chore(findings): opensource/google/cadvisor

Summary

opensource/google/cadvisor has 536 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi8:8.7 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/google/cadvisor&tag=0.45.0&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2023-44487	Anchore CVE	High	stdlib-go1.17.13	0.94474	true
CVE-2023-44487	Twistlock CVE	Medium	google.golang.org/grpc-v1.33.2	0.94474	true
CVE-2023-44487	Twistlock CVE	Medium	google.golang.org/grpc/internal/transport-v1.33.2	0.94474	true
CVE-2023-2650	Anchore CVE	Medium	openssl-1:1.1.1k-14.el8_6	0.91970	false
CVE-2023-2650	Anchore CVE	Medium	openssl-libs-1:1.1.1k-14.el8_6	0.91970	false
CVE-2023-2650	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.91970	false
CVE-2023-45288	Anchore CVE	High	stdlib-go1.17.13	0.66635	false
CVE-2023-45288	Twistlock CVE	Medium	net/http-1.17.13	0.66635	false
CVE-2020-19188	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.07292	false
CVE-2020-19188	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.07292	false
CVE-2020-19188	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.07292	false
CVE-2024-7264	Twistlock CVE	Low	curl-7.61.1-34.el8_10.8	0.06460	false
CVE-2024-7264	Anchore CVE	Low	libcurl-7.61.1-34.el8_10.8	0.06460	false
CVE-2024-7264	Anchore CVE	Low	curl-7.61.1-34.el8_10.8	0.06460	false
CVE-2020-19187	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.04825	false
CVE-2020-19187	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.04825	false
CVE-2020-19187	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.04825	false
CVE-2020-19186	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.04825	false
CVE-2020-19186	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.04825	false
CVE-2020-19186	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.04825	false
CVE-2020-19185	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.04825	false
CVE-2020-19185	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.04825	false
CVE-2020-19185	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.04825	false
CVE-2020-19190	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.04818	false
CVE-2020-19190	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.04818	false
CVE-2020-19190	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.04818	false
CVE-2022-23990	Anchore CVE	Medium	expat-2.2.5-17.el8_10	0.04361	false
CVE-2022-23990	Twistlock CVE	Medium	expat-2.2.5-17.el8_10	0.04361	false
CVE-2024-33655	Anchore CVE	Low	unbound-libs-1.16.2-5.9.el8_10	0.03995	false
CVE-2024-33655	Anchore CVE	Low	python3-unbound-1.16.2-5.9.el8_10	0.03995	false
CVE-2024-33655	Twistlock CVE	Low	unbound-1.16.2-5.9.el8_10	0.03995	false
CVE-2024-21626	Twistlock CVE	High	github.com/opencontainers/runc/libcontainer/utils-v1.1.3	0.03956	false
CVE-2024-21626	Twistlock CVE	High	github.com/opencontainers/runc/libcontainer/cgroups-v1.1.3	0.03956	false
CVE-2024-21626	Twistlock CVE	High	github.com/opencontainers/runc/libcontainer-v1.1.3	0.03956	false
CVE-2024-56433	Anchore CVE	Low	shadow-utils-2:4.6-22.el8	0.03604	false
CVE-2019-9936	Anchore CVE	Low	sqlite-libs-3.26.0-20.el8_10	0.03424	false
CVE-2019-9936	Twistlock CVE	Low	sqlite-3.26.0-20.el8_10	0.03424	false
CVE-2019-9937	Anchore CVE	Low	sqlite-libs-3.26.0-20.el8_10	0.03159	false
CVE-2019-9937	Twistlock CVE	Low	sqlite-3.26.0-20.el8_10	0.03159	false
CVE-2023-28841	Twistlock CVE	Medium	github.com/docker/docker-v20.10.17	0.02852	false
CVE-2024-2511	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.02723	false
CVE-2024-2511	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.02723	false
CVE-2024-2511	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.02723	false
CVE-2020-19189	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.02546	false
CVE-2020-19189	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.02546	false
CVE-2020-19189	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.02546	false
CVE-2018-20225	Anchore CVE	Low	platform-python-pip-9.0.3-24.el8	0.02306	false
CVE-2018-20225	Anchore CVE	Low	python3-pip-wheel-9.0.3-24.el8	0.02306	false
CVE-2024-24787	Anchore CVE	Medium	stdlib-go1.17.13	0.02135	false
CVE-2018-1000880	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.01505	false
CVE-2018-1000880	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.01505	false
CVE-2024-24784	Anchore CVE	High	stdlib-go1.17.13	0.01498	false
CVE-2019-16866	Anchore CVE	Low	python3-unbound-1.16.2-5.9.el8_10	0.01248	false
CVE-2019-16866	Anchore CVE	Low	unbound-libs-1.16.2-5.9.el8_10	0.01248	false
CVE-2019-16866	Twistlock CVE	Low	unbound-1.16.2-5.9.el8_10	0.01248	false
CVE-2019-9674	Anchore CVE	Low	platform-python-3.6.8-71.el8_10	0.01239	false
CVE-2019-9674	Anchore CVE	Low	python3-libs-3.6.8-71.el8_10	0.01239	false
CVE-2019-9674	Twistlock CVE	Low	python3-3.6.8-71.el8_10	0.01239	false
CVE-2025-0938	Anchore CVE	Medium	python3-libs-3.6.8-71.el8_10	0.01154	false
CVE-2025-0938	Anchore CVE	Medium	platform-python-3.6.8-71.el8_10	0.01154	false
CVE-2025-0938	Twistlock CVE	Medium	python3-3.6.8-71.el8_10	0.01154	false
CVE-2018-1000879	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.01091	false
CVE-2018-1000879	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.01091	false
CVE-2020-21674	Anchore CVE	Medium	libarchive-3.3.3-6.el8_10	0.00915	false
CVE-2020-21674	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.00915	false
CVE-2023-0464	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.00857	false
CVE-2023-0464	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00857	false
CVE-2023-0464	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00857	false
CVE-2018-20839	Twistlock CVE	Medium	systemd-239-82.el8_10.8	0.00668	false
CVE-2018-20839	Anchore CVE	Medium	systemd-239-82.el8_10.8	0.00668	false
CVE-2018-20839	Anchore CVE	Medium	systemd-pam-239-82.el8_10.8	0.00668	false
CVE-2018-20839	Anchore CVE	Medium	systemd-libs-239-82.el8_10.8	0.00668	false
CVE-2023-0466	Anchore CVE	Medium	openssl-libs-1:1.1.1k-14.el8_6	0.00666	false
CVE-2023-0466	Anchore CVE	Medium	openssl-1:1.1.1k-14.el8_6	0.00666	false
CVE-2023-0466	Twistlock CVE	Medium	openssl-1:1.1.1k-14.el8_6	0.00666	false
CVE-2023-24538	Anchore CVE	Critical	stdlib-go1.17.13	0.00646	false
CVE-2023-24538	Twistlock CVE	Critical	html/template-1.17.13	0.00646	false
CVE-2024-24791	Anchore CVE	High	stdlib-go1.17.13	0.00635	false
CVE-2024-24791	Twistlock CVE	Low	net/http-1.17.13	0.00635	false
CVE-2023-28842	Twistlock CVE	Medium	github.com/docker/docker-v20.10.17	0.00617	false
CVE-2022-0235	Anchore CVE	Medium	python3-cloud-what-1.28.44-1.el8_10	0.00512	false
CVE-2022-0235	Anchore CVE	Medium	python3-subscription-manager-rhsm-1.28.44-1.el8_10	0.00512	false
CVE-2022-0235	Anchore CVE	Medium	subscription-manager-1.28.44-1.el8_10	0.00512	false
CVE-2022-0235	Anchore CVE	Medium	dnf-plugin-subscription-manager-1.28.44-1.el8_10	0.00512	false
CVE-2022-0235	Anchore CVE	Medium	python3-syspurpose-1.28.44-1.el8_10	0.00512	false
CVE-2022-0235	Twistlock CVE	Medium	subscription-manager-rhsm-certificates-20220623-1.el8	0.00512	false
CVE-2022-0235	Twistlock CVE	Medium	subscription-manager-1.28.44-1.el8_10	0.00512	false
CVE-2023-43804	Twistlock CVE	Medium	python-pip-9.0.3-24.el8	0.00472	false
CVE-2023-43804	Anchore CVE	Medium	platform-python-pip-9.0.3-24.el8	0.00472	false
CVE-2023-43804	Anchore CVE	Medium	python3-pip-wheel-9.0.3-24.el8	0.00472	false
CVE-2024-41996	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00446	false
CVE-2024-41996	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.00446	false
CVE-2024-41996	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00446	false
CVE-2024-24783	Anchore CVE	Medium	stdlib-go1.17.13	0.00445	false
CVE-2024-24783	Twistlock CVE	Low	crypto/x509-1.17.13	0.00445	false
CVE-2022-41717	Anchore CVE	Medium	stdlib-go1.17.13	0.00441	false
CVE-2022-41717	Twistlock CVE	Medium	net/http-1.17.13	0.00441	false
CVE-2023-28840	Twistlock CVE	High	github.com/docker/docker-v20.10.17	0.00437	false
CVE-2023-45289	Anchore CVE	Medium	stdlib-go1.17.13	0.00409	false
CVE-2023-45289	Twistlock CVE	Low	net/http-1.17.13	0.00409	false
CVE-2019-9923	Anchore CVE	Low	tar-2:1.30-11.el8_10	0.00408	false
CVE-2019-9923	Twistlock CVE	Low	tar-2:1.30-11.el8_10	0.00408	false
CVE-2018-19217	Anchore CVE	Medium	ncurses-libs-6.1-10.20180224.el8	0.00404	false
CVE-2018-19217	Anchore CVE	Medium	ncurses-base-6.1-10.20180224.el8	0.00404	false
CVE-2024-34459	Anchore CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00390	false
CVE-2024-34459	Anchore CVE	Low	python3-libxml2-2.9.7-21.el8_10.3	0.00390	false
CVE-2024-34459	Twistlock CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00390	false
CVE-2024-7592	Anchore CVE	Low	platform-python-3.6.8-71.el8_10	0.00387	false
CVE-2024-7592	Anchore CVE	Low	python3-libs-3.6.8-71.el8_10	0.00387	false
CVE-2024-7592	Twistlock CVE	Low	python3-3.6.8-71.el8_10	0.00387	false
CVE-2023-0465	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.00387	false
CVE-2023-0465	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00387	false
CVE-2023-0465	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00387	false
CVE-2025-1153	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00375	false
CVE-2025-1153	Twistlock CVE	Low	gdb-8.2-20.el8	0.00375	false
CVE-2021-39537	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.00366	false
CVE-2021-39537	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.00366	false
CVE-2021-39537	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.00366	false
CVE-2023-24531	Anchore CVE	Critical	stdlib-go1.17.13	0.00354	false
CVE-2024-11053	Twistlock CVE	Low	curl-7.61.1-34.el8_10.8	0.00337	false
CVE-2024-11053	Anchore CVE	Low	libcurl-7.61.1-34.el8_10.8	0.00337	false
CVE-2024-11053	Anchore CVE	Low	curl-7.61.1-34.el8_10.8	0.00337	false
CVE-2023-45290	Anchore CVE	Medium	stdlib-go1.17.13	0.00327	false
CVE-2023-45290	Twistlock CVE	Low	net/textproto-1.17.13	0.00327	false
CVE-2023-29405	Anchore CVE	Critical	stdlib-go1.17.13	0.00326	false
CVE-2021-4209	Twistlock CVE	Low	gnutls-3.6.16-8.el8_10.4	0.00299	false
CVE-2021-4209	Anchore CVE	Low	gnutls-3.6.16-8.el8_10.4	0.00299	false
CVE-2022-21698	Twistlock CVE	High	github.com/prometheus/client_golang/prometheus/promhttp-v1.8.0	0.00279	false
CVE-2018-19211	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.00278	false
CVE-2018-19211	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.00278	false
CVE-2018-19211	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.00278	false
CVE-2024-36623	Anchore CVE	High	github.com/docker/docker-v20.10.17+incompatible	0.00274	false
CVE-2024-34156	Anchore CVE	High	stdlib-go1.17.13	0.00268	false
CVE-2019-19244	Anchore CVE	Low	sqlite-libs-3.26.0-20.el8_10	0.00256	false
CVE-2019-19244	Twistlock CVE	Low	sqlite-3.26.0-20.el8_10	0.00256	false
CVE-2019-14250	Anchore CVE	Low	libgcc-8.5.0-28.el8_10	0.00254	false
CVE-2019-14250	Anchore CVE	Low	libstdc++-8.5.0-28.el8_10	0.00254	false
CVE-2019-14250	Twistlock CVE	Low	gcc-8.5.0-28.el8_10	0.00254	false
CVE-2024-24785	Anchore CVE	Medium	stdlib-go1.17.13	0.00246	false
CVE-2024-24785	Twistlock CVE	Low	html/template-1.17.13	0.00246	false
CVE-2023-24540	Anchore CVE	Critical	stdlib-go1.17.13	0.00243	false
CVE-2023-24540	Twistlock CVE	Critical	html/template-1.17.13	0.00243	false
CVE-2025-1795	Anchore CVE	Low	platform-python-3.6.8-71.el8_10	0.00236	false
CVE-2025-1795	Anchore CVE	Low	python3-libs-3.6.8-71.el8_10	0.00236	false
CVE-2025-1795	Twistlock CVE	Low	python3-3.6.8-71.el8_10	0.00236	false
CVE-2023-29406	Anchore CVE	Medium	stdlib-go1.17.13	0.00230	false
CVE-2023-29406	Twistlock CVE	Medium	net/http-1.17.13	0.00230	false
CVE-2022-41723	Anchore CVE	High	stdlib-go1.17.13	0.00229	false
CVE-2022-41723	Twistlock CVE	High	net/http-1.17.13	0.00229	false
CVE-2024-0397	Anchore CVE	Low	python3-libs-3.6.8-71.el8_10	0.00226	false
CVE-2024-0397	Anchore CVE	Low	platform-python-3.6.8-71.el8_10	0.00226	false
CVE-2024-0397	Twistlock CVE	Low	python3-3.6.8-71.el8_10	0.00226	false
CVE-2024-0727	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00224	false
CVE-2024-0727	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.00224	false
CVE-2024-0727	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00224	false
CVE-2024-2236	Anchore CVE	Medium	libgcrypt-1.8.5-7.el8_6	0.00222	false
CVE-2024-2236	Twistlock CVE	Medium	libgcrypt-1.8.5-7.el8_6	0.00222	false
CVE-2024-36621	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	0.00220	false
CVE-2022-4899	Twistlock CVE	Medium	zstd-1.4.4-1.el8	0.00205	false
CVE-2019-12904	Anchore CVE	Medium	libgcrypt-1.8.5-7.el8_6	0.00191	false
CVE-2023-45287	Anchore CVE	High	stdlib-go1.17.13	0.00185	false
CVE-2023-45287	Twistlock CVE	High	crypto/tls-1.17.13	0.00185	false
CVE-2023-27534	Twistlock CVE	Low	curl-7.61.1-34.el8_10.8	0.00176	false
CVE-2023-27534	Anchore CVE	Low	curl-7.61.1-34.el8_10.8	0.00176	false
CVE-2023-27534	Anchore CVE	Low	libcurl-7.61.1-34.el8_10.8	0.00176	false
CVE-2018-20657	Anchore CVE	Low	libgcc-8.5.0-28.el8_10	0.00171	false
CVE-2018-20657	Anchore CVE	Low	libstdc++-8.5.0-28.el8_10	0.00171	false
CVE-2018-20657	Twistlock CVE	Low	gcc-8.5.0-28.el8_10	0.00171	false
CVE-2024-8088	Twistlock CVE	Medium	python3-3.6.8-71.el8_10	0.00166	false
CVE-2024-8088	Anchore CVE	Medium	platform-python-3.6.8-71.el8_10	0.00166	false
CVE-2024-8088	Anchore CVE	Medium	python3-libs-3.6.8-71.el8_10	0.00166	false
CVE-2023-32636	Twistlock CVE	Low	glib2-2.56.4-167.el8_10	0.00165	false
CVE-2023-32636	Anchore CVE	Low	glib2-2.56.4-167.el8_10	0.00165	false
CVE-2023-39325	Twistlock CVE	High	net/http-1.17.13	0.00163	false
CVE-2024-45338	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	0.00157	false
CVE-2025-1632	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.00156	false
CVE-2025-1632	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.00156	false
CVE-2024-4741	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00154	false
CVE-2024-4741	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.00154	false
CVE-2024-4741	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00154	false
CVE-2024-34158	Anchore CVE	High	stdlib-go1.17.13	0.00147	false
CVE-2024-37891	Twistlock CVE	Medium	python-pip-9.0.3-24.el8	0.00142	false
CVE-2024-37891	Anchore CVE	Medium	python3-pip-wheel-9.0.3-24.el8	0.00142	false
CVE-2024-37891	Anchore CVE	Medium	platform-python-pip-9.0.3-24.el8	0.00142	false
CVE-2022-27664	Anchore CVE	High	stdlib-go1.17.13	0.00134	false
CVE-2022-27664	Twistlock CVE	High	net/http-1.17.13	0.00134	false
CVE-2023-29402	Anchore CVE	Critical	stdlib-go1.17.13	0.00124	false
CVE-2020-12413	Anchore CVE	Low	nss-util-3.112.0-4.el8_10	0.00120	false
CVE-2020-12413	Anchore CVE	Low	nss-sysinit-3.112.0-4.el8_10	0.00120	false
CVE-2020-12413	Anchore CVE	Low	nss-3.112.0-4.el8_10	0.00120	false
CVE-2020-12413	Anchore CVE	Low	nss-softokn-3.112.0-4.el8_10	0.00120	false
CVE-2020-12413	Anchore CVE	Low	nss-softokn-freebl-3.112.0-4.el8_10	0.00120	false
CVE-2020-12413	Twistlock CVE	Low	nss-3.112.0-4.el8_10	0.00120	false
CVE-2018-1000654	Anchore CVE	Low	libtasn1-4.13-5.el8_10	0.00120	false
CVE-2018-1000654	Twistlock CVE	Low	libtasn1-4.13-5.el8_10	0.00120	false
CVE-2023-27561	Twistlock CVE	High	github.com/opencontainers/runc-v1.1.3	0.00119	false
CVE-2024-13176	Anchore CVE	Low	openssl-libs-1:1.1.1k-14.el8_6	0.00118	false
CVE-2024-13176	Anchore CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00118	false
CVE-2024-13176	Twistlock CVE	Low	openssl-1:1.1.1k-14.el8_6	0.00118	false
CVE-2025-6069	Anchore CVE	Medium	platform-python-3.6.8-71.el8_10	0.00116	false
CVE-2025-6069	Anchore CVE	Medium	python3-libs-3.6.8-71.el8_10	0.00116	false
CVE-2025-6069	Twistlock CVE	Medium	python3-3.6.8-71.el8_10	0.00116	false
CVE-2025-1152	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00113	false
CVE-2025-1152	Twistlock CVE	Low	gdb-8.2-20.el8	0.00113	false
CVE-2025-1150	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00113	false
CVE-2025-1150	Twistlock CVE	Low	gdb-8.2-20.el8	0.00113	false
CVE-2023-29409	Anchore CVE	Medium	stdlib-go1.17.13	0.00112	false
CVE-2023-29409	Twistlock CVE	Medium	crypto/tls-1.17.13	0.00112	false
CVE-2023-29499	Twistlock CVE	Low	glib2-2.56.4-167.el8_10	0.00111	false
CVE-2023-29499	Anchore CVE	Low	glib2-2.56.4-167.el8_10	0.00111	false
CVE-2020-28852	Anchore CVE	High	golang.org/x/text-v0.3.3	0.00107	false
CVE-2025-1151	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00104	false
CVE-2025-1151	Twistlock CVE	Low	gdb-8.2-20.el8	0.00104	false
CVE-2019-8905	Twistlock CVE	Medium	file-5.33-27.el8_10	0.00102	false
CVE-2019-8905	Anchore CVE	Medium	file-libs-5.33-27.el8_10	0.00102	false
CVE-2021-20193	Anchore CVE	Medium	tar-2:1.30-11.el8_10	0.00100	false
CVE-2021-20193	Twistlock CVE	Low	tar-2:1.30-11.el8_10	0.00100	false
CVE-2025-7039	Twistlock CVE	Low	glib2-2.56.4-167.el8_10	0.00089	false
CVE-2023-39319	Anchore CVE	Medium	stdlib-go1.17.13	0.00085	false
CVE-2023-39319	Twistlock CVE	Medium	html/template-1.17.13	0.00085	false
CVE-2023-39318	Anchore CVE	Medium	stdlib-go1.17.13	0.00085	false
CVE-2023-39318	Twistlock CVE	Medium	html/template-1.17.13	0.00085	false
CVE-2023-29404	Anchore CVE	Critical	stdlib-go1.17.13	0.00083	false
CVE-2019-8906	Twistlock CVE	Low	file-5.33-27.el8_10	0.00081	false
CVE-2019-8906	Anchore CVE	Low	file-libs-5.33-27.el8_10	0.00081	false
CVE-2025-9086	Twistlock CVE	Medium	curl-7.61.1-34.el8_10.8	0.00077	false
CVE-2025-9086	Anchore CVE	Medium	libcurl-7.61.1-34.el8_10.8	0.00077	false
CVE-2025-9086	Anchore CVE	Medium	curl-7.61.1-34.el8_10.8	0.00077	false
CVE-2023-45322	Anchore CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00076	false
CVE-2023-45322	Anchore CVE	Low	python3-libxml2-2.9.7-21.el8_10.3	0.00076	false
CVE-2025-59375	Anchore CVE	High	expat-2.2.5-17.el8_10	0.00075	false
CVE-2025-59375	Twistlock CVE	High	expat-2.2.5-17.el8_10	0.00075	false
CVE-2025-8291	Anchore CVE	Medium	platform-python-3.6.8-71.el8_10	0.00073	false
CVE-2025-8291	Anchore CVE	Medium	python3-libs-3.6.8-71.el8_10	0.00073	false
CVE-2025-8291	Twistlock CVE	Medium	python3-3.6.8-71.el8_10	0.00073	false
CVE-2024-34155	Anchore CVE	Medium	stdlib-go1.17.13	0.00073	false
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.17.13	0.00070	false
CVE-2023-39804	Anchore CVE	Low	tar-2:1.30-11.el8_10	0.00067	false
CVE-2023-39804	Twistlock CVE	Low	tar-2:1.30-11.el8_10	0.00067	false
CVE-2023-24536	Anchore CVE	High	stdlib-go1.17.13	0.00066	false
CVE-2023-24536	Twistlock CVE	High	net/textproto-1.17.13	0.00066	false
CVE-2023-24536	Twistlock CVE	High	mime/multipart-1.17.13	0.00066	false
CVE-2023-24539	Anchore CVE	High	stdlib-go1.17.13	0.00065	false
CVE-2023-24539	Twistlock CVE	High	html/template-1.17.13	0.00065	false
CVE-2021-24032	Anchore CVE	Low	libzstd-1.4.4-1.el8	0.00062	false
CVE-2021-24032	Twistlock CVE	Low	zstd-1.4.4-1.el8	0.00062	false
CVE-2025-3360	Twistlock CVE	Low	glib2-2.56.4-167.el8_10	0.00061	false
CVE-2025-3360	Anchore CVE	Low	glib2-2.56.4-167.el8_10	0.00061	false
CVE-2022-41409	Anchore CVE	Low	pcre2-10.32-3.el8_6	0.00061	false
CVE-2022-41409	Twistlock CVE	Low	pcre2-10.32-3.el8_6	0.00061	false
CVE-2023-39323	Anchore CVE	High	stdlib-go1.17.13	0.00060	false
CVE-2025-27113	Anchore CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00059	false
CVE-2025-27113	Anchore CVE	Low	python3-libxml2-2.9.7-21.el8_10.3	0.00059	false
CVE-2025-27113	Twistlock CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00059	false
CVE-2025-5987	Twistlock CVE	Medium	libssh-0.9.6-15.el8_10	0.00058	false
CVE-2025-5987	Anchore CVE	Medium	libssh-0.9.6-15.el8_10	0.00058	false
CVE-2025-5987	Anchore CVE	Medium	libssh-config-0.9.6-15.el8_10	0.00058	false
CVE-2024-43168	Anchore CVE	Low	unbound-libs-1.16.2-5.9.el8_10	0.00057	false
CVE-2024-43168	Anchore CVE	Low	python3-unbound-1.16.2-5.9.el8_10	0.00057	false
CVE-2024-43168	Twistlock CVE	Low	unbound-1.16.2-5.9.el8_10	0.00057	false
CVE-2025-5372	Twistlock CVE	Medium	libssh-0.9.6-15.el8_10	0.00056	false
CVE-2025-5372	Anchore CVE	Medium	libssh-config-0.9.6-15.el8_10	0.00056	false
CVE-2025-5372	Anchore CVE	Medium	libssh-0.9.6-15.el8_10	0.00056	false
CVE-2024-45336	Anchore CVE	Medium	stdlib-go1.17.13	0.00055	false
CVE-2024-45336	Twistlock CVE	Low	net/http-1.17.13	0.00055	false
CVE-2023-45803	Twistlock CVE	Medium	python-pip-9.0.3-24.el8	0.00055	false
CVE-2023-45803	Anchore CVE	Medium	python3-pip-wheel-9.0.3-24.el8	0.00055	false
CVE-2023-45803	Anchore CVE	Medium	platform-python-pip-9.0.3-24.el8	0.00055	false
CVE-2023-45285	Anchore CVE	High	stdlib-go1.17.13	0.00055	false
CVE-2023-32665	Twistlock CVE	Low	glib2-2.56.4-167.el8_10	0.00055	false
CVE-2023-32665	Anchore CVE	Low	glib2-2.56.4-167.el8_10	0.00055	false
CVE-2025-4598	Twistlock CVE	Medium	systemd-239-82.el8_10.8	0.00053	false
CVE-2025-4598	Anchore CVE	Medium	systemd-libs-239-82.el8_10.8	0.00053	false
CVE-2025-4598	Anchore CVE	Medium	systemd-239-82.el8_10.8	0.00053	false
CVE-2025-4598	Anchore CVE	Medium	systemd-pam-239-82.el8_10.8	0.00053	false
CVE-2022-41725	Anchore CVE	High	stdlib-go1.17.13	0.00051	false
CVE-2022-41725	Twistlock CVE	High	mime/multipart-1.17.13	0.00051	false
CVE-2025-8277	Twistlock CVE	Low	libssh-0.9.6-15.el8_10	0.00050	false
CVE-2025-8277	Anchore CVE	Low	libssh-config-0.9.6-15.el8_10	0.00050	false
CVE-2025-8277	Anchore CVE	Low	libssh-0.9.6-15.el8_10	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-softokn-freebl-3.112.0-4.el8_10	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-softokn-3.112.0-4.el8_10	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-3.112.0-4.el8_10	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-sysinit-3.112.0-4.el8_10	0.00050	false
CVE-2024-7531	Anchore CVE	Low	nss-util-3.112.0-4.el8_10	0.00050	false
CVE-2024-7531	Twistlock CVE	Low	nss-3.112.0-4.el8_10	0.00050	false
CVE-2023-50495	Anchore CVE	Low	ncurses-libs-6.1-10.20180224.el8	0.00050	false
CVE-2023-50495	Anchore CVE	Low	ncurses-base-6.1-10.20180224.el8	0.00050	false
CVE-2023-50495	Twistlock CVE	Low	ncurses-6.1-10.20180224.el8	0.00050	false
CVE-2022-27943	Anchore CVE	Low	libstdc++-8.5.0-28.el8_10	0.00050	false
CVE-2022-27943	Anchore CVE	Low	libgcc-8.5.0-28.el8_10	0.00050	false
CVE-2022-27943	Twistlock CVE	Low	gcc-8.5.0-28.el8_10	0.00050	false
CVE-2025-45582	Anchore CVE	Medium	tar-2:1.30-11.el8_10	0.00049	false
CVE-2025-45582	Twistlock CVE	Medium	tar-2:1.30-11.el8_10	0.00049	false
CVE-2023-39326	Anchore CVE	Medium	stdlib-go1.17.13	0.00048	false
CVE-2023-39326	Twistlock CVE	Medium	net/http/internal-1.17.13	0.00048	false
CVE-2023-29400	Anchore CVE	High	stdlib-go1.17.13	0.00048	false
CVE-2023-29400	Twistlock CVE	High	html/template-1.17.13	0.00048	false
CVE-2023-24534	Anchore CVE	High	stdlib-go1.17.13	0.00045	false
CVE-2023-24534	Twistlock CVE	High	net/textproto-1.17.13	0.00045	false
CVE-2025-5351	Twistlock CVE	Medium	libssh-0.9.6-15.el8_10	0.00039	false
CVE-2025-5351	Anchore CVE	Medium	libssh-config-0.9.6-15.el8_10	0.00039	false
CVE-2025-5351	Anchore CVE	Medium	libssh-0.9.6-15.el8_10	0.00039	false
CVE-2024-45341	Anchore CVE	Medium	stdlib-go1.17.13	0.00039	false
CVE-2024-45341	Twistlock CVE	Low	crypto/x509-1.17.13	0.00039	false
CVE-2013-0340	Anchore CVE	Medium	expat-2.2.5-17.el8_10	0.00037	false
CVE-2025-5915	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.00035	false
CVE-2025-5915	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.00035	false
CVE-2024-43167	Anchore CVE	Low	unbound-libs-1.16.2-5.9.el8_10	0.00034	false
CVE-2024-43167	Anchore CVE	Low	python3-unbound-1.16.2-5.9.el8_10	0.00034	false
CVE-2024-43167	Twistlock CVE	Low	unbound-1.16.2-5.9.el8_10	0.00034	false
CVE-2023-32611	Twistlock CVE	Low	glib2-2.56.4-167.el8_10	0.00034	false
CVE-2023-32611	Anchore CVE	Low	glib2-2.56.4-167.el8_10	0.00034	false
CVE-2023-25809	Twistlock CVE	Low	github.com/opencontainers/runc-v1.1.3	0.00033	false
CVE-2025-5916	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.00031	false
CVE-2025-5916	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.00031	false
CVE-2023-4156	Anchore CVE	Low	gawk-4.2.1-4.el8	0.00031	false
CVE-2023-4156	Twistlock CVE	Low	gawk-4.2.1-4.el8	0.00031	false
CVE-2025-6170	Anchore CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00029	false
CVE-2025-6170	Anchore CVE	Low	python3-libxml2-2.9.7-21.el8_10.3	0.00029	false
CVE-2025-6170	Twistlock CVE	Low	libxml2-2.9.7-21.el8_10.3	0.00029	false
CVE-2022-36109	Twistlock CVE	Medium	github.com/docker/docker-v20.10.17	0.00027	false
CVE-2022-2880	Anchore CVE	High	stdlib-go1.17.13	0.00027	false
CVE-2022-2880	Twistlock CVE	High	net/http/httputil-1.17.13	0.00027	false
CVE-2025-5917	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.00026	false
CVE-2025-5917	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.00026	false
CVE-2025-5245	Anchore CVE	Medium	gdb-gdbserver-8.2-20.el8	0.00026	false
CVE-2025-5245	Twistlock CVE	Medium	gdb-8.2-20.el8	0.00026	false
CVE-2024-57360	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00026	false
CVE-2024-57360	Twistlock CVE	Low	gdb-8.2-20.el8	0.00026	false
CVE-2025-9714	Anchore CVE	Medium	libxml2-2.9.7-21.el8_10.3	0.00025	false
CVE-2025-9714	Anchore CVE	Medium	python3-libxml2-2.9.7-21.el8_10.3	0.00025	false
CVE-2025-9714	Twistlock CVE	Medium	libxml2-2.9.7-21.el8_10.3	0.00025	false
CVE-2025-5918	Anchore CVE	Low	libarchive-3.3.3-6.el8_10	0.00025	false
CVE-2025-5918	Twistlock CVE	Low	libarchive-3.3.3-6.el8_10	0.00025	false
CVE-2025-5278	Anchore CVE	Medium	coreutils-single-8.30-15.el8	0.00025	false
CVE-2025-5278	Twistlock CVE	Medium	coreutils-8.30-15.el8	0.00025	false
CVE-2025-47906	Twistlock CVE	Low	os/exec-1.17.13	0.00024	false
CVE-2025-47906	Anchore CVE	Medium	stdlib-go1.17.13	0.00024	false
CVE-2023-24532	Anchore CVE	Medium	stdlib-go1.17.13	0.00024	false
CVE-2025-50181	Anchore CVE	Medium	platform-python-pip-9.0.3-24.el8	0.00023	false
CVE-2025-50181	Anchore CVE	Medium	python3-pip-wheel-9.0.3-24.el8	0.00023	false
CVE-2025-50181	Twistlock CVE	Medium	python-pip-9.0.3-24.el8	0.00023	false
CVE-2025-50181	Twistlock CVE	Medium	python-urllib3-1.24.2-8.el8_10	0.00023	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.17.13	0.00023	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.17.13	0.00023	false
CVE-2025-30258	Anchore CVE	Low	gnupg2-2.2.20-3.el8_6	0.00022	false
CVE-2025-30258	Twistlock CVE	Low	gnupg2-2.2.20-3.el8_6	0.00022	false
CVE-2023-45284	Twistlock CVE	Medium	path/filepath-1.17.13	0.00022	false
CVE-2024-45310	Twistlock CVE	Medium	github.com/opencontainers/runc-v1.1.3	0.00021	false
CVE-2025-11495	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2025-11495	Twistlock CVE	Low	gdb-8.2-20.el8	0.00020	false
CVE-2025-11494	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2025-11494	Twistlock CVE	Low	gdb-8.2-20.el8	0.00020	false
CVE-2025-11414	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2025-11414	Twistlock CVE	Low	gdb-8.2-20.el8	0.00020	false
CVE-2025-11413	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2025-11413	Twistlock CVE	Low	gdb-8.2-20.el8	0.00020	false
CVE-2025-11412	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2025-11412	Twistlock CVE	Low	gdb-8.2-20.el8	0.00020	false
CVE-2025-11083	Twistlock CVE	Medium	gdb-8.2-20.el8	0.00020	false
CVE-2025-11083	Anchore CVE	Medium	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2025-11081	Twistlock CVE	Medium	gdb-8.2-20.el8	0.00020	false
CVE-2025-11081	Anchore CVE	Medium	gdb-gdbserver-8.2-20.el8	0.00020	false
CVE-2021-3997	Twistlock CVE	Low	systemd-239-82.el8_10.8	0.00020	false
CVE-2021-3997	Anchore CVE	Medium	systemd-239-82.el8_10.8	0.00020	false
CVE-2021-3997	Anchore CVE	Medium	systemd-libs-239-82.el8_10.8	0.00020	false
CVE-2021-3997	Anchore CVE	Medium	systemd-pam-239-82.el8_10.8	0.00020	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.17.13	0.00019	false
CVE-2023-52426	Twistlock CVE	Medium	expat-2.2.5-17.el8_10	0.00019	false
CVE-2023-52426	Anchore CVE	Medium	expat-2.2.5-17.el8_10	0.00019	false
CVE-2021-33294	Anchore CVE	Medium	elfutils-libs-0.190-2.el8	0.00019	false
CVE-2021-33294	Anchore CVE	Medium	elfutils-libelf-0.190-2.el8	0.00019	false
CVE-2021-33294	Anchore CVE	Medium	elfutils-default-yama-scope-0.190-2.el8	0.00019	false
CVE-2021-33294	Anchore CVE	Medium	elfutils-debuginfod-client-0.190-2.el8	0.00019	false
CVE-2021-33294	Twistlock CVE	Medium	elfutils-0.190-2.el8	0.00019	false
CVE-2025-8869	Twistlock CVE	Medium	pip-9.0.3	0.00018	false
CVE-2025-8114	Twistlock CVE	Medium	libssh-0.9.6-15.el8_10	0.00018	false
CVE-2025-8114	Anchore CVE	Medium	libssh-config-0.9.6-15.el8_10	0.00018	false
CVE-2025-8114	Anchore CVE	Medium	libssh-0.9.6-15.el8_10	0.00018	false
CVE-2025-4878	Twistlock CVE	Low	libssh-0.9.6-15.el8_10	0.00018	false
CVE-2025-4878	Anchore CVE	Low	libssh-config-0.9.6-15.el8_10	0.00018	false
CVE-2025-4878	Anchore CVE	Low	libssh-0.9.6-15.el8_10	0.00018	false
CVE-2025-25724	Anchore CVE	Medium	libarchive-3.3.3-6.el8_10	0.00018	false
CVE-2025-25724	Twistlock CVE	Medium	libarchive-3.3.3-6.el8_10	0.00018	false
CVE-2024-0232	Anchore CVE	Low	sqlite-libs-3.26.0-20.el8_10	0.00018	false
CVE-2024-0232	Twistlock CVE	Low	sqlite-3.26.0-20.el8_10	0.00018	false
CVE-2020-35512	Anchore CVE	Low	dbus-libs-1:1.12.8-27.el8_10	0.00017	false
CVE-2020-35512	Anchore CVE	Low	dbus-common-1:1.12.8-27.el8_10	0.00017	false
CVE-2020-35512	Anchore CVE	Low	dbus-1:1.12.8-27.el8_10	0.00017	false
CVE-2020-35512	Anchore CVE	Low	dbus-tools-1:1.12.8-27.el8_10	0.00017	false
CVE-2020-35512	Anchore CVE	Low	dbus-daemon-1:1.12.8-27.el8_10	0.00017	false
CVE-2020-35512	Twistlock CVE	Low	dbus-1:1.12.8-27.el8_10	0.00017	false
CVE-2025-3198	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00016	false
CVE-2025-3198	Twistlock CVE	Low	gdb-8.2-20.el8	0.00016	false
CVE-2022-41724	Anchore CVE	High	stdlib-go1.17.13	0.00016	false
CVE-2022-41724	Twistlock CVE	High	crypto/tls-1.17.13	0.00016	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.17.13	0.00015	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.17.13	0.00015	false
CVE-2025-50182	Anchore CVE	Medium	platform-python-pip-9.0.3-24.el8	0.00014	false
CVE-2025-50182	Anchore CVE	Medium	python3-pip-wheel-9.0.3-24.el8	0.00014	false
CVE-2025-50182	Twistlock CVE	Medium	python-pip-9.0.3-24.el8	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-debuginfod-client-0.190-2.el8	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-default-yama-scope-0.190-2.el8	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libelf-0.190-2.el8	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libs-0.190-2.el8	0.00014	false
CVE-2024-25260	Twistlock CVE	Low	elfutils-0.190-2.el8	0.00014	false
CVE-2022-41715	Anchore CVE	High	stdlib-go1.17.13	0.00014	false
CVE-2022-41715	Twistlock CVE	High	regexp/syntax-1.17.13	0.00014	false
CVE-2022-2879	Anchore CVE	High	stdlib-go1.17.13	0.00014	false
CVE-2025-4516	Anchore CVE	Medium	python3-libs-3.6.8-71.el8_10	0.00013	false
CVE-2025-4516	Anchore CVE	Medium	platform-python-3.6.8-71.el8_10	0.00013	false
CVE-2025-4516	Twistlock CVE	Medium	python3-3.6.8-71.el8_10	0.00013	false
CVE-2025-22866	Anchore CVE	Medium	stdlib-go1.17.13	0.00013	false
CVE-2025-11840	Twistlock CVE	Low	gdb-8.2-20.el8	0.00013	false
CVE-2025-11840	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00013	false
CVE-2025-11839	Twistlock CVE	Low	gdb-8.2-20.el8	0.00013	false
CVE-2025-11839	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00013	false
CVE-2024-57970	Anchore CVE	Medium	libarchive-3.3.3-6.el8_10	0.00013	false
CVE-2024-57970	Twistlock CVE	Medium	libarchive-3.3.3-6.el8_10	0.00013	false
CVE-2023-24537	Anchore CVE	High	stdlib-go1.17.13	0.00013	false
CVE-2022-3219	Anchore CVE	Low	gnupg2-2.2.20-3.el8_6	0.00012	false
CVE-2023-28642	Twistlock CVE	Medium	github.com/opencontainers/runc-v1.1.3	0.00011	false
CVE-2023-29403	Anchore CVE	High	stdlib-go1.17.13	0.00009	false
CVE-2023-29403	Twistlock CVE	High	runtime-1.17.13	0.00009	false
CVE-2022-47011	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00009	false
CVE-2022-47011	Twistlock CVE	Low	gdb-8.2-20.el8	0.00009	false
CVE-2022-47010	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00009	false
CVE-2022-47010	Twistlock CVE	Low	gdb-8.2-20.el8	0.00009	false
CVE-2022-47007	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	0.00009	false
CVE-2022-47007	Twistlock CVE	Low	gdb-8.2-20.el8	0.00009	false
CVE-2025-54410	Twistlock CVE	Low	github.com/docker/docker-v20.10.17	0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.17.13	0.00006	false
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.17.13	0.00006	false
CVE-2025-62813	Anchore CVE	Medium	lz4-libs-1.8.3-5.el8_10	N/A	false
CVE-2025-61725	Anchore CVE	High	stdlib-go1.17.13	N/A	false
CVE-2025-61724	Twistlock CVE	Low	net/textproto-1.17.13	N/A	false
CVE-2025-61724	Anchore CVE	Medium	stdlib-go1.17.13	N/A	false
CVE-2025-61723	Twistlock CVE	Low	encoding/pem-1.17.13	N/A	false
CVE-2025-61723	Anchore CVE	High	stdlib-go1.17.13	N/A	false
CVE-2025-60753	Anchore CVE	Medium	libarchive-3.3.3-6.el8_10	N/A	false
CVE-2025-60753	Twistlock CVE	Medium	libarchive-3.3.3-6.el8_10	N/A	false
CVE-2025-6075	Anchore CVE	Low	python3-libs-3.6.8-71.el8_10	N/A	false
CVE-2025-6075	Anchore CVE	Low	platform-python-3.6.8-71.el8_10	N/A	false
CVE-2025-6075	Twistlock CVE	Low	python3-3.6.8-71.el8_10	N/A	false
CVE-2025-58189	Twistlock CVE	Low	crypto/tls-1.17.13	N/A	false
CVE-2025-58189	Anchore CVE	Medium	stdlib-go1.17.13	N/A	false
CVE-2025-58188	Twistlock CVE	Low	crypto/x509-1.17.13	N/A	false
CVE-2025-58188	Anchore CVE	High	stdlib-go1.17.13	N/A	false
CVE-2025-58187	Twistlock CVE	Low	crypto/x509-1.17.13	N/A	false
CVE-2025-58187	Anchore CVE	High	stdlib-go1.17.13	N/A	false
CVE-2025-58186	Twistlock CVE	Low	net/http-1.17.13	N/A	false
CVE-2025-58186	Anchore CVE	Medium	stdlib-go1.17.13	N/A	false
CVE-2025-58185	Anchore CVE	Medium	stdlib-go1.17.13	N/A	false
CVE-2025-58183	Anchore CVE	Medium	stdlib-go1.17.13	N/A	false
CVE-2025-52881	Twistlock CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	false
CVE-2025-52881	Twistlock CVE	High	github.com/opencontainers/selinux-v1.10.0	N/A	false
CVE-2025-52565	Twistlock CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	false
CVE-2025-52099	Twistlock CVE	Medium	sqlite-3.26.0-20.el8_10	N/A	false
CVE-2025-52099	Anchore CVE	Medium	sqlite-libs-3.26.0-20.el8_10	N/A	false
CVE-2025-47912	Twistlock CVE	Low	net/url-1.17.13	N/A	false
CVE-2025-47912	Anchore CVE	Medium	stdlib-go1.17.13	N/A	false
CVE-2025-31133	Twistlock CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	false
CVE-2025-12863	Twistlock CVE	High	libxml2-2.9.7-21.el8_10.3	N/A	false
CVE-2025-12863	Anchore CVE	High	python3-libxml2-2.9.7-21.el8_10.3	N/A	false
CVE-2025-12863	Anchore CVE	High	libxml2-2.9.7-21.el8_10.3	N/A	false
CVE-2025-11411	Twistlock CVE	Medium	unbound-1.16.2-5.9.el8_10	N/A	false
CVE-2025-11411	Anchore CVE	Medium	python3-unbound-1.16.2-5.9.el8_10	N/A	false
CVE-2025-11411	Anchore CVE	Medium	unbound-libs-1.16.2-5.9.el8_10	N/A	false
CVE-2025-10966	Twistlock CVE	Medium	curl-7.61.1-34.el8_10.8	N/A	false
CVE-2025-10966	Anchore CVE	Medium	libcurl-7.61.1-34.el8_10.8	N/A	false
CVE-2025-10966	Anchore CVE	Medium	curl-7.61.1-34.el8_10.8	N/A	false
CVE-2023-2222	Anchore CVE	Low	gdb-gdbserver-8.2-20.el8	N/A	false
addbb93c22e9b0988b8b40392a4538cb	Anchore Compliance	Low		N/A	N/A
PRISMA-2023-0056	Twistlock CVE	Medium	github.com/sirupsen/logrus-v1.8.1	N/A	N/A
GO-2022-1107	Twistlock CVE	Low	github.com/docker/docker-v20.10.17	N/A	N/A
GHSA-xw73-rw38-6vjc	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-xrjj-mj9h-534m	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-xr7r-f8xq-vfvv	Anchore CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-vvpx-j8f3-3w6h	Anchore CVE	High	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-vpvm-3wq2-2wvm	Anchore CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-vp35-85q5-9f25	Anchore CVE	Low	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-v23v-6jw2-98fq	Anchore CVE	Critical	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-rc4r-wh2q-q6c4	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-qxp5-gwg8-xv66	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-qw9x-cqr3-wc7r	Anchore CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-qppj-fm5r-hxr3	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-ppp9-7jff-5vj2	Anchore CVE	High	golang.org/x/text-v0.3.3	N/A	N/A
GHSA-p782-xgp4-8hr8	Anchore CVE	Medium	golang.org/x/sys-v0.0.0-20211116061358-0a5406a5449c	N/A	N/A
GHSA-mq39-4gv4-mvpx	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-m8cg-xc2p-r3fc	Anchore CVE	Low	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-m425-mq94-257g	Anchore CVE	High	google.golang.org/grpc-v1.33.2	N/A	N/A
GHSA-jq35-85cj-fj4p	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-jq35-85cj-fj4p	Twistlock CVE	Medium	github.com/docker/docker-v20.10.17	N/A	N/A
GHSA-jfvp-7x6p-h2pv	Anchore CVE	Medium	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-hqxw-f8mx-cpmw	Anchore CVE	High	github.com/docker/distribution-v2.8.1+incompatible	N/A	N/A
GHSA-h86h-8ppg-mxmh	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-g2j6-57v7-gm8c	Anchore CVE	Medium	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-cgrx-mc8f-2prm	Anchore CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-cgrx-mc8f-2prm	Anchore CVE	High	github.com/opencontainers/selinux-v1.10.0	N/A	N/A
GHSA-cg3q-j54f-5p7p	Anchore CVE	High	github.com/prometheus/client_golang-v1.8.0	N/A	N/A
GHSA-9493-h29p-rfm2	Anchore CVE	High	github.com/opencontainers/runc-v1.1.3	N/A	N/A
GHSA-8r3f-844c-mc37	Anchore CVE	Medium	google.golang.org/protobuf-v1.27.1	N/A	N/A
GHSA-83g2-8m93-v3w7	Anchore CVE	High	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-6xv5-86q9-7xr8	Anchore CVE	Medium	github.com/cyphar/filepath-securejoin-v0.2.3	N/A	N/A
GHSA-6wrf-mxfj-pf5p	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.0.0-20200902213428-5d25da1a8d43	N/A	N/A
GHSA-69ch-w2m2-3vjp	Anchore CVE	High	golang.org/x/text-v0.3.3	N/A	N/A
GHSA-69cg-p879-7622	Anchore CVE	High	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-4vq8-7jfc-9cvp	Anchore CVE	Low	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-4v7x-pqxf-cx7m	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-4374-p667-p6c8	Anchore CVE	High	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-33pg-m6jh-5237	Anchore CVE	Medium	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
GHSA-2wrh-6pvc-2jm9	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20210226172049-e18ecbb05110	N/A	N/A
GHSA-232p-vwff-86mp	Anchore CVE	High	github.com/docker/docker-v20.10.17+incompatible	N/A	N/A
CCE-89707-4	OSCAP Compliance	Medium		N/A	N/A
CCE-86473-6	OSCAP Compliance	Medium		N/A	N/A
CCE-86106-2	OSCAP Compliance	Medium		N/A	N/A
CCE-85902-5	OSCAP Compliance	High		N/A	N/A
CCE-85899-3	OSCAP Compliance	Medium		N/A	N/A
CCE-85897-7	OSCAP Compliance	Medium		N/A	N/A
CCE-85870-4	OSCAP Compliance	Medium		N/A	N/A
CCE-84255-9	OSCAP Compliance	Medium		N/A	N/A
CCE-84254-2	OSCAP Compliance	Medium		N/A	N/A
CCE-82730-3	OSCAP Compliance	Medium		N/A	N/A
CCE-81044-0	OSCAP Compliance	Low		N/A	N/A
CCE-80935-0	OSCAP Compliance	High		N/A	N/A
CCE-80854-3	OSCAP Compliance	Low		N/A	N/A
CCE-80853-5	OSCAP Compliance	Low		N/A	N/A
CCE-80852-7	OSCAP Compliance	Low		N/A	N/A
CCE-80851-9	OSCAP Compliance	Low		N/A	N/A
CCE-80839-4	OSCAP Compliance	Medium		N/A	N/A
CCE-80838-6	OSCAP Compliance	Medium		N/A	N/A
CCE-80837-8	OSCAP Compliance	Medium		N/A	N/A
CCE-80664-6	OSCAP Compliance	Medium		N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/google/cadvisor&tag=0.45.0&branch=master

Novel Tidelift Findings (Experimental)

opensource/google/cadvisor has 21 novel Tidelift findings discovered during continuous monitoring.

NOTE: This table is for Iron Bank evaluation and testing purposes. No action required by vendors.

id	cvss score	package	impact	workaround	epss_score	kev
CVE-2019-9740	6.1	urllib3-1.24.2	Its unlikely for an attacker to control the URL youre fetching.		0.11774	false
CVE-2016-5699	6.1	urllib3-1.24.2	Its unlikely for an attacker to control URLs.	Reject URLs with rn or encode those characters.	0.11628	false
CVE-2023-32681	6.1	requests-2.20.0	Requires that deployment or integration of requests is being used to a connect to untrusted hosts b is connecting over HTTPS and c is using proxies to do so.		0.06121	false
CVE-2024-6345	8.8	setuptools-39.2.0	Most users have migrated off of the code paths that are affected. The affected code paths are actively deprecated and planned for turn down. Only specialized and legacy workflows are affected.	Use recommended installers pip, uv, build, system package managers to install all packages from trusted indexes. If working with untrusted content in private indexes, consider scanning for malicious code in the package index pages.	0.04362	false
CVE-2019-11324	7.5	urllib3-1.24.2	cacerts is a commonly used parameter.		0.01415	false
CVE-2019-9947	6.1	urllib3-1.24.2	Its unlikely for an attacker to control an URL.	Reject URLs with rn or encode those characters.	0.01184	false
CVE-2021-33503	7.5	urllib3-1.24.2	Attackers dont usually control the URLs that urllib3 fetches.	Its possible but inconvenient to filter URLs with many .	0.00863	false
CVE-2019-20916	7.5	pip-9.0.3	Passing untrusted URLs to pip is not an intended usage pattern.		0.00622	false
CVE-2019-11236	6.1	urllib3-1.24.2	Its unlikely for an attacker to control an URL.	Reject queries with rn or encode those characters.	0.00586	false
CVE-2023-43804	8.1	urllib3-1.24.2	Usage of the Cookie header is rare with urllib3. This is more common and useful in browsers. Redirections to another origin are also not the common case.		0.00472	false
CVE-2022-40897	7.5	setuptools-39.2.0	Code path is deprecated.		0.00339	false
CVE-2024-3651	7.5	idna-2.5			0.00338	false
CVE-2021-3572	5.7	pip-9.0.3			0.00240	false
CVE-2020-26137	6.5	urllib3-1.24.2	Its unlikely to use putrequest which is not documented as part of urllib3s API, but only inherited from http.client.		0.00239	false
CVE-2024-37891	4.4	urllib3-1.24.2	Theres no reason to set ProxyAuthorization without using urllib3s proxy support.	Using the ProxyAuthorization header with urllib3s ProxyManager. Disabling HTTP redirects using redirectsFalse when sending requests. Not using the ProxyAuthorization header.	0.00142	false
CVE-2024-47081	5.3	requests-2.20.0			0.00104	false
CVE-2025-47273	7.7	setuptools-39.2.0			0.00077	false
CVE-2023-45803	4.2	urllib3-1.24.2	No exploits from real world were reported	Disable redirects for services that you arent expecting to respond with redirects with redirectsFalse.Disable automatic redirects with redirectsFalse and handle 303 redirects manually by stripping the HTTP request body.	0.00055	false
CVE-2024-35195	5.6	requests-2.20.0			0.00044	false
CVE-2023-5752	5.5	pip-9.0.3	Only users using Mercurial VCS functionality with untrusted inputs are affected.		0.00044	false
CVE-2025-50182	5.3	urllib3-1.24.2	Pyodide is extremely rare configuration for users in production.		0.00014	false

Tasks

Contributor:

Apply the StatusReview label to this issue for a merge request review and wait for feedback

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Nov 09, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information