3mc7-4q67-w48m	Anchore CVE	High	snakeyaml-1.26	N/A	N/A
GHSA-3mc7-4q67-w48m	Anchore CVE	High	snakeyaml-1.26	N/A	N/A
GHSA-3mc7-4q67-w48m	Anchore CVE	High	snakeyaml-1.26	N/A	N/A
GHSA-3cjf-fwcq-xh22	Anchore CVE	Medium	cassandra-all-4.1.7	N/A	N/A
GHSA-3cjf-fwcq-xh22	Anchore CVE	Medium	cassandra-all-5.0.2	N/A	N/A
GHSA-389x-839f-4rhx	Anchore CVE	Medium	netty-common-4.1.115.Final	N/A	N/A
GHSA-389x-839f-4rhx	Anchore CVE	Medium	netty-common-4.1.115.Final	N/A	N/A
GHSA-389x-839f-4rhx	Anchore CVE	Medium	netty-common-4.1.77.Final	N/A	N/A
GHSA-26vr-8j45-3r4w	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-26vr-8j45-3r4w	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-26vr-8j45-3r4w	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A
GHSA-26vr-8j45-3r4w	Anchore CVE	High	jetty-server-9.4.12.v20180830	N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/debezium&tag=3.1.1.Final&branch=master

Novel Tidelift Findings (Experimental)

opensource/debezium has 133 novel Tidelift findings discovered during continuous monitoring.

NOTE: This table is for Iron Bank evaluation and testing purposes. No action required by vendors.

id	cvss score	package	impact	workaround	epss_score	kev
CVE-2022-1471	9.8	org.yaml:snakeyaml-1.29			0.93849	false
CVE-2022-1471	9.8	org.yaml:snakeyaml-1.26			0.93849	false
CVE-2022-1471	9.8	org.yaml:snakeyaml-1.30			0.93849	false
CVE-2023-26048	5.3	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Low effort request can result in an OutOfMemoryError	Do not use defaults for Servlet Multipart Configs.Specify values for fileSizeThreshold, location, maxFileSize, and maxRequestSize	0.36142	false
CVE-2020-27223	5.3	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Trivially easy DOS to exploit. Many existing malicious tools exploit this vulnerability today.		0.28074	false
CVE-2019-10241	6.1	org.eclipse.jetty:jetty-server-9.4.12.v20180830			0.21602	false
CVE-2019-10241	6.1	org.eclipse.jetty:jetty-util-9.4.12.v20180830	The default setting for dirAllowed is true making you vulnerable.	Turn off dirAllowed.	0.21602	false
CVE-2019-9512	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Relatively easy to trigger with a malicious client. Many exploits exist in the wild for this.		0.16257	false
CVE-2019-9511	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Trivially easy to exploit, many malicious tools can exploit this CVE effectively	Disable HTTP2 use on server and client	0.15262	false
CVE-2019-9515	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Trivially easy to exploit. Many malicious clients exists that can exploit this CVE.	Disable all HTTP2 use in server and client configurations	0.05767	false
CVE-2019-10247	5.3	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Information reveal impact all user of affected Jetty versions.	Do not use DefaultHandler, and make sure to remove it from the default Handler tree on Jetty.	0.05572	false
CVE-2018-12545	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Very easy to exploit. Many malicious tools exist to exploit this this vulnerability.	Disable use of HTTP2 on server and client	0.04755	false
CVE-2021-28165	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830			0.04692	false
CVE-2021-28165	7.5	org.eclipse.jetty:jetty-io-9.4.12.v20180830	If a user is running a vulnerable version, all an attacker needs to do is sent a single large TLS record which will result in 100 CPU usage.		0.04692	false
CVE-2019-9514	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Very easy to exploit, many malicious client tools exists for this vulnerability.	Disable HTTP2 use in server and client configurations	0.04545	false
CVE-2019-9518	7.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Relatively easy to trigger with HTTP2 and HTTP3		0.04521	false
CVE-2019-9516	6.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Very easy to exploit. Many malicious tools exist that can exploit this CVE	Disable use of HTTP2 on server and client	0.02564	false
CVE-2023-40167	5.3	org.eclipse.jetty:jetty-http-9.4.12.v20180830	Trivially easy to trigger, request smuggling likely scenario.		0.02542	false
CVE-2019-20444	9.1	io.netty:netty-all-4.0.44.Final	An attacker can easily result in smuggling by sending a request like the followingPOST HTTP1.1Host example.comContentlength41ContentType applicationxwwwformurlencodedTransferEncoding chunked0GET tmp HTTP1.1HostlocalhostGET HTTP1.1Hostlocalhost		0.02402	false
CVE-2019-16869	7.5	io.netty:netty-all-4.0.44.Final			0.01901	false
CVE-2022-25647	7.5	com.google.code.gson:gson-2.8.6			0.01666	false
CVE-2024-47561	9.8	org.apache.avro:avro-1.10.2			0.01594	false
CVE-2024-47561	9.8	org.apache.avro:avro-1.10.1			0.01594	false
CVE-2022-2048	7.5	org.eclipse.jetty:jetty-http-9.4.12.v20180830	While somewhat tricky to intentionally trigger, it is trivially easy to accidentally trigger, esp with mobile client connections.	Do not use HTTP2 on vulnerable versions	0.01411	false
CVE-2019-10246	5.3	org.eclipse.jetty:jetty-server-9.4.12.v20180830	All users of affected Jetty versions on Microsoft Windows are vulnerable		0.01235	false
CVE-2023-36478	7.5	org.eclipse.jetty:jetty-http-9.4.12.v20180830	Very tricky to trigger intentionally. No exploit is known for this vulnerability.		0.01086	false
CVE-2022-2047	2.7	org.eclipse.jetty:jetty-http-9.4.12.v20180830	Can be caused by a carefully crafted client request		0.00878	false
CVE-2022-45688	7.5	org.json:json-20211205			0.00705	false
CVE-2019-0205	7.5	org.apache.thrift:libthrift-0.9.2			0.00698	false
CVE-2020-7238	7.5	io.netty:netty-all-4.0.44.Final			0.00685	false
CVE-2018-11798	6.5	org.apache.thrift:libthrift-0.9.2			0.00629	false
CVE-2023-34462	6.5	io.netty:netty-handler-4.1.77.Final	Its relatively easy to trigger DoS and make the server suffer from unnecessarily high memory usage by leveraging this vulnerability.	You can fork the fixed SniHandler in newer Netty version instead of using the one provided by the old Netty version. Alternatively, you can simply disable SNI by removing SniHandler from your channel pipeline.	0.00563	false
CVE-2021-43045	7.5	org.apache.avro:avro-1.10.2			0.00561	false
CVE-2021-43045	7.5	org.apache.avro:avro-1.10.1			0.00561	false
CVE-2021-34428	3.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	An uncaught exception has to occur from user provided SessionListener to trigger.		0.00557	false
CVE-2022-38749	6.5	org.yaml:snakeyaml-1.29			0.00534	false
CVE-2022-38749	6.5	org.yaml:snakeyaml-1.26			0.00534	false
CVE-2022-38749	6.5	org.yaml:snakeyaml-1.30			0.00534	false
CVE-2023-5072	7.5	org.json:json-20211205			0.00525	false
CVE-2019-20445	9.1	io.netty:netty-all-4.0.44.Final			0.00434	false
CVE-2024-26308	5.5	org.apache.commons:commons-compress-1.21	If you unpack a file in the Pack200 format, and that file has been specially crafted or corrupted, the library will attempt to allocate more memory than is available.		0.00430	false
CVE-2023-46120	7.5	com.rabbitmq:amqp-client-5.16.0			0.00421	false
CVE-2023-6378	7.5	ch.qos.logback:logback-core-1.3.5	Assuming logbackreceiver is not reachable outside the network of the user, only malevolent users inside the local network may mount a successful attack.	Do not enable the logbackreceiver component.	0.00385	false
CVE-2023-6378	7.5	ch.qos.logback:logback-classic-1.3.5	Assuming logbackreceiver is not reachable outside the network of the user, only malevolent users inside the local network may mount a successful attack.	Do not enable the logbackreceiver component.	0.00385	false
CVE-2025-23015	8.8	org.apache.cassandra:cassandra-all-4.1.7			0.00372	false
CVE-2025-23015	8.8	org.apache.cassandra:cassandra-all-3.11.12			0.00372	false
CVE-2025-23015	8.8	org.apache.cassandra:cassandra-all-5.0.2			0.00372	false
CVE-2020-27218	4.8	org.eclipse.jetty:jetty-server-9.4.12.v20180830	If server handles andor produces an error during a GZIP handled HTTP exchange this vulnerability triggers.	Disable GzipHandler or always send Connection close header on all responses that use GZIP in request or response.	0.00352	false
CVE-2023-3635	7.5	com.squareup.okio:okio-2.8.0			0.00335	false
CVE-2023-3635	7.5	com.squareup.okio:okio-jvm-3.0.0			0.00335	false
CVE-2023-6481	7.5	ch.qos.logback:logback-core-1.3.5	Assuming logbackreceiver is not reachable outside the network of the user, only malevolent users inside the local network may mount a successful attack.	Assuming new softwarew deployment is possible, then there is no reason not to upgrade as 1.2.x, 1.3.x and 1.4.x series all have patched versions containing the appropriate fix. However, if new deploment is impossible, then disabling the logbackreceiver will prevent a successful attack.	0.00312	false
CVE-2023-6481	7.5	ch.qos.logback:logback-classic-1.3.5	Assuming logbackreceiver is not reachable outside the network of the user, only malevolent users inside the local network may mount a successful attack.	Assuming new softwarew deployment is possible, then there is no reason not to upgrade as 1.2.x, 1.3.x and 1.4.x series all have patched versions containing the appropriate fix. However, if new deploment is impossible, then disabling the logbackreceiver will prevent a successful attack.	0.00312	false
CVE-2022-25857	7.5	org.yaml:snakeyaml-1.29			0.00299	false
CVE-2022-25857	7.5	org.yaml:snakeyaml-1.26			0.00299	false
CVE-2022-25857	7.5	org.yaml:snakeyaml-1.30			0.00299	false
CVE-2023-33201	5.3	org.bouncycastle:bcprov-jdk15on-1.69			0.00289	false
CVE-2023-33201	5.3	org.bouncycastle:bcprov-ext-jdk15on-1.69			0.00289	false
CVE-2023-33201	5.3	org.bouncycastle:bcpkix-jdk15on-1.69			0.00289	false
CVE-2023-26049	5.3	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Trivially easy to exploit. Several malicious tools exists to exploit this vulnerability	No workaround	0.00263	false
CVE-2025-48924	6.5	commons-lang:commons-lang-2.6			0.00258	false
CVE-2025-48924	6.5	org.apache.commons:commons-lang3-3.1	An application or library would need to not only use the API or one of its call sites but also allow for very long inputs for a class name. Alternatively, if the app or library accepts input from the user or a configuration file, the app stack may be vulnerable.		0.00258	false
CVE-2025-48924	6.5	org.apache.commons:commons-lang3-3.11	An application or library would need to not only use the API or one of its call sites but also allow for very long inputs for a class name. Alternatively, if the app or library accepts input from the user or a configuration file, the app stack may be vulnerable.		0.00258	false
CVE-2025-48924	6.5	org.apache.commons:commons-lang3-3.13.0	An application or library would need to not only use the API or one of its call sites but also allow for very long inputs for a class name. Alternatively, if the app or library accepts input from the user or a configuration file, the app stack may be vulnerable.		0.00258	false
CVE-2025-48924	6.5	org.apache.commons:commons-lang3-3.14.0	An application or library would need to not only use the API or one of its call sites but also allow for very long inputs for a class name. Alternatively, if the app or library accepts input from the user or a configuration file, the app stack may be vulnerable.		0.00258	false
CVE-2025-1634	7.5	io.quarkus:quarkus-resteasy-3.15.3			0.00215	false
CVE-2024-47554	4.3	commons-io:commons-io-2.8.0	Either an application is using the class org.apache.commons.io.input.XmlStreamReader or it is not if the class is in use then attackers can craft malicious input to make the application vulnerable if that application accepts input to XmlStreamReader from the world at large. If an application can be relatively certain that its XmlStreamReader input can be trusted, the risk could be lowered from a vulnerability to a bug.	An application could mitigate this vulnerability by validating the input given to the class.	0.00213	false
CVE-2022-38752	6.5	org.yaml:snakeyaml-1.29			0.00209	false
CVE-2022-38752	6.5	org.yaml:snakeyaml-1.26			0.00209	false
CVE-2022-38752	6.5	org.yaml:snakeyaml-1.30			0.00209	false
CVE-2024-29857	7.5	org.bouncycastle:bcprov-jdk15on-1.69			0.00203	false
CVE-2024-12798	5.9	ch.qos.logback:logback-core-1.3.5	The vulnerability assumes that the attacker has the ability to modify configuration files or alternatively has the ability modify environment variables used in the targeted applications launch script. This requires a high level of existing privilege.	The attack is exploitable only if the Janino library is available on the class path of the application. If Janino is not on the classpath, then the vulnerability is not possible.	0.00186	false
CVE-2024-12798	5.9	ch.qos.logback:logback-core-1.2.13	The vulnerability assumes that the attacker has the ability to modify configuration files or alternatively has the ability modify environment variables used in the targeted applications launch script. This requires a high level of existing privilege.	The attack is exploitable only if the Janino library is available on the class path of the application. If Janino is not on the classpath, then the vulnerability is not possible.	0.00186	false
CVE-2022-42004	7.5	com.fasterxml.jackson.core:jackson-databind-2.13.2.1	Attacker will need to have high confidence that the feature is enabled and be familiar with the object structure of the Java class target it is not possible to generate general JSON document since target type varies by system.		0.00181	false
CVE-2022-38751	6.5	org.yaml:snakeyaml-1.29			0.00173	false
CVE-2022-38751	6.5	org.yaml:snakeyaml-1.26			0.00173	false
CVE-2022-38751	6.5	org.yaml:snakeyaml-1.30			0.00173	false
CVE-2024-53990	9.2	org.asynchttpclient:async-http-client-2.12.1			0.00170	false
CVE-2022-42003	7.5	com.fasterxml.jackson.core:jackson-databind-2.13.2.1	Attacker will need to have high confidence that the feature is enabled and be familiar with the object structure of the Java class target it is not possible to generate general JSON document since target type varies by system.		0.00169	false
CVE-2022-33684	8.1	org.apache.pulsar:pulsar-client-2.10.1			0.00166	false
CVE-2020-27216	7.0	org.eclipse.jetty:jetty-server-9.4.12.v20180830			0.00164	false
CVE-2025-24970	7.5	io.netty:netty-handler-4.1.115.Final	This is a critical vulnerability that can crash your application very easily, just by sending a crafted packet. Upgrade or workaround is highly recommended.	First option Disable native TLS support by removing the nettytcnative dependency or explicitly telling Netty not to use native TLS support. This may degrade your applications TLS performance.Second option Change the code fromSslContext context ...SslHandler handler context.newHandler....toSslContext context ...SSLEngine engine context.newEngine....SslHandler handler new SslHandlerengine, ....	0.00156	false
CVE-2024-30172	7.5	org.bouncycastle:bcprov-jdk15on-1.69			0.00136	false
CVE-2025-46392	2.7	commons-configuration:commons-configuration-1.10			0.00117	false
CVE-2025-25193	5.5	io.netty:netty-common-4.1.115.Final	This vulnerability can be triggered only when an attacker already has the write access to the filesystem. In addition, an attacker must create the offending file in the filesystem before the application is started. Therefore, Id say the risk is fairly low.		0.00113	false
CVE-2025-25193	5.5	io.netty:netty-common-4.1.77.Final	This vulnerability can be triggered only when an attacker already has the write access to the filesystem. In addition, an attacker must create the offending file in the filesystem before the application is started. Therefore, Id say the risk is fairly low.		0.00113	false
CVE-2024-8184	6.5	org.eclipse.jetty:jetty-server-9.4.12.v20180830	Do not use ThreadLimitHandler.Consider use of QoSHandler instead to artificially limit resource utilization.		0.00113	false
CVE-2018-1320	7.5	org.apache.thrift:libthrift-0.9.2			0.00112	false
CVE-2024-6763	3.7	org.eclipse.jetty:jetty-http-9.4.56.v20240826	If using the Jetty internal HttpURI as part of Jetty server and Jetty client you are not vulnerable.If using HttpURI in your application directly, then you are vulnerable if you use the results of HttpURI to apply filtering based on the given URI.		0.00090	false
CVE-2024-6763	3.7	org.eclipse.jetty:jetty-http-9.4.12.v20180830	If using the Jetty internal HttpURI as part of Jetty server and Jetty client you are not vulnerable.If using HttpURI in your application directly, then you are vulnerable if you use the results of HttpURI to apply filtering based on the given URI.		0.00090	false
CVE-2024-36114	8.6	io.airlift:aircompressor-0.20			0.00089	false
CVE-2022-38750	5.5	org.yaml:snakeyaml-1.29			0.00079	false
CVE-2022-38750	5.5	org.yaml:snakeyaml-1.26			0.00079	false
CVE-2022-38750	5.5	org.yaml:snakeyaml-1.30			0.00079	false
CVE-2025-24860	5.4	org.apache.cassandra:cassandra-all-4.1.7			0.00077	false
CVE-2025-24860	5.4	org.apache.cassandra:cassandra-all-5.0.2			0.00077	false
CVE-2022-41881	7.5	io.netty:netty-codec-haproxy-4.1.77.Final	The PROXY protocol is usually used between trusted parties, such as a load balancer e.g. AWS ELB and an application server. Its very likely that youre not affected by this vulnerability unless you use this procotol for communicating with untrusted parties.	Fork and use the fixed HaProxyMessageDecoder in Netty 4.1.86 or above rather than using whats shipped in an old Netty version.	0.00077	false
CVE-2022-41854	6.5	org.yaml:snakeyaml-1.29			0.00076	false
CVE-2022-41854	6.5	org.yaml:snakeyaml-1.26			0.00076	false
CVE-2022-41854	6.5	org.yaml:snakeyaml-1.30			0.00076	false
CVE-2025-52999	8.7	com.fasterxml.jackson.core:jackson-core-2.13.2	Vulnerability exposed for many reading cases but not all but depends on databinding level calls, definitions if Java target classes used less likely to be applicable for tree model JsonNode always applicable.		0.00072	false
CVE-2023-39410	7.5	org.apache.avro:avro-1.10.2			0.00061	false
CVE-2023-39410	7.5	org.apache.avro:avro-1.10.1			0.00061	false
CVE-2023-33202	5.5	org.bouncycastle:bcprov-jdk15on-1.69			0.00059	false
CVE-2023-33202	5.5	org.bouncycastle:bcprov-ext-jdk15on-1.69			0.00059	false
CVE-2024-23082		org.threeten:threetenbp-1.6.8			0.00057	false
CVE-2025-48734	8.8	commons-beanutils:commons-beanutils-1.9.4	An application or library can be vulnerable if it allows inputs or configurations from untrusted sources.		0.00056	false
CVE-2025-8916	6.3	org.bouncycastle:bcpkix-jdk15on-1.69			0.00055	false
CVE-2025-55163	8.2	io.netty:netty-codec-http2-4.1.115.Final	Although this vulnerability is legit, it is relatively hard to exploit this vulnerability to cause actual server instability, because modern hardware will not spend much resources to handle bogus RSTSTREAM frames.	A user can attach an Http2FrameListener implementation that disconnects a client that sends too many RSTSTREAM or any other invalid frames in a certain amount of time.	0.00055	false
CVE-2025-58056	8.2	io.netty:netty-codec-http-4.1.115.Final			0.00050	false
CVE-2025-58056	8.2	io.netty:netty-codec-http-4.1.77.Final			0.00050	false
CVE-2024-29025	5.3	io.netty:netty-codec-http-4.1.77.Final	HttpPostRequestDecoder is vulnerable to this issue regardless of whether it is used as intended or not.	If HttpPostRequestDecoder is NOT used for handling file uploads, a user could limit the length of an HTTP POST request body to a small value, which will effectively reduce the theoretically possible maximum number of form fields a request body can contain. However, this workaround might not be feasible if a user needs to handle file uploads, which may not be possible to limit the request both length.	0.00048	false
CVE-2024-12801	2.4	ch.qos.logback:logback-core-1.3.5	A successful attack requires that the attacker has write access to the logback.xml configuration file in use.		0.00048	false
CVE-2024-12801	2.4	ch.qos.logback:logback-core-1.2.13	A successful attack requires that the attacker has write access to the logback.xml configuration file in use.		0.00048	false
CVE-2024-30171	5.9	org.bouncycastle:bcprov-jdk15on-1.69			0.00045	false
CVE-2025-58057	6.9	io.netty:netty-codec-4.1.115.Final			0.00042	false
CVE-2025-58057	6.9	io.netty:netty-codec-4.1.77.Final			0.00042	false
CVE-2023-2976	7.1	com.google.guava:guava-24.1.1-jre			0.00042	false
CVE-2023-2976	7.1	com.google.guava:guava-31.0.1-jre			0.00042	false
CVE-2025-49574	6.4	io.quarkus:quarkus-vertx-3.15.3			0.00041	false
CVE-2024-13009	7.2	org.eclipse.jetty:jetty-server-9.4.12.v20180830	If using GzipHandler, it is not possible to avoid this vulnerability on impacted versions of Jetty.	Dont use an EOL version of Jetty.Dont use GzipHandler.	0.00040	false
CVE-2024-13009	7.2	org.eclipse.jetty:jetty-server-9.4.56.v20240826	If using GzipHandler, it is not possible to avoid this vulnerability on impacted versions of Jetty.	Dont use an EOL version of Jetty.Dont use GzipHandler.	0.00040	false
CVE-2023-0833	5.5	com.squareup.okhttp3:okhttp-4.8.1			0.00036	false
CVE-2024-27137	5.3	org.apache.cassandra:cassandra-all-4.1.7			0.00033	false
CVE-2024-27137	5.3	org.apache.cassandra:cassandra-all-5.0.2			0.00033	false
CVE-2025-27817	6.2	org.apache.kafka:kafka-clients-3.9.0			0.00031	false
CVE-2024-23081	3.3	org.threeten:threetenbp-1.6.8			0.00026	false
CVE-2024-47535	5.5	io.netty:netty-common-4.1.77.Final	An attacker must acquire the privilege to override the content of system files such as etcresolv.conf and procsys. Given such powerful superuserlevel privilege, I would imagine the attacker will not waste their time to trigger OOME using this vulnerability.		0.00021	false
CVE-2020-36843	4.3	net.i2p.crypto:eddsa-0.3.0			0.00016	false
CVE-2023-35116	4.7	com.fasterxml.jackson.core:jackson-databind-2.13.2.1			0.00015	false
CVE-2024-25710	5.5	org.apache.commons:commons-compress-1.21	If you read a DUMP file that is specially crafted or corrupted, the library will enter an infinite loop.		0.00012	false
CVE-2025-0736	5.5	org.infinispan:infinispan-core-15.0.8.Final			0.00010	false
CVE-2020-8908	3.3	com.google.guava:guava-24.1.1-jre			0.00009	false
CVE-2020-8908	3.3	com.google.guava:guava-31.0.1-jre			0.00009	false

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 06, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information