Many High php-checks Vulnerabilities from Grype
Description
I am using anchore/grype to scan images for vulnerabilities for a project and trying to mitigate the ones I can. When I use grype on registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube9-community:9.2.4-community I get a book of high to critical CVEs from php-checks, php-frontend and some from python-checks and python-frontend. Is there a way to fix these vulnerabilities, are these all simply false positives, or are these unfixable? I ask because I didn't see these packages in the anchore security csv provided.
Steps to reproduce the issue:
grype registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube9-community:9.2.4-community -o table
Results
NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
php-checks 3.21.2.8292 CVE-2004-1018 High
php-checks 3.21.2.8292 CVE-2006-3017 High
php-checks 3.21.2.8292 CVE-2006-5465 High
php-checks 3.21.2.8292 CVE-2006-5706 High
php-checks 3.21.2.8292 CVE-2007-0910 High
php-checks 3.21.2.8292 CVE-2007-1413 High
php-checks 3.21.2.8292 CVE-2007-1461 High
php-checks 3.21.2.8292 CVE-2007-1864 High
php-checks 3.21.2.8292 CVE-2007-4586 High
php-checks 3.21.2.8292 CVE-2007-4596 High
php-checks 3.21.2.8292 CVE-2007-4659 High
php-checks 3.21.2.8292 CVE-2007-4660 High
php-checks 3.21.2.8292 CVE-2007-4662 High
php-checks 3.21.2.8292 CVE-2007-4663 High
php-checks 3.21.2.8292 CVE-2007-4825 High
php-checks 3.21.2.8292 CVE-2007-5653 High
php-checks 3.21.2.8292 CVE-2008-0145 High
php-checks 3.21.2.8292 CVE-2008-0599 High
php-checks 3.21.2.8292 CVE-2008-2050 High
php-checks 3.21.2.8292 CVE-2008-2051 High
php-checks 3.21.2.8292 CVE-2008-2107 High
php-checks 3.21.2.8292 CVE-2008-2108 High
php-checks 3.21.2.8292 CVE-2008-5625 High
php-checks 3.21.2.8292 CVE-2008-5658 High
php-checks 3.21.2.8292 CVE-2009-3291 High
php-checks 3.21.2.8292 CVE-2009-3292 High
php-checks 3.21.2.8292 CVE-2009-3293 High
php-checks 3.21.2.8292 CVE-2009-4018 High
php-checks 3.21.2.8292 CVE-2009-4143 High
php-checks 3.21.2.8292 CVE-2011-1092 High
php-checks 3.21.2.8292 CVE-2011-1148 High
php-checks 3.21.2.8292 CVE-2011-1153 High
php-checks 3.21.2.8292 CVE-2011-1939 Critical
php-checks 3.21.2.8292 CVE-2011-3268 High
...
php-frontend 3.21.2.8292 CVE-2004-1018 High
php-frontend 3.21.2.8292 CVE-2006-3017 High
php-frontend 3.21.2.8292 CVE-2006-5465 High
php-frontend 3.21.2.8292 CVE-2006-5706 High
php-frontend 3.21.2.8292 CVE-2007-0910 High
php-frontend 3.21.2.8292 CVE-2007-1413 High
php-frontend 3.21.2.8292 CVE-2007-1461 High
php-frontend 3.21.2.8292 CVE-2007-1864 High
php-frontend 3.21.2.8292 CVE-2007-4586 High
php-frontend 3.21.2.8292 CVE-2007-4596 High
php-frontend 3.21.2.8292 CVE-2007-4659 High
php-frontend 3.21.2.8292 CVE-2007-4660 High
php-frontend 3.21.2.8292 CVE-2007-4662 High
php-frontend 3.21.2.8292 CVE-2007-4663 High
php-frontend 3.21.2.8292 CVE-2007-4825 High
php-frontend 3.21.2.8292 CVE-2007-5653 High
php-frontend 3.21.2.8292 CVE-2008-0145 High
php-frontend 3.21.2.8292 CVE-2008-0599 High
php-frontend 3.21.2.8292 CVE-2008-2050 High
php-frontend 3.21.2.8292 CVE-2008-2051 High
...
python-checks 3.8.0.8883 CVE-2020-15523 High
python-checks 3.8.0.8883 CVE-2020-26116 High
python-checks 3.8.0.8883 CVE-2020-27619 Critical
python-checks 3.8.0.8883 CVE-2021-29921 Critical
python-checks 3.8.0.8883 CVE-2021-3177 Critical
...
python-frontend 3.8.0.8883 CVE-2020-15523 High
python-frontend 3.8.0.8883 CVE-2020-26116 High
python-frontend 3.8.0.8883 CVE-2020-27619 Critical
python-frontend 3.8.0.8883 CVE-2021-29921 Critical
python-frontend 3.8.0.8883 CVE-2021-3177 Critical
...
I use ... to denote there are more vulnerabilities than the ones I listed here.