chore(findings): synopsys/codedx/codedx-docker-tomcat
Summary
synopsys/codedx/codedx-docker-tomcat has 706 new findings discovered during continuous monitoring.
Layer: opensource/apache/tomcat9-openjdk11:9.0.106 is EOL, please update if possible
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/codedx/codedx-docker-tomcat&tag=v2023.8.2&branch=master
EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.
KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.
| id | source | severity | package | impact | workaround | epss_score | kev |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.94419 | true | ||
| CVE-2023-44487 | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.87.Final | 0.94419 | true | ||
| CVE-2023-44487 | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.86.Final | 0.94419 | true | ||
| CVE-2023-44487 | Anchore CVE | High | netty-codec-http2-4.1.87.Final | 0.94419 | true | ||
| CVE-2023-44487 | Anchore CVE | High | netty-codec-http2-4.1.86.Final | 0.94419 | true | ||
| CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.33 | 0.93849 | false | ||
| CVE-2023-48795 | Anchore CVE | Medium | sshd-core-2.9.2 | 0.57900 | false | ||
| CVE-2023-48795 | Anchore CVE | Medium | sshd-osgi-2.9.2 | 0.57900 | false | ||
| CVE-2023-48795 | Anchore CVE | Medium | sshd-sftp-2.9.2 | 0.57900 | false | ||
| CVE-2023-48795 | Anchore CVE | Medium | sshd-common-2.9.2 | 0.57900 | false | ||
| CVE-2024-22259 | Twistlock CVE | Low | spring-core-5.3.22 | 0.54422 | false | ||
| CVE-2024-22259 | Anchore CVE | High | spring-core-5.3.22 | 0.54422 | false | ||
| CVE-2023-20860 | Anchore CVE | High | spring-core-5.3.22 | 0.53491 | false | ||
| CVE-2023-20860 | Twistlock CVE | High | spring-core-5.3.22 | 0.53491 | false | ||
| CVE-2023-24998 | Twistlock CVE | High | commons-fileupload_commons-fileupload-1.3.3 | 0.47785 | false | ||
| CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26048 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 | 0.39409 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-mapreduce-client-common-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-mapreduce-client-core-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-client-api-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-auth-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-yarn-api-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-hdfs-client-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-yarn-common-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-client-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-annotations-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-common-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-yarn-client-3.3.4 | 0.16285 | false | ||
| CVE-2023-26031 | Anchore CVE | High | hadoop-mapreduce-client-jobclient-3.3.4 | 0.16285 | false | ||
| CVE-2007-1100 | Anchore CVE | High | pickle-1.3 | 0.07917 | false | ||
| CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.05222 | false | ||
| CVE-2022-42920 | Twistlock CVE | Critical | org.apache.bcel_bcel-6.5.0 | 0.04619 | false | ||
| CVE-2021-23383 | Anchore CVE | Critical | handlebars-4.3.1 | 0.04396 | false | ||
| CVE-2018-10237 | Twistlock CVE | Medium | com.google.guava_guava-14.0.1 | 0.03259 | false | ||
| CVE-2025-59419 | Twistlock CVE | High | io.netty_netty-codec-smtp-4.1.86.Final | 0.03189 | false | ||
| CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.8 | 0.02798 | false | ||
| CVE-2021-42550 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.3 | 0.02604 | false | ||
| CVE-2021-23369 | Anchore CVE | Critical | handlebars-4.3.1 | 0.02542 | false | ||
| CVE-2024-52338 | Anchore CVE | Critical | arrow-memory-core-11.0.0 | 0.02430 | false | ||
| CVE-2024-52338 | Anchore CVE | Critical | arrow-memory-netty-11.0.0 | 0.02430 | false | ||
| CVE-2024-52338 | Anchore CVE | Critical | arrow-format-11.0.0 | 0.02430 | false | ||
| CVE-2024-52338 | Anchore CVE | Critical | arrow-vector-11.0.0 | 0.02430 | false | ||
| CVE-2022-0391 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.01915 | false | ||
| CVE-2022-0391 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.01915 | false | ||
| CVE-2022-0391 | Twistlock CVE | Medium | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.01915 | false | ||
| CVE-2024-8184 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2024-8184 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.01528 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-security-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-proxy-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-util-ajax-9.4.43.v20210629 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-http-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-util-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-client-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-servlets-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-io-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-continuation-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-xml-9.4.43.v20210629 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-servlet-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-plus-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-webapp-9.4.43.v20210629 | 0.01459 | false | ||
| CVE-2023-36478 | Anchore CVE | High | jetty-server-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36478 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.01459 | false | ||
| CVE-2023-36479 | Twistlock CVE | Low | org.eclipse.jetty_jetty-servlets-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-xml-9.4.43.v20210629 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-proxy-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-webapp-9.4.43.v20210629 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-plus-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-server-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-servlet-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-http-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-client-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Anchore CVE | Low | jetty-io-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2023-36479 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.01383 | false | ||
| CVE-2025-0938 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.01244 | false | ||
| CVE-2025-0938 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.01244 | false | ||
| CVE-2025-0938 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.01244 | false | ||
| CVE-2025-0938 | Twistlock CVE | Medium | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.01244 | false | ||
| CVE-2019-9674 | Twistlock CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.01239 | false | ||
| CVE-2022-2048 | Anchore CVE | High | jetty-webapp-9.4.43.v20210629 | 0.01222 | false | ||
| CVE-2022-2048 | Anchore CVE | High | jetty-xml-9.4.43.v20210629 | 0.01222 | false | ||
| CVE-2022-2047 | Anchore CVE | Low | jetty-xml-9.4.43.v20210629 | 0.01221 | false | ||
| CVE-2022-2047 | Anchore CVE | Low | jetty-webapp-9.4.43.v20210629 | 0.01221 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-mllib-local_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-tags_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-core_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-network-common_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-launcher_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-kvstore_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-sql_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-catalyst_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-sketch_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-network-shuffle_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-mllib_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-unsafe_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-streaming_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2018-17190 | Anchore CVE | Critical | spark-graphx_2.13-3.4.0 | 0.01210 | false | ||
| CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.87.Final | 0.01184 | false | ||
| CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.86.Final | 0.01184 | false | ||
| CVE-2023-4759 | Twistlock CVE | High | org.eclipse.jgit_org.eclipse.jgit-6.4.0.202211300538-r | 0.00974 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-9.4.50.v20221201 | 0.00923 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.00923 | false | ||
| CVE-2024-28757 | Twistlock CVE | Medium | expat-2.2.5-17.el8_10 | 0.00909 | false | ||
| CVE-2024-28757 | Anchore CVE | Medium | expat-2.2.5-17.el8_10 | 0.00909 | false | ||
| CVE-2024-38820 | Anchore CVE | Medium | spring-core-5.3.22 | 0.00832 | false | ||
| CVE-2024-38820 | Twistlock CVE | Medium | spring-core-5.3.22 | 0.00832 | false | ||
| CVE-2024-38808 | Twistlock CVE | Low | spring-core-5.3.22 | 0.00809 | false | ||
| CVE-2024-38808 | Anchore CVE | Medium | spring-core-5.3.22 | 0.00809 | false | ||
| CVE-2023-40828 | Twistlock CVE | High | org.pf4j_pf4j-3.6.0 | 0.00778 | false | ||
| CVE-2023-20863 | Anchore CVE | Medium | spring-core-5.3.22 | 0.00775 | false | ||
| CVE-2023-20863 | Twistlock CVE | Medium | spring-core-5.3.22 | 0.00775 | false | ||
| CVE-2022-40152 | Twistlock CVE | Medium | com.fasterxml.woodstox_woodstox-core-5.3.0 | 0.00762 | false | ||
| CVE-2024-7592 | Twistlock CVE | Low | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00759 | false | ||
| CVE-2024-7592 | Twistlock CVE | Low | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00759 | false | ||
| CVE-2024-7592 | Twistlock CVE | Low | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00759 | false | ||
| CVE-2024-7592 | Twistlock CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00759 | false | ||
| CVE-2022-1271 | Anchore CVE | High | xz-1.9 | 0.00716 | false | ||
| CVE-2021-3733 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00702 | false | ||
| CVE-2023-40826 | Twistlock CVE | High | org.pf4j_pf4j-3.6.0 | 0.00665 | false | ||
| CVE-2015-4035 | Anchore CVE | High | xz-1.9 | 0.00612 | false | ||
| CVE-2012-5370 | Anchore CVE | Medium | jruby-complete-9.4.3.0 | 0.00604 | false | ||
| CVE-2024-9823 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-servlets-9.4.50.v20221201 | 0.00591 | false | ||
| CVE-2024-9823 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.00591 | false | ||
| CVE-2023-40827 | Twistlock CVE | High | org.pf4j_pf4j-3.6.0 | 0.00563 | false | ||
| CVE-2019-9923 | Twistlock CVE | Low | tar-2:1.30-10.el8_10 | 0.00541 | false | ||
| CVE-2024-29133 | Twistlock CVE | Low | org.apache.commons_commons-configuration2-2.1.1 | 0.00509 | false | ||
| CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.3 | 0.00506 | false | ||
| CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.11 | 0.00506 | false | ||
| CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.9 | 0.00506 | false | ||
| CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.9 | 0.00506 | false | ||
| CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.3 | 0.00506 | false | ||
| CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.11 | 0.00506 | false | ||
| CVE-2024-47561 | Twistlock CVE | Critical | org.apache.avro_avro-1.7.7 | 0.00489 | false | ||
| CVE-2021-29425 | Twistlock CVE | Medium | commons-io_commons-io-2.6 | 0.00484 | false | ||
| CVE-2024-41909 | Twistlock CVE | High | org.apache.sshd_sshd-common-2.9.2 | 0.00478 | false | ||
| CVE-2024-41909 | Anchore CVE | Medium | sshd-core-2.9.2 | 0.00478 | false | ||
| CVE-2024-41909 | Anchore CVE | Medium | sshd-osgi-2.9.2 | 0.00478 | false | ||
| CVE-2024-41909 | Anchore CVE | Medium | sshd-sftp-2.9.2 | 0.00478 | false | ||
| CVE-2025-1795 | Twistlock CVE | Low | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00466 | false | ||
| CVE-2025-1795 | Twistlock CVE | Low | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00466 | false | ||
| CVE-2025-1795 | Twistlock CVE | Low | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00466 | false | ||
| CVE-2025-1795 | Twistlock CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00466 | false | ||
| CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 | 0.00448 | false | ||
| CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.22 | 0.00448 | false | ||
| CVE-2024-22201 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.00448 | false | ||
| CVE-2024-0397 | Twistlock CVE | Low | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00417 | false | ||
| CVE-2024-0397 | Twistlock CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00417 | false | ||
| CVE-2024-0397 | Twistlock CVE | Low | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00417 | false | ||
| CVE-2024-0397 | Twistlock CVE | Low | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00417 | false | ||
| CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 | 0.00354 | false | ||
| CVE-2023-26049 | Twistlock CVE | Low | org.eclipse.jetty_jetty-server-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2023-26049 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 | 0.00353 | false | ||
| CVE-2019-20920 | Anchore CVE | High | handlebars-4.3.1 | 0.00343 | false | ||
| CVE-2023-20861 | Anchore CVE | Medium | spring-core-5.3.22 | 0.00341 | false | ||
| CVE-2023-20861 | Twistlock CVE | Medium | spring-core-5.3.22 | 0.00341 | false | ||
| CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71.0 | 0.00337 | false | ||
| CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70.0 | 0.00337 | false | ||
| CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bctls-jdk18on-1.71.00.0 | 0.00337 | false | ||
| CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 | 0.00303 | false | ||
| CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71.0 | 0.00293 | false | ||
| CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70.0 | 0.00293 | false | ||
| CVE-2021-22569 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 | 0.00291 | false | ||
| CVE-2024-12798 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.11 | 0.00290 | false | ||
| CVE-2024-12798 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.3 | 0.00290 | false | ||
| CVE-2024-12798 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.9 | 0.00290 | false | ||
| CVE-2022-44730 | Twistlock CVE | Medium | org.apache.xmlgraphics_batik-script-1.16 | 0.00287 | false | ||
| CVE-2024-29025 | Twistlock CVE | Medium | io.netty_netty-codec-http-4.1.86.Final | 0.00261 | false | ||
| CVE-2024-29025 | Twistlock CVE | Medium | io.netty_netty-codec-http-4.1.87.Final | 0.00261 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-es-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-ja-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-ko-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-dbcp-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-fr-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-de-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-websocket-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-coyote-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-juli-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-api-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | catalina-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-jni-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-ru-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-util-scan-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-util-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-jdbc-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-cs-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.106 | 0.00246 | false | ||
| CVE-2025-55752 | Twistlock CVE | Low | tomcat-util-9.0.106 | 0.00246 | false | ||
| CVE-2021-3737 | Twistlock CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00243 | false | ||
| CVE-2024-34447 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71.0 | 0.00227 | false | ||
| CVE-2025-8194 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00223 | false | ||
| CVE-2025-8194 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00223 | false | ||
| CVE-2025-8194 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00223 | false | ||
| CVE-2024-8088 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00220 | false | ||
| CVE-2024-53990 | Twistlock CVE | Critical | org.asynchttpclient_async-http-client-2.12.3 | 0.00216 | false | ||
| CVE-2024-28168 | Twistlock CVE | Medium | org.apache.xmlgraphics_fop-core-2.8 | 0.00208 | false | ||
| CVE-2024-29131 | Twistlock CVE | Low | org.apache.commons_commons-configuration2-2.1.1 | 0.00203 | false | ||
| CVE-2023-46750 | Twistlock CVE | Medium | org.apache.shiro_shiro-web-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-core-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-config-ogdl-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-crypto-hash-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-cache-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-config-core-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-lang-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-crypto-core-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-crypto-cipher-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Anchore CVE | Medium | shiro-event-1.12.0 | 0.00201 | false | ||
| CVE-2023-46750 | Twistlock CVE | Medium | org.apache.shiro_shiro-core-1.12.0 | 0.00201 | false | ||
| CVE-2025-48989 | Twistlock CVE | High | tomcat-coyote-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-api-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-fr-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-ja-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-es-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-ru-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-jdbc-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-cs-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-juli-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-dbcp-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-util-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-ko-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-de-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-util-scan-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-jni-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-websocket-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.106 | 0.00196 | false | ||
| CVE-2025-48989 | Twistlock CVE | Low | tomcat-util-9.0.106 | 0.00196 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-config-ogdl-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-cache-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-web-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-event-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-crypto-hash-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-config-core-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-crypto-core-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-crypto-cipher-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Anchore CVE | Medium | shiro-lang-1.12.0 | 0.00194 | false | ||
| CVE-2023-46749 | Twistlock CVE | Medium | org.apache.shiro_shiro-core-1.12.0 | 0.00194 | false | ||
| CVE-2021-37533 | Twistlock CVE | Medium | commons-net_commons-net-3.6 | 0.00184 | false | ||
| CVE-2025-46392 | Twistlock CVE | Low | commons-configuration_commons-configuration-1.9 | 0.00181 | false | ||
| CVE-2024-47554 | Twistlock CVE | Low | commons-io_commons-io-2.7 | 0.00177 | false | ||
| CVE-2024-47554 | Twistlock CVE | Low | commons-io_commons-io-2.11.0 | 0.00177 | false | ||
| CVE-2024-47554 | Twistlock CVE | Low | commons-io_commons-io-2.8.0 | 0.00177 | false | ||
| CVE-2024-47554 | Twistlock CVE | Low | commons-io_commons-io-2.6 | 0.00177 | false | ||
| CVE-2023-44483 | Twistlock CVE | Medium | org.apache.santuario_xmlsec-2.3.0 | 0.00169 | false | ||
| CVE-2025-48976 | Twistlock CVE | Low | commons-fileupload_commons-fileupload-1.3.3 | 0.00168 | false | ||
| CVE-2025-6069 | Twistlock CVE | Medium | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00163 | false | ||
| CVE-2025-6069 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00163 | false | ||
| CVE-2025-6069 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00163 | false | ||
| CVE-2025-6069 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00163 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-ru-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-coyote-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-dbcp-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-pt-BR-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-jni-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-ja-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-util-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-websocket-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-es-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-de-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-juli-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-ko-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-api-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | catalina-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-jdbc-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-fr-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-util-scan-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-zh-CN-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Anchore CVE | Medium | tomcat-i18n-cs-9.0.106 | 0.00139 | false | ||
| CVE-2025-61795 | Twistlock CVE | Low | tomcat-util-9.0.106 | 0.00139 | false | ||
| CVE-2024-25638 | Twistlock CVE | High | dnsjava_dnsjava-2.1.7 | 0.00139 | false | ||
| CVE-2025-59375 | Twistlock CVE | High | expat-2.2.5-17.el8_10 | 0.00131 | false | ||
| CVE-2025-59375 | Anchore CVE | High | expat-2.2.5-17.el8_10 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2023-41900 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.00131 | false | ||
| CVE-2022-3509 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 | 0.00131 | false | ||
| CVE-2019-20922 | Anchore CVE | High | handlebars-4.3.1 | 0.00131 | false | ||
| CVE-2022-44729 | Twistlock CVE | High | org.apache.xmlgraphics_batik-transcoder-1.16 | 0.00126 | false | ||
| CVE-2022-44729 | Twistlock CVE | High | org.apache.xmlgraphics_batik-bridge-1.16 | 0.00126 | false | ||
| CVE-2025-23215 | Twistlock CVE | Critical | net.sourceforge.pmd_pmd-core-6.54.0 | 0.00120 | false | ||
| CVE-2024-36114 | Twistlock CVE | High | io.airlift_aircompressor-0.21 | 0.00120 | false | ||
| CVE-2024-7254 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.21.12 | 0.00115 | false | ||
| CVE-2024-7254 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.16.3 | 0.00115 | false | ||
| CVE-2024-7254 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 | 0.00115 | false | ||
| CVE-2025-8291 | Twistlock CVE | Medium | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00113 | false | ||
| CVE-2025-8291 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00113 | false | ||
| CVE-2025-8291 | Twistlock CVE | Medium | python3-3.6.8-70.el8_10 | 0.00113 | false | ||
| CVE-2025-8291 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00113 | false | ||
| CVE-2025-8291 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00113 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00113 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | python3-libs-3.6.8-70.el8_10 | 0.00113 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | platform-python-3.6.8-70.el8_10 | 0.00113 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00113 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | python39-libs-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00113 | false | ||
| CVE-2021-31684 | Twistlock CVE | High | net.minidev_json-smart-1.3.2 | 0.00108 | false | ||
| CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.71.00.0 | 0.00102 | false | ||
| CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71.0 | 0.00102 | false | ||
| CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bctls-jdk18on-1.71.00.0 | 0.00100 | false | ||
| CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71.0 | 0.00100 | false | ||
| CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70.0 | 0.00100 | false | ||
| CVE-2023-35887 | Twistlock CVE | Medium | org.apache.sshd_sshd-sftp-2.9.2 | 0.00100 | false | ||
| CVE-2023-35887 | Twistlock CVE | Medium | org.apache.sshd_sshd-common-2.9.2 | 0.00100 | false | ||
| CVE-2023-35887 | Anchore CVE | Medium | sshd-core-2.9.2 | 0.00100 | false | ||
| CVE-2023-35887 | Anchore CVE | Medium | sshd-osgi-2.9.2 | 0.00100 | false | ||
| CVE-2025-53864 | Twistlock CVE | Medium | com.nimbusds_nimbus-jose-jwt-9.8.1 | 0.00095 | false | ||
| CVE-2025-53864 | Twistlock CVE | Medium | com.nimbusds_nimbus-jose-jwt-9.31 | 0.00095 | false | ||
| CVE-2025-47273 | Anchore CVE | Medium | python39-libs-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00090 | false | ||
| CVE-2025-47273 | Anchore CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00090 | false | ||
| CVE-2025-47273 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00090 | false | ||
| CVE-2025-47273 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00090 | false | ||
| CVE-2022-3171 | Twistlock CVE | Medium | com.google.protobuf_protobuf-java-3.7.0 | 0.00090 | false | ||
| CVE-2025-8916 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.71.00.0 | 0.00087 | false | ||
| CVE-2025-8916 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk15on-1.70.00.0 | 0.00087 | false | ||
| CVE-2025-58369 | Twistlock CVE | Medium | co.fs2_fs2-io_2.13-2.0.0 | 0.00086 | false | ||
| CVE-2025-45582 | Twistlock CVE | Medium | tar-2:1.30-10.el8_10 | 0.00081 | false | ||
| CVE-2025-41249 | Twistlock CVE | High | spring-core-5.3.22 | 0.00080 | false | ||
| CVE-2023-52428 | Twistlock CVE | High | com.nimbusds_nimbus-jose-jwt-9.8.1 | 0.00080 | false | ||
| CVE-2023-52428 | Twistlock CVE | High | com.nimbusds_nimbus-jose-jwt-9.31 | 0.00080 | false | ||
| CVE-2025-58364 | Anchore CVE | Medium | cups-libs-1:2.2.6-62.el8_10 | 0.00079 | false | ||
| CVE-2025-58364 | Twistlock CVE | Medium | cups-1:2.2.6-62.el8_10 | 0.00079 | false | ||
| CVE-2024-13009 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-util-ajax-9.4.43.v20210629 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-security-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-plus-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-continuation-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-servlet-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-proxy-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-webapp-9.4.43.v20210629 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-http-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-client-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-util-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-io-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-servlets-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-xml-9.4.43.v20210629 | 0.00078 | false | ||
| CVE-2024-13009 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-9.4.50.v20221201 | 0.00078 | false | ||
| CVE-2025-55163 | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.86.Final | 0.00076 | false | ||
| CVE-2025-55163 | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.87.Final | 0.00076 | false | ||
| CVE-2021-25317 | Twistlock CVE | Low | cups-1:2.2.6-62.el8_10 | 0.00076 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.1-jre | 0.00072 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-14.0.1 | 0.00072 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.0.1-jre | 0.00072 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-29.0-jre | 0.00072 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | guava-31.1.0.jre | 0.00072 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-29.0-jre | 0.00071 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.0.1-jre | 0.00071 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-14.0.1 | 0.00071 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.1-jre | 0.00071 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | guava-31.1.0.jre | 0.00071 | false | ||
| CVE-2021-20193 | Twistlock CVE | Low | tar-2:1.30-10.el8_10 | 0.00069 | false | ||
| CVE-2022-3510 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 | 0.00066 | false | ||
| CVE-2025-11226 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.11 | 0.00064 | false | ||
| CVE-2025-11226 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.3 | 0.00064 | false | ||
| CVE-2025-11226 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.9 | 0.00064 | false | ||
| CVE-2025-8885 | Twistlock CVE | Medium | org.bouncycastle_bctls-jdk18on-1.71.00.0 | 0.00063 | false | ||
| CVE-2025-8885 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71.0 | 0.00063 | false | ||
| CVE-2025-55754 | Twistlock CVE | Low | tomcat-util-9.0.106 | 0.00063 | false | ||
| CVE-2025-4949 | Twistlock CVE | Medium | org.eclipse.jgit_org.eclipse.jgit-6.4.0.202211300538-r | 0.00061 | false | ||
| CVE-2023-39410 | Twistlock CVE | High | org.apache.avro_avro-1.7.7 | 0.00061 | false | ||
| CVE-2023-39410 | Anchore CVE | High | avro-ipc-1.11.1 | 0.00061 | false | ||
| CVE-2023-39410 | Anchore CVE | High | avro-mapred-1.11.1 | 0.00061 | false | ||
| CVE-2025-25193 | Twistlock CVE | Medium | io.netty_netty-common-4.1.86.Final | 0.00060 | false | ||
| CVE-2025-25193 | Twistlock CVE | Medium | io.netty_netty-common-4.1.87.Final | 0.00060 | false | ||
| CVE-2025-12383 | Anchore CVE | Critical | jersey-client-2.36 | 0.00059 | false | ||
| CVE-2025-58060 | Anchore CVE | High | cups-libs-1:2.2.6-62.el8_10 | 0.00056 | false | ||
| CVE-2025-58060 | Twistlock CVE | High | cups-1:2.2.6-62.el8_10 | 0.00056 | false | ||
| CVE-2025-55039 | Twistlock CVE | Medium | org.apache.spark_spark-network-common_2.13-3.4.0 | 0.00056 | false | ||
| CVE-2025-53393 | Anchore CVE | Medium | akka-actor_2.13-2.6.19 | 0.00051 | false | ||
| CVE-2023-45803 | Anchore CVE | Medium | python3-pip-9.0.3-24.el8 | 0.00051 | false | ||
| CVE-2023-45803 | Anchore CVE | Medium | platform-python-pip-9.0.3-24.el8 | 0.00051 | false | ||
| CVE-2013-0340 | Anchore CVE | Medium | expat-2.2.5-17.el8_10 | 0.00051 | false | ||
| CVE-2025-13836 | Twistlock CVE | Medium | python3-3.6.8-70.el8_10 | 0.00050 | false | ||
| CVE-2025-13836 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00050 | false | ||
| CVE-2025-13836 | Anchore CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00050 | false | ||
| CVE-2025-13836 | Anchore CVE | Medium | python3-libs-3.6.8-70.el8_10 | 0.00050 | false | ||
| CVE-2025-13836 | Anchore CVE | Medium | platform-python-3.6.8-70.el8_10 | 0.00050 | false | ||
| CVE-2025-48734 | Twistlock CVE | Low | commons-beanutils_commons-beanutils-1.9.4 | 0.00048 | false | ||
| CVE-2024-12801 | Twistlock CVE | Low | ch.qos.logback_logback-core-1.2.11 | 0.00048 | false | ||
| CVE-2024-12801 | Twistlock CVE | Low | ch.qos.logback_logback-core-1.2.3 | 0.00048 | false | ||
| CVE-2024-12801 | Twistlock CVE | Low | ch.qos.logback_logback-core-1.2.9 | 0.00048 | false | ||
| CVE-2025-47436 | Anchore CVE | Critical | orc-mapreduce-1.8.3 | 0.00047 | false | ||
| CVE-2025-47436 | Anchore CVE | Critical | orc-core-1.8.3 | 0.00047 | false | ||
| CVE-2025-47436 | Anchore CVE | Critical | orc-shims-1.8.3 | 0.00047 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | commons-lang_commons-lang-2.6 | 0.00043 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | org.apache.commons_commons-lang3-3.12.0 | 0.00043 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | org.apache.commons_commons-lang3-3.8.1 | 0.00043 | false | ||
| CVE-2025-66453 | Twistlock CVE | Low | org.mozilla_rhino-1.7.14 | 0.00042 | false | ||
| CVE-2023-39804 | Twistlock CVE | Low | tar-2:1.30-10.el8_10 | 0.00039 | false | ||
| CVE-2023-4504 | Twistlock CVE | Medium | cups-1:2.2.6-62.el8_10 | 0.00038 | false | ||
| CVE-2024-23454 | Twistlock CVE | Low | org.apache.hadoop_hadoop-common-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-client-api-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-annotations-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-yarn-client-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-auth-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-mapreduce-client-common-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-shaded-protobuf_3_7-1.1.1 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-yarn-common-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-client-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-shaded-guava-1.1.1 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-yarn-api-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-mapreduce-client-jobclient-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-hdfs-client-3.3.4 | 0.00037 | false | ||
| CVE-2024-23454 | Anchore CVE | Medium | hadoop-mapreduce-client-core-3.3.4 | 0.00037 | false | ||
| CVE-2025-8961 | Anchore CVE | Low | libtiff-4.0.9-34.el8_10 | 0.00034 | false | ||
| CVE-2025-8961 | Twistlock CVE | Low | libtiff-4.0.9-34.el8_10 | 0.00034 | false | ||
| CVE-2025-58057 | Twistlock CVE | Medium | io.netty_netty-codec-4.1.86.Final | 0.00034 | false | ||
| CVE-2025-58057 | Twistlock CVE | Medium | io.netty_netty-codec-4.1.87.Final | 0.00034 | false | ||
| CVE-2020-35512 | Twistlock CVE | Low | dbus-1:1.12.8-26.el8 | 0.00034 | false | ||
| CVE-2025-6020 | Anchore CVE | High | pam-1.3.1-37.el8_10 | 0.00032 | false | ||
| CVE-2025-52999 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 | 0.00030 | false | ||
| CVE-2025-52999 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.13.2 | 0.00030 | false | ||
| CVE-2025-9900 | Anchore CVE | High | libtiff-4.0.9-34.el8_10 | 0.00029 | false | ||
| CVE-2025-9900 | Twistlock CVE | High | libtiff-4.0.9-34.el8_10 | 0.00029 | false | ||
| CVE-2025-9165 | Anchore CVE | Low | libtiff-4.0.9-34.el8_10 | 0.00028 | false | ||
| CVE-2024-23944 | Twistlock CVE | Low | org.apache.zookeeper_zookeeper-3.6.3 | 0.00028 | false | ||
| CVE-2024-23944 | Anchore CVE | Medium | zookeeper-jute-3.6.3 | 0.00028 | false | ||
| CVE-2025-46551 | Twistlock CVE | Medium | rubygems_jruby-openssl-0.14.1 | 0.00027 | false | ||
| CVE-2025-46551 | Anchore CVE | Low | jruby-complete-9.4.3.0 | 0.00027 | false | ||
| CVE-2025-46551 | Twistlock CVE | Low | org.jruby_jruby-core-9.4.3.0 | 0.00027 | false | ||
| CVE-2023-44981 | Anchore CVE | Critical | zookeeper-jute-3.6.3 | 0.00027 | false | ||
| CVE-2023-44981 | Twistlock CVE | Critical | org.apache.zookeeper_zookeeper-3.6.3 | 0.00027 | false | ||
| CVE-2025-58056 | Twistlock CVE | Low | io.netty_netty-codec-http-4.1.87.Final | 0.00024 | false | ||
| CVE-2025-58056 | Twistlock CVE | Low | io.netty_netty-codec-http-4.1.86.Final | 0.00024 | false | ||
| CVE-2024-47535 | Twistlock CVE | Medium | io.netty_netty-common-4.1.86.Final | 0.00024 | false | ||
| CVE-2024-47535 | Twistlock CVE | Medium | io.netty_netty-common-4.1.87.Final | 0.00024 | false | ||
| CVE-2020-36843 | Twistlock CVE | Medium | net.i2p.crypto_eddsa-0.3.0 | 0.00022 | false | ||
| CVE-2023-50572 | Anchore CVE | Medium | jline-3.21.0 | 0.00021 | false | ||
| CVE-2023-50572 | Anchore CVE | Medium | jline-3.9.0 | 0.00021 | false | ||
| CVE-2023-50572 | Anchore CVE | Medium | jline-2.14.6 | 0.00021 | false | ||
| CVE-2025-8869 | Twistlock CVE | Medium | pip-9.0.3 | 0.00020 | false | ||
| CVE-2025-8869 | Twistlock CVE | Medium | pip-20.2.4 | 0.00020 | false | ||
| CVE-2025-4516 | Twistlock CVE | Medium | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00020 | false | ||
| CVE-2025-4516 | Twistlock CVE | Medium | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00020 | false | ||
| CVE-2025-4516 | Twistlock CVE | Medium | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00020 | false | ||
| CVE-2025-4516 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00020 | false | ||
| CVE-2025-60753 | Anchore CVE | Medium | libarchive-3.3.3-5.el8 | 0.00019 | false | ||
| CVE-2025-60753 | Twistlock CVE | Medium | libarchive-3.3.3-5.el8 | 0.00019 | false | ||
| CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.22 | 0.00019 | false | ||
| CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 | 0.00019 | false | ||
| CVE-2025-66382 | Twistlock CVE | Low | expat-2.2.5-17.el8_10 | 0.00017 | false | ||
| CVE-2025-66382 | Anchore CVE | Low | expat-2.2.5-17.el8_10 | 0.00017 | false | ||
| CVE-2025-61915 | Twistlock CVE | Medium | cups-1:2.2.6-62.el8_10 | 0.00017 | false | ||
| CVE-2025-61915 | Anchore CVE | Medium | cups-libs-1:2.2.6-62.el8_10 | 0.00017 | false | ||
| CVE-2025-6075 | Anchore CVE | Low | platform-python-3.6.8-70.el8_10 | 0.00017 | false | ||
| CVE-2025-6075 | Anchore CVE | Low | python39-libs-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00017 | false | ||
| CVE-2025-6075 | Anchore CVE | Low | python3-libs-3.6.8-70.el8_10 | 0.00017 | false | ||
| CVE-2025-6075 | Anchore CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00017 | false | ||
| CVE-2025-6075 | Anchore CVE | Low | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00017 | false | ||
| CVE-2025-6075 | Twistlock CVE | Low | python3-3.6.8-70.el8_10 | 0.00017 | false | ||
| CVE-2025-6075 | Twistlock CVE | Low | python39-3.9.20-1.module+el8.10.0+22342+478c159e | 0.00017 | false | ||
| CVE-2025-6075 | Twistlock CVE | Low | python3x-pip-20.2.4-9.module+el8.10.0+21329+8d76b841 | 0.00017 | false | ||
| CVE-2025-6075 | Twistlock CVE | Low | python3x-setuptools-50.3.2-6.module+el8.10.0+22183+c898c0c1 | 0.00017 | false | ||
| CVE-2025-6075 | Twistlock CVE | Low | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00017 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 | 0.00017 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 | 0.00017 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 | 0.00017 | false | ||
| CVE-2025-13601 | Twistlock CVE | Medium | glib2-2.56.4-166.el8_10 | 0.00015 | false | ||
| CVE-2025-13601 | Anchore CVE | Medium | glib2-devel-2.56.4-166.el8_10 | 0.00015 | false | ||
| CVE-2025-13601 | Anchore CVE | Medium | glib2-2.56.4-166.el8_10 | 0.00015 | false | ||
| CVE-2025-10966 | Twistlock CVE | Medium | curl-7.61.1-34.el8_10.3 | 0.00015 | false | ||
| CVE-2025-10966 | Anchore CVE | Medium | libcurl-7.61.1-34.el8_10.3 | 0.00015 | false | ||
| CVE-2025-10966 | Anchore CVE | Medium | curl-7.61.1-34.el8_10.3 | 0.00015 | false | ||
| CVE-2025-13837 | Twistlock CVE | Medium | python3-3.6.8-70.el8_10 | 0.00014 | false | ||
| CVE-2025-13837 | Twistlock CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00014 | false | ||
| CVE-2025-13837 | Anchore CVE | Medium | python3-libs-3.6.8-70.el8_10 | 0.00014 | false | ||
| CVE-2025-13837 | Anchore CVE | Medium | platform-python-3.6.8-70.el8_10 | 0.00014 | false | ||
| CVE-2025-13837 | Anchore CVE | Medium | python36-3.6.8-39.module+el8.10.0+20784+edafcd43 | 0.00014 | false | ||
| CVE-2025-58436 | Twistlock CVE | Medium | cups-1:2.2.6-62.el8_10 | 0.00012 | false | ||
| CVE-2025-58436 | Anchore CVE | Medium | cups-libs-1:2.2.6-62.el8_10 | 0.00012 | false | ||
| CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-1.3.2 | 0.00012 | false | ||
| CVE-2023-42503 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.22 | 0.00011 | false | ||
| RHSA-2025:22063 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:21977 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:21776 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:20034 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:19276 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:18286 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:17415 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:15702 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:14900 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:14560 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:14557 | OSCAP Compliance | Low | N/A | N/A | |||
| RHSA-2025:14135 | OSCAP Compliance | Low | N/A | N/A | |||
| PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.13.2 | N/A | N/A | ||
| PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 | N/A | N/A | ||
| PRISMA-2021-0055 | Twistlock CVE | Low | commons-codec_commons-codec-1.12 | N/A | N/A | ||
| GHSA-xwmg-2g98-w7v9 | Anchore CVE | Medium | nimbus-jose-jwt-9.31 | N/A | N/A | ||
| GHSA-xwmg-2g98-w7v9 | Anchore CVE | Medium | nimbus-jose-jwt-9.8.1 | N/A | N/A | ||
| GHSA-xq3w-v528-46rv | Anchore CVE | Medium | netty-common-4.1.86.Final | N/A | N/A | ||
| GHSA-xq3w-v528-46rv | Anchore CVE | Medium | netty-common-4.1.87.Final | N/A | N/A | ||
| GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.86.Final | N/A | N/A | ||
| GHSA-xpw8-rcwv-8f8p | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.86.Final | N/A | N/A | ||
| GHSA-xpw8-rcwv-8f8p | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.87.Final | N/A | N/A | ||
| GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.87.Final | N/A | N/A | ||
| GHSA-xjp4-hw94-mvp5 | Anchore CVE | Medium | commons-configuration2-2.1.1 | N/A | N/A | ||
| GHSA-xfrj-6vvc-3xm2 | Anchore CVE | Medium | xmlsec-2.3.0 | N/A | N/A | ||
| GHSA-wxr5-93ph-8wr9 | Anchore CVE | High | commons-beanutils-1.9.4 | N/A | N/A | ||
| GHSA-wxr5-93ph-8wr9 | Anchore CVE | High | commons-beanutils-1.9.4 | N/A | N/A | ||
| GHSA-wxr5-93ph-8wr9 | Anchore CVE | High | commons-beanutils-1.9.4 | N/A | N/A | ||
| GHSA-wxr5-93ph-8wr9 | Anchore CVE | High | commons-beanutils-1.9.4 | N/A | N/A | ||
| GHSA-wrvw-hg22-4m67 | Anchore CVE | High | protobuf-java-3.7.0 | N/A | N/A | ||
| GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcpkix-jdk18on-1.71 | N/A | N/A | ||
| GHSA-vv7r-c36w-3prj | Anchore CVE | High | commons-fileupload-1.3.3 | N/A | N/A | ||
| GHSA-vrpq-qp53-qv56 | Anchore CVE | Medium | org.eclipse.jgit-6.4.0.202211300538-r | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.9 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.9 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.3 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 | N/A | N/A | ||
| GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.3 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bctls-jdk18on-1.71 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bcprov-jdk15on-1.70 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-rvm8-j2cp-j592 | Anchore CVE | High | pf4j-3.6.0 | N/A | N/A | ||
| GHSA-rhrv-645h-fjfh | Anchore CVE | High | avro-1.7.7 | N/A | N/A | ||
| GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 | N/A | N/A | ||
| GHSA-r978-9m6m-6gm6 | Anchore CVE | Medium | zookeeper-3.6.3 | N/A | N/A | ||
| GHSA-r7pg-v2c8-mfg3 | Anchore CVE | Critical | avro-1.7.7 | N/A | N/A | ||
| GHSA-qw69-rqj8-6qw8 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-qh8g-58pp-2wxh | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-q4rv-gq96-w7c5 | Anchore CVE | High | jetty-server-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-pvp8-3xj6-8c6x | Anchore CVE | Low | commons-configuration-1.9 | N/A | N/A | ||
| GHSA-prj3-ccx8-p6x4 | Anchore CVE | High | netty-codec-http2-4.1.86.Final | N/A | N/A | ||
| GHSA-prj3-ccx8-p6x4 | Anchore CVE | High | netty-codec-http2-4.1.87.Final | N/A | N/A | ||
| GHSA-pr98-23f8-jwxv | Anchore CVE | Medium | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-pr98-23f8-jwxv | Anchore CVE | Medium | logback-core-1.2.9 | N/A | N/A | ||
| GHSA-pr98-23f8-jwxv | Anchore CVE | Medium | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-pr98-23f8-jwxv | Anchore CVE | Medium | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-pr98-23f8-jwxv | Anchore CVE | Medium | logback-core-1.2.3 | N/A | N/A | ||
| GHSA-p53j-g8pw-4w5f | Anchore CVE | Medium | eddsa-0.3.0 | N/A | N/A | ||
| GHSA-p26g-97m4-6q7c | Anchore CVE | Low | jetty-server-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-mvr2-9pj6-7w5j | Anchore CVE | Medium | guava-14.0.1 | N/A | N/A | ||
| GHSA-mjmq-gwgm-5qhm | Anchore CVE | Medium | sshd-common-2.9.2 | N/A | N/A | ||
| GHSA-mjmq-gwgm-5qhm | Anchore CVE | Medium | sshd-sftp-2.9.2 | N/A | N/A | ||
| GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.33 | N/A | N/A | ||
| GHSA-mfj5-cf8g-g2fv | Anchore CVE | Critical | async-http-client-2.12.3 | N/A | N/A | ||
| GHSA-jqfv-jrvq-95jm | Anchore CVE | Medium | fop-core-2.8 | N/A | N/A | ||
| GHSA-jq43-27x9-3v86 | Anchore CVE | High | netty-codec-smtp-4.1.86.Final | N/A | N/A | ||
| GHSA-jmp9-x22r-554x | Anchore CVE | High | spring-core-5.3.22 | N/A | N/A | ||
| GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 | N/A | N/A | ||
| GHSA-jc7h-c423-mpjc | Anchore CVE | Medium | shiro-core-1.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang-2.6 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang-2.6 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.8.1 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.8.1 | N/A | N/A | ||
| GHSA-j26w-f9rq-mr2q | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk15on-1.70 | N/A | N/A | ||
| GHSA-hmr7-m48g-48f6 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-hhw5-c326-822h | Anchore CVE | Medium | shiro-web-1.12.0 | N/A | N/A | ||
| GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | commons-fileupload-1.3.3 | N/A | N/A | ||
| GHSA-h4h5-3hr4-j3g2 | Anchore CVE | Medium | protobuf-java-3.7.0 | N/A | N/A | ||
| GHSA-h46c-h94j-95f3 | Anchore CVE | High | jackson-core-2.14.1 | N/A | N/A | ||
| GHSA-h46c-h94j-95f3 | Anchore CVE | High | jackson-core-2.13.2 | N/A | N/A | ||
| GHSA-h46c-h94j-95f3 | Anchore CVE | High | jackson-core-2.14.1 | N/A | N/A | ||
| GHSA-gwrp-pvrq-jmwv | Anchore CVE | Medium | commons-io-2.6 | N/A | N/A | ||
| GHSA-gvpg-vgmx-xg6w | Anchore CVE | High | nimbus-jose-jwt-9.31 | N/A | N/A | ||
| GHSA-gvpg-vgmx-xg6w | Anchore CVE | High | nimbus-jose-jwt-9.8.1 | N/A | N/A | ||
| GHSA-gqp3-2cvr-x8m3 | Anchore CVE | High | tomcat-coyote-9.0.106 | N/A | N/A | ||
| GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-transcoder-1.16 | N/A | N/A | ||
| GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-bridge-1.16 | N/A | N/A | ||
| GHSA-g8m5-722r-8whq | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-g5ww-5jh7-63cx | Anchore CVE | High | protobuf-java-3.7.0 | N/A | N/A | ||
| GHSA-fghv-69vj-qj49 | Anchore CVE | Low | netty-codec-http-4.1.87.Final | N/A | N/A | ||
| GHSA-fghv-69vj-qj49 | Anchore CVE | Low | netty-codec-http-4.1.86.Final | N/A | N/A | ||
| GHSA-fg2v-w576-w4v3 | Anchore CVE | High | json-smart-1.3.2 | N/A | N/A | ||
| GHSA-f5fw-25gw-5m92 | Anchore CVE | Low | hadoop-common-3.3.4 | N/A | N/A | ||
| GHSA-cj8w-v588-p8wx | Anchore CVE | High | pf4j-3.6.0 | N/A | N/A | ||
| GHSA-cgwf-w82q-5jrr | Anchore CVE | Medium | commons-compress-1.22 | N/A | N/A | ||
| GHSA-cgp8-4m63-fhh5 | Anchore CVE | Medium | commons-net-3.6 | N/A | N/A | ||
| GHSA-cfxw-4h78-h7fw | Anchore CVE | High | dnsjava-2.1.7 | N/A | N/A | ||
| GHSA-9w38-p64v-xpmv | Anchore CVE | Medium | commons-configuration2-2.1.1 | N/A | N/A | ||
| GHSA-97xg-phpr-rg8q | Anchore CVE | Critical | bcel-6.5.0 | N/A | N/A | ||
| GHSA-973x-65j7-xcf4 | Anchore CVE | High | aircompressor-0.21 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bcprov-jdk15on-1.70 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bctls-jdk18on-1.71 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-88m4-h43f-wx84 | Anchore CVE | Critical | pmd-core-6.54.0 | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.0.1-jre | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-29.0-jre | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-14.0.1 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.8.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.7 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.8.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.11.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.8.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.11.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.6 | N/A | N/A | ||
| GHSA-735f-pc8j-v9w8 | Anchore CVE | High | protobuf-java-3.16.3 | N/A | N/A | ||
| GHSA-735f-pc8j-v9w8 | Anchore CVE | High | protobuf-java-3.21.12 | N/A | N/A | ||
| GHSA-735f-pc8j-v9w8 | Anchore CVE | High | protobuf-java-3.7.0 | N/A | N/A | ||
| GHSA-72qj-48g4-5xgx | Anchore CVE | Medium | jruby-openssl-0.14.1 | N/A | N/A | ||
| GHSA-7286-pgfv-vxvh | Anchore CVE | Critical | zookeeper-3.6.3 | N/A | N/A | ||
| GHSA-6v67-2wr5-gvf4 | Anchore CVE | Low | logback-core-1.2.3 | N/A | N/A | ||
| GHSA-6v67-2wr5-gvf4 | Anchore CVE | Low | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-6v67-2wr5-gvf4 | Anchore CVE | Low | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-6v67-2wr5-gvf4 | Anchore CVE | Low | logback-core-1.2.9 | N/A | N/A | ||
| GHSA-6v67-2wr5-gvf4 | Anchore CVE | Low | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-6p6v-m64v-jx8q | Anchore CVE | Medium | spark-network-common_2.13-3.4.0 | N/A | N/A | ||
| GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.86.Final | N/A | N/A | ||
| GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.87.Final | N/A | N/A | ||
| GHSA-67mf-3cr5-8w23 | Anchore CVE | Medium | bctls-jdk18on-1.71 | N/A | N/A | ||
| GHSA-67mf-3cr5-8w23 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-67mf-3cr5-8w23 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-67mf-3cr5-8w23 | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-668q-qrv7-99fm | Anchore CVE | Medium | logback-core-1.2.3 | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-29.0-jre | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.0.1-jre | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-14.0.1 | N/A | N/A | ||
| GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.86.Final | N/A | N/A | ||
| GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.87.Final | N/A | N/A | ||
| GHSA-58qw-p7qm-5rvh | Twistlock CVE | Low | org.eclipse.jetty_jetty-xml-9.4.43.v20210629 | N/A | N/A | ||
| GHSA-58qw-p7qm-5rvh | Anchore CVE | Low | jetty-xml-9.4.43.v20210629 | N/A | N/A | ||
| GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.8 | N/A | N/A | ||
| GHSA-4h8f-2wvx-gg5w | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-4h8f-2wvx-gg5w | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-4h8f-2wvx-gg5w | Anchore CVE | Medium | bcprov-jdk18on-1.71 | N/A | N/A | ||
| GHSA-4gg5-vx3j-xwc7 | Anchore CVE | High | protobuf-java-3.7.0 | N/A | N/A | ||
| GHSA-4g9r-vxhx-9pgx | Anchore CVE | Medium | commons-compress-1.22 | N/A | N/A | ||
| GHSA-4g9r-vxhx-9pgx | Anchore CVE | Medium | commons-compress-1.21 | N/A | N/A | ||
| GHSA-4cx2-fc23-5wg6 | Anchore CVE | Medium | bcpkix-jdk15on-1.70 | N/A | N/A | ||
| GHSA-4cx2-fc23-5wg6 | Anchore CVE | Medium | bcpkix-jdk18on-1.71 | N/A | N/A | ||
| GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-1.3.2 | N/A | N/A | ||
| GHSA-4265-ccf5-phj5 | Anchore CVE | Medium | commons-compress-1.22 | N/A | N/A | ||
| GHSA-4265-ccf5-phj5 | Anchore CVE | Medium | commons-compress-1.21 | N/A | N/A | ||
| GHSA-3r28-rgp9-qgv4 | Anchore CVE | High | pf4j-3.6.0 | N/A | N/A | ||
| GHSA-3p8m-j85q-pgmj | Anchore CVE | Medium | netty-codec-4.1.87.Final | N/A | N/A | ||
| GHSA-3p8m-j85q-pgmj | Anchore CVE | Medium | netty-codec-4.1.86.Final | N/A | N/A | ||
| GHSA-3p86-9955-h393 | Anchore CVE | High | org.eclipse.jgit-6.4.0.202211300538-r | N/A | N/A | ||
| GHSA-3gh6-v5v9-6v9j | Anchore CVE | Low | jetty-servlets-9.4.50.v20221201 | N/A | N/A | ||
| GHSA-3f7h-mf4q-vrm4 | Anchore CVE | Medium | woodstox-core-5.3.0 | N/A | N/A | ||
| GHSA-389x-839f-4rhx | Anchore CVE | Medium | netty-common-4.1.86.Final | N/A | N/A | ||
| GHSA-389x-839f-4rhx | Anchore CVE | Medium | netty-common-4.1.87.Final | N/A | N/A | ||
| GHSA-25qh-j22f-pwp8 | Anchore CVE | Medium | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-25qh-j22f-pwp8 | Anchore CVE | Medium | logback-core-1.2.3 | N/A | N/A | ||
| GHSA-25qh-j22f-pwp8 | Anchore CVE | Medium | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-25qh-j22f-pwp8 | Anchore CVE | Medium | logback-core-1.2.11 | N/A | N/A | ||
| GHSA-25qh-j22f-pwp8 | Anchore CVE | Medium | logback-core-1.2.9 | N/A | N/A | ||
| GHSA-2474-2566-3qxp | Anchore CVE | Medium | batik-script-1.16 | N/A | N/A | ||
| GHSA-2326-hx7g-3m9r | Anchore CVE | High | sshd-common-2.9.2 | N/A | N/A | ||
| GHSA-22wj-vf5f-wrvj | Anchore CVE | High | h2-2.1.214 | N/A | N/A |
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/codedx/codedx-docker-tomcat&tag=v2023.8.2&branch=master
Tasks
Contributor:
-
Apply the StatusReview label to this issue for a merge request reviewand wait for feedback
OR
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue for a VAT justifications reviewand wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
RevieworVerificationlabel will be removed and the issue will be sent back toTo-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theRevieworVerificationlabel.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.
Edited by CHORE_TOKEN