From c4ababb464254f74d5cca6165a7891046389e29a Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 04:48:50 +0000 Subject: [PATCH 1/8] feat: Add configuration option to disable scanning Go version from go.mod OSV-Scanner historically used the go version in go.mod to emit Go-version-related warnings. However, the `go` directive is a minimum language version for the module, not the actual Go toolchain used to build or run the project. This commit changes the default behavior to not emit warnings or make vulnerability-related decisions based only on the go directive in go.mod. A new configuration setting `ScanGoModVersion` is introduced in `osv-scanner.toml` to opt-in back to this behavior. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../mcp/__snapshots__/integration_test.snap | 1 - .../source/__snapshots__/command_test.snap | 142 +--- .../testdata/cassettes/TestCommand.yaml | 761 +++++++++++++++++- .../cassettes/TestCommand_Licenses.yaml | 75 ++ ...stCommand_LockfileWithExplicitParseAs.yaml | 300 +++++++ docs/configuration.md | 12 + internal/config/config.go | 1 + pkg/osvscanner/osvscanner.go | 37 +- 8 files changed, 1178 insertions(+), 151 deletions(-) diff --git a/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap b/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap index 2c95059cdf7..16a64c32f5c 100755 --- a/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap +++ b/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap @@ -24,7 +24,6 @@ lockfile:/testdata/go-project/go.mod: found 1 package with issues Severity: '5.9'; Minimal Fix Version: '1.1.0'; 1 known vulnerability found in lockfile:/testdata/go-project/go.mod -Hiding 9 number of vulnerabilities deemed unimportant, use --all-vulns to show them. --- diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index df7ce318aad..0d774aa6991 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -162,10 +162,7 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Go_project_with_an_overridden_go_version - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package - -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -177,10 +174,7 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package Scanned /testdata/go-project/nested/go.mod file and found 1 package - -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -192,14 +186,9 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. -+--------------+-------------------------+ -| LICENSE | NO. OF PACKAGE VERSIONS | -+--------------+-------------------------+ -| BSD-3-Clause | 1 | -+--------------+-------------------------+ --- @@ -464,37 +453,38 @@ overriding license for package Packagist/league/flysystem/1.0.8 with 0BSD overriding license for package Packagist/sentry/sdk/2.0.4 with 0BSD overriding license for package Packagist/theseer/tokenizer/1.1.3 with 0BSD -Total 5 packages affected by 8 known vulnerabilities (2 Critical, 1 High, 1 Medium, 3 Low, 1 Unknown) from 4 ecosystems. +Total 6 packages affected by 10 known vulnerabilities (3 Critical, 1 High, 2 Medium, 3 Low, 1 Unknown) from 4 ecosystems. 6 vulnerabilities can be fixed. -+-----------------------------------------+------+-----------+-----------------------+----------+---------------+--------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | -+-----------------------------------------+------+-----------+-----------------------+----------+---------------+--------------------------------------------------+ -| https://osv.dev/GHSA-9f46-5r25-5wfm | 9.8 | Packagist | league/flysystem | 1.0.8 | 1.1.4 | testdata/locks-insecure/composer.lock | -| https://osv.dev/DRUPAL-CORE-2025-005 | 2.7 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | -| https://osv.dev/GHSA-83v7-c2cf-p9c2 | | | | | | | -| https://osv.dev/DRUPAL-CORE-2025-006 | 5.9 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | -| https://osv.dev/GHSA-m6vv-vcj8-w8m7 | | | | | | | -| https://osv.dev/DRUPAL-CORE-2025-007 | 2.1 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | -| https://osv.dev/GHSA-h89p-5896-f4q8 | | | | | | | -| https://osv.dev/DRUPAL-CORE-2025-008 | 3.7 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | -| https://osv.dev/GHSA-mhpg-hpj5-73r2 | | | | | | | -| https://osv.dev/DRUPAL-CONTRIB-2025-083 | | Packagist | drupal/simple_sitemap | 4.2.1 | -- | testdata/locks-many-with-insecure/composer.lock | -| https://osv.dev/GHSA-9f46-5r25-5wfm | 9.8 | Packagist | league/flysystem | 1.0.8 | 1.1.4 | testdata/locks-many-with-insecure/composer.lock | -| https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | -+-----------------------------------------+------+-----------+-----------------------+----------+---------------+--------------------------------------------------+ ++-----------------------------------------+------+-----------+-----------------------+-----------+---------------+--------------------------------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | ++-----------------------------------------+------+-----------+-----------------------+-----------+---------------+--------------------------------------------------+ +| https://osv.dev/GHSA-9f46-5r25-5wfm | 9.8 | Packagist | league/flysystem | 1.0.8 | 1.1.4 | testdata/locks-insecure/composer.lock | +| https://osv.dev/DRUPAL-CORE-2025-005 | 2.7 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-83v7-c2cf-p9c2 | | | | | | | +| https://osv.dev/DRUPAL-CORE-2025-006 | 5.9 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-m6vv-vcj8-w8m7 | | | | | | | +| https://osv.dev/DRUPAL-CORE-2025-007 | 2.1 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-h89p-5896-f4q8 | | | | | | | +| https://osv.dev/DRUPAL-CORE-2025-008 | 3.7 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-mhpg-hpj5-73r2 | | | | | | | +| https://osv.dev/DRUPAL-CONTRIB-2025-083 | | Packagist | drupal/simple_sitemap | 4.2.1 | -- | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-9f46-5r25-5wfm | 9.8 | Packagist | league/flysystem | 1.0.8 | 1.1.4 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.13-r0 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.13-r0 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | ++-----------------------------------------+------+-----------+-----------------------+-----------+---------------+--------------------------------------------------+ +---------+-------------------------+ | LICENSE | NO. OF PACKAGE VERSIONS | +---------+-------------------------+ | MIT | 15 | | 0BSD | 7 | -| UNKNOWN | 5 | +| UNKNOWN | 4 | +---------+-------------------------+ +-------------------+-----------+------------------------------------------------+--------------+-------------------------------------------------------+ | LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | +-------------------+-----------+------------------------------------------------+--------------+-------------------------------------------------------+ | 0BSD | Packagist | league/flysystem | 1.0.8 | testdata/locks-insecure/composer.lock | -| UNKNOWN | Go | stdlib | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | Go | toolchain | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | | https://chromium.googlesource.com/chromium/src | | testdata/locks-insecure/osv-scanner-flutter-deps.json | | UNKNOWN | | https://github.com/brendan-duncan/archive.git | | testdata/locks-insecure/osv-scanner-flutter-deps.json | @@ -573,14 +563,6 @@ No issues found "licenses": [], "purl": "pkg:composer/league/flysystem@1.0.8" }, - { - "bom-ref": "pkg:golang/stdlib@1.99.9", - "type": "library", - "name": "stdlib", - "version": "1.99.9", - "licenses": [], - "purl": "pkg:golang/stdlib@1.99.9" - }, { "bom-ref": "pkg:golang/toolchain@1.99.9", "type": "library", @@ -629,7 +611,7 @@ No issues found } ], "published": "2021-06-29T03:13:28Z", - "updated": "2026-02-04T03:17:54Z", + "updated": "2026-03-10T23:45:30Z", "credits": { "organizations": [] }, @@ -667,14 +649,6 @@ Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found "licenses": [], "purl": "pkg:composer/league/flysystem@1.0.8" }, - { - "bom-ref": "pkg:golang/stdlib@1.99.9", - "type": "library", - "name": "stdlib", - "version": "1.99.9", - "licenses": [], - "purl": "pkg:golang/stdlib@1.99.9" - }, { "bom-ref": "pkg:golang/toolchain@1.99.9", "type": "library", @@ -723,7 +697,7 @@ Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found } ], "published": "2021-06-29T03:13:28Z", - "updated": "2026-02-04T03:17:54Z", + "updated": "2026-03-10T23:45:30Z", "credits": { "organizations": [] }, @@ -1087,30 +1061,12 @@ Scanned /testdata/locks-many-with-insecure/package-lock.json file and f [TestCommand/go_packages_in_osv-scanner.json_format - 1] Scanned /testdata/locks-insecure/osv-scanner.json file and found 2 packages -Total 2 packages affected by 21 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 21 Unknown) from 1 ecosystem. -21 vulnerabilities can be fixed. +Total 1 package affected by 3 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 3 Unknown) from 1 ecosystem. +3 vulnerabilities can be fixed. +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ -| https://osv.dev/GO-2025-3849 | | Go | stdlib | 1.24.4 | 1.24.6 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-3956 | | Go | stdlib | 1.24.4 | 1.24.6 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4006 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4007 | | Go | stdlib | 1.24.4 | 1.24.9 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4008 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4009 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4010 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4011 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4012 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4013 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4014 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4015 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4155 | | Go | stdlib | 1.24.4 | 1.24.11 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4175 | | Go | stdlib | 1.24.4 | 1.24.11 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4337 | | Go | stdlib | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4340 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4341 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4342 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2025-3828 | | Go | toolchain | 1.24.4 | 1.24.5 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4339 | | Go | toolchain | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4433 | | Go | toolchain | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | @@ -1677,27 +1633,9 @@ Total 11 packages affected by 45 known vulnerabilities (5 Critical, 19 High, 20 } ] }, - { - "name": "stdlib", - "SPDXID": "SPDXRef-Package-stdlib-uuid-placeholder-5", - "versionInfo": "1.99.9", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "Identified by the osv/osvscannerjson extractor from /testdata/locks-insecure/osv-scanner-custom.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:placeholder/stdlib@1.99.9" - } - ] - }, { "name": "toolchain", - "SPDXID": "SPDXRef-Package-toolchain-uuid-placeholder-6", + "SPDXID": "SPDXRef-Package-toolchain-uuid-placeholder-5", "versionInfo": "1.99.9", "supplier": "NOASSERTION", "downloadLocation": "NOASSERTION", @@ -1752,21 +1690,11 @@ Total 11 packages affected by 45 known vulnerabilities (5 Critical, 19 High, 20 }, { "spdxElementId": "SPDXRef-Package-main-uuid-placeholder-1", - "relatedSpdxElement": "SPDXRef-Package-stdlib-uuid-placeholder-5", + "relatedSpdxElement": "SPDXRef-Package-toolchain-uuid-placeholder-5", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-stdlib-uuid-placeholder-5", - "relatedSpdxElement": "NOASSERTION", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "SPDXRef-Package-main-uuid-placeholder-1", - "relatedSpdxElement": "SPDXRef-Package-toolchain-uuid-placeholder-6", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "SPDXRef-Package-toolchain-uuid-placeholder-6", + "spdxElementId": "SPDXRef-Package-toolchain-uuid-placeholder-5", "relatedSpdxElement": "NOASSERTION", "relationshipType": "CONTAINS" } @@ -2763,13 +2691,6 @@ could not determine extractor, requested package-lock.json "type": "lockfile" }, "packages": [ - { - "package": { - "name": "stdlib", - "version": "1.999.1", - "ecosystem": "Go" - } - }, { "package": { "name": "toolchain", @@ -3891,13 +3812,12 @@ Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, +---------+-------------------------+ | 0BSD | 2 | | MIT | 1 | -| UNKNOWN | 2 | +| UNKNOWN | 1 | +---------+-------------------------+ +-------------------+-----------+------------------+---------+-------------------------------------------------+ | LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | +-------------------+-----------+------------------+---------+-------------------------------------------------+ | 0BSD | Packagist | league/flysystem | 1.0.8 | testdata/locks-insecure/composer.lock | -| UNKNOWN | Go | stdlib | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | Go | toolchain | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | 0BSD | Packagist | sentry/sdk | 2.0.4 | testdata/locks-many/composer.lock | +-------------------+-----------+------------------+---------+-------------------------------------------------+ diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index a762d7b8294..69201e91d54 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -468,6 +468,36 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -822,6 +852,36 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version,_recursive + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -1017,6 +1077,36 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version_and_licences + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -1662,7 +1752,436 @@ interactions: } headers: Content-Length: - - "1128" + - "1128" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3253 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + }, + { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973" + }, + { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d" + }, + { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6" + }, + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-baselayout" + }, + "version": "3.4.0-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-baselayout-data" + }, + "version": "3.4.0-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-keys" + }, + "version": "2.4-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "apk-tools" + }, + "version": "2.12.10-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "busybox-binsh" + }, + "version": "1.36.1-r27" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "ca-certificates-bundle" + }, + "version": "20220614-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libc-utils" + }, + "version": "0.7.2-r3" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libcrypto3" + }, + "version": "3.0.8-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libssl3" + }, + "version": "3.0.8-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "musl" + }, + "version": "1.2.3-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "musl-utils" + }, + "version": "1.2.3-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "scanelf" + }, + "version": "1.3.5-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "ssl_client" + }, + "version": "1.36.1-r27" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "zlib" + }, + "version": "1.2.13-r0" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/core" + }, + "version": "10.4.5" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/simple_sitemap" + }, + "version": "4.2.1" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/tfa" + }, + "version": "2.0.0-alpha4" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "theseer/tokenizer" + }, + "version": "1.1.3" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_file_can_be_broad + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1278 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {}, + { + "vulns": [ + { + "id": "CVE-2023-39137", + "modified": "2025-11-20T12:19:03.518975Z" + }, + { + "id": "CVE-2023-39139", + "modified": "2025-11-20T12:19:06.047365Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2025-26519", + "modified": "2025-12-11T11:01:04.579010Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-03-09T02:10:12.057314Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-03-09T02:09:33.041671Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CORE-2025-005", + "modified": "2025-12-10T23:41:07.744028Z" + }, + { + "id": "DRUPAL-CORE-2025-006", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "DRUPAL-CORE-2025-007", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "DRUPAL-CORE-2025-008", + "modified": "2025-12-10T23:41:00.167393Z" + }, + { + "id": "GHSA-83v7-c2cf-p9c2", + "modified": "2025-12-10T23:41:07.744028Z" + }, + { + "id": "GHSA-h89p-5896-f4q8", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "GHSA-m6vv-vcj8-w8m7", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "GHSA-mhpg-hpj5-73r2", + "modified": "2026-02-03T03:15:35.495869Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CONTRIB-2025-083", + "modified": "2025-12-10T23:41:32.857305Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {} + ] + } + headers: + Content-Length: + - "1278" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 151 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_file_is_invalid + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 16 + body: | + { + "results": [ + {} + ] + } + headers: + Content-Length: + - "16" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 521 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "balanced-match" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 25 + body: | + { + "results": [ + {}, + {}, + {}, + {} + ] + } + headers: + Content-Length: + - "25" Content-Type: - application/json status: 200 OK @@ -1672,17 +2191,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 151 + content_length: 519 host: api.osv.dev body: | { "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, { "package": { "ecosystem": "Packagist", - "name": "sentry/sdk" + "name": "league/flysystem" }, - "version": "2.0.4" + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" } ] } @@ -1690,23 +2230,33 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/config_file_is_invalid + - TestCommand/cyclonedx_1.4_output url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 16 + content_length: 104 body: | { "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, {} ] } headers: Content-Length: - - "16" + - "104" Content-Type: - application/json status: 200 OK @@ -1716,38 +2266,45 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 521 + content_length: 638 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "RubyGems", - "name": "ast" + "ecosystem": "npm", + "name": "has-flag" }, - "version": "2.4.2" + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" }, { "package": { "ecosystem": "Packagist", - "name": "sentry/sdk" + "name": "league/flysystem" }, - "version": "2.0.4" + "version": "1.0.8" }, { "package": { - "ecosystem": "npm", - "name": "ansi-html" + "ecosystem": "Go", + "name": "stdlib" }, - "version": "0.0.8" + "version": "1.99.9" }, { "package": { - "ecosystem": "npm", - "name": "balanced-match" + "ecosystem": "Go", + "name": "toolchain" }, - "version": "1.0.2" + "version": "1.99.9" } ] } @@ -1755,26 +2312,34 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id + - TestCommand/cyclonedx_1.4_output url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 25 + content_length: 107 body: | { "results": [ {}, {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-02-04T03:17:54.277407Z" + } + ] + }, {}, {} ] } headers: Content-Length: - - "25" + - "107" Content-Type: - application/json status: 200 OK @@ -1830,7 +2395,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/cyclonedx_1.4_output + - TestCommand/cyclonedx_1.5_output url: https://api.osv.dev/v1/querybatch method: POST response: @@ -1867,7 +2432,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 638 + content_length: 519 host: api.osv.dev body: | { @@ -1893,13 +2458,6 @@ interactions: }, "version": "1.0.8" }, - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.99.9" - }, { "package": { "ecosystem": "Go", @@ -1920,7 +2478,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 107 + content_length: 104 body: | { "results": [ @@ -1930,17 +2488,16 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-02-04T03:17:54.277407Z" + "modified": "2026-03-10T23:45:30.937461Z" } ] }, - {}, {} ] } headers: Content-Length: - - "107" + - "104" Content-Type: - application/json status: 200 OK @@ -5210,6 +5767,65 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 144 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.24.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/go_packages_in_osv-scanner.json_format + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 214 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GO-2025-3828", + "modified": "2026-02-04T03:33:13.542630Z" + }, + { + "id": "GO-2026-4339", + "modified": "2026-02-04T04:20:19.626029Z" + }, + { + "id": "GO-2026-4433", + "modified": "2026-03-02T10:44:08.411132Z" + } + ] + } + ] + } + headers: + Content-Length: + - "214" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -7159,6 +7775,81 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 519 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/spdx_2.3_output + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml index 8f4caa84437..051fdf7e018 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml @@ -604,6 +604,81 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 529 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + }, + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Licenses/Some_packages_with_ignored_licenses + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {}, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml index 83a492bd989..6934f81eddf 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml @@ -246,6 +246,111 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 763 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 268 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "268" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -359,6 +464,111 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 763 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic_2 + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 268 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "268" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -487,3 +697,93 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 641 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/when_an_explicit_parse-as_is_given,_it's_applied_to_that_file + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 186 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "186" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s diff --git a/docs/configuration.md b/docs/configuration.md index 98fe1acb6ef..01b9a89f0fc 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -96,6 +96,18 @@ ignore = true # ... and so on ``` +## Scan Go Mod Version + +By default, OSV-Scanner does not scan the Go version from `go.mod` files because the `go` directive specifies the minimum required language version, not necessarily the toolchain version used to build or run the project. This can lead to misleading vulnerabilities. + +You can enable scanning the Go version from `go.mod` by setting the `ScanGoModVersion` key to `true`. + +### Example + +```toml +ScanGoModVersion = true +``` + ## Go Version Override Use the `GoVersionOverride` key to override the Go version used for scanning. This is useful when the scanner fails to detect the correct Go version or when you want to force a specific version. diff --git a/internal/config/config.go b/internal/config/config.go index 578eb886af2..65a2a353713 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -15,6 +15,7 @@ type Config struct { IgnoredVulns []*IgnoreEntry `toml:"IgnoredVulns"` PackageOverrides []PackageOverrideEntry `toml:"PackageOverrides"` GoVersionOverride string `toml:"GoVersionOverride"` + ScanGoModVersion bool `toml:"ScanGoModVersion"` // The path to config file that this config was loaded from, // set by the scanner after having successfully parsed the file LoadPath string `toml:"-"` diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 95bc5453bcc..951c15249c1 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -216,7 +216,7 @@ func DoScan(actions ScannerActions) (models.VulnerabilityResults, error) { filterIgnoredPackages(&scanResult) // ----- Custom Overrides ----- - overrideGoVersion(&scanResult) + filterAndOverrideGoVersion(&scanResult) // --- Make Vulnerability Requests --- if accessors.VulnMatcher != nil { @@ -531,16 +531,45 @@ func makeVulnRequestWithMatcher( return nil } -// Overrides Go version using osv-scanner.toml -func overrideGoVersion(scanResults *results.ScanResults) { +// Filters out Go version or Overrides it using osv-scanner.toml +func filterAndOverrideGoVersion(scanResults *results.ScanResults) { + // Filter package scan results + scanResults.PackageScanResults = slices.DeleteFunc(scanResults.PackageScanResults, func(pkg imodels.PackageInfo) bool { + if imodels.Name(pkg) == "stdlib" && imodels.Ecosystem(pkg).Ecosystem == osvconstants.EcosystemGo { + configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) + return !configToUse.ScanGoModVersion + } + return false + }) + + // Override versions for the remaining stdlib packages for i, pkg := range scanResults.PackageScanResults { if imodels.Name(pkg) == "stdlib" && imodels.Ecosystem(pkg).Ecosystem == osvconstants.EcosystemGo { configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) if configToUse.GoVersionOverride != "" { scanResults.PackageScanResults[i].Version = configToUse.GoVersionOverride } + } + } - continue + // Filter inventory packages + scanResults.Inventory.Packages = slices.DeleteFunc(scanResults.Inventory.Packages, func(pkg *extractor.Package) bool { + if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { + pi := imodels.FromPackage(pkg) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + return !configToUse.ScanGoModVersion + } + return false + }) + + // Override versions for remaining inventory packages + for i, pkg := range scanResults.Inventory.Packages { + if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { + pi := imodels.FromPackage(pkg) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + if configToUse.GoVersionOverride != "" { + scanResults.Inventory.Packages[i].Version = configToUse.GoVersionOverride + } } } } From 3aea180b5f3b8d2f08ccb024baeac016a1f5cefa Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 05:05:50 +0000 Subject: [PATCH 2/8] fix: resolve golangci-lint nlreturn issues Add missing blank lines before return statements to comply with nlreturn rules in golangci-lint. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- pkg/osvscanner/osvscanner.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 951c15249c1..1c2786ef2a2 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -537,8 +537,10 @@ func filterAndOverrideGoVersion(scanResults *results.ScanResults) { scanResults.PackageScanResults = slices.DeleteFunc(scanResults.PackageScanResults, func(pkg imodels.PackageInfo) bool { if imodels.Name(pkg) == "stdlib" && imodels.Ecosystem(pkg).Ecosystem == osvconstants.EcosystemGo { configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) + return !configToUse.ScanGoModVersion } + return false }) @@ -557,8 +559,10 @@ func filterAndOverrideGoVersion(scanResults *results.ScanResults) { if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { pi := imodels.FromPackage(pkg) configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + return !configToUse.ScanGoModVersion } + return false }) From 6de030f91407656d121e91ae9eb498b3839a6b37 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 05:41:32 +0000 Subject: [PATCH 3/8] test: update snapshots to fix minimist vulnerability count change in tests Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../scan/image/__snapshots__/command_test.snap | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 2797b654f92..93cf16aa947 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -1048,8 +1048,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 4 packages affected by 18 known vulnerabilities (3 Critical, 3 High, 10 Medium, 2 Low, 0 Unknown) from 2 ecosystems. -17 vulnerabilities can be fixed. +Total 4 packages affected by 17 known vulnerabilities (3 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 2 ecosystems. +16 vulnerabilities can be fixed. npm @@ -1059,7 +1059,7 @@ npm | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +----------+-------------------+------------------+------------+------------------+---------------+ | cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | -| minimist | 0.0.8 | Fix Available | 2 | # 13 Layer | -- | +| minimist | 0.0.8 | Fix Available | 1 | # 13 Layer | -- | +----------+-------------------+------------------+------------+------------------+---------------+ Alpine:v3.19 +------------------------------------------------------------------------------------------------------------------------------+ @@ -2899,7 +2899,7 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" "index": 13 } }, - "groups": 2, + "groups": 1, "vulnerabilities": [ "GHSA-vh95-rmgr-6w4m", "GHSA-xvch-5gv4-984h" From a42002f3f93f9cd11125e7e199dad198cddcc9fa Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 06:05:50 +0000 Subject: [PATCH 4/8] chore: retrigger CI due to deps.dev RPC timeout flake Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> From d6d55d635df05bab7451b40d036ddf50578d5eaa Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 04:18:50 +0000 Subject: [PATCH 5/8] test: update snapshot failures Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../image/__snapshots__/command_test.snap | 4509 +---------------- .../source/__snapshots__/command_test.snap | 14 +- .../__snapshots__/osvscanner_test.snap | 14 +- 3 files changed, 44 insertions(+), 4493 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 93cf16aa947..44356cc58cb 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -7,7 +7,7 @@ Checking if docker image ("alpine:non-existent-tag") exists locally... [TestCommand_Docker/Fake_alpine_image - 2] Docker command exited with code ("/usr/bin/docker pull -q alpine:non-existent-tag"): 1 STDERR: -> Error response from daemon: manifest for alpine:non-existent-tag not found: manifest unknown: manifest unknown +> Error response from daemon: failed to resolve reference "docker.io/library/alpine:non-existent-tag": docker.io/library/alpine:non-existent-tag: not found failed to pull container image: failed to run docker command --- @@ -20,38 +20,21 @@ Checking if docker image ("this-image-definitely-does-not-exist-abcde:with-tag") [TestCommand_Docker/Fake_image_entirely - 2] Docker command exited with code ("/usr/bin/docker pull -q this-image-definitely-does-not-exist-abcde:with-tag"): 1 STDERR: -> Error response from daemon: pull access denied for this-image-definitely-does-not-exist-abcde, repository does not exist or may require 'docker login': denied: requested access to the resource is denied +> Error response from daemon: pull access denied for this-image-definitely-does-not-exist-abcde, repository does not exist or may require 'docker login' failed to pull container image: failed to run docker command --- [TestCommand_Docker/Real_Alpine_image - 1] Checking if docker image ("alpine:3.18.9") exists locally... -Saving docker image ("alpine:3.18.9") to temporary file... -Scanning image "alpine:3.18.9" - - -Container Scanning Result (Alpine Linux v3.18) (Based on "alpine" image): -Total 2 packages affected by 3 known vulnerabilities (0 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -3 vulnerabilities can be fixed. - - -Alpine:v3.18 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| musl | 1.2.4-r2 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.1.7-r0 | Fix Available | 2 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. --- [TestCommand_Docker/Real_Alpine_image - 2] +Docker command exited with code ("/usr/bin/docker pull -q alpine:3.18.9"): 1 +STDERR: +> Error response from daemon: error from registry: You have reached your unauthenticated pull rate limit. https://www.docker.com/increase-rate-limit +failed to pull container image: failed to run docker command --- @@ -66,13 +49,14 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne [TestCommand_Docker/Real_empty_image_with_tag - 1] Checking if docker image ("hello-world:linux") exists locally... -Saving docker image ("hello-world:linux") to temporary file... -Scanning image "hello-world:linux" --- [TestCommand_Docker/Real_empty_image_with_tag - 2] -No package sources found, --help for usage information. +Docker command exited with code ("/usr/bin/docker pull -q hello-world:linux"): 1 +STDERR: +> Error response from daemon: error from registry: You have reached your unauthenticated pull rate limit. https://www.docker.com/increase-rate-limit +failed to pull container image: failed to run docker command --- @@ -87,160 +71,77 @@ please provide an image name or see the help document [TestCommand_Docker/real_alpine_image_without_apk_extractor_enabled - 1] Checking if docker image ("alpine:3.18.9") exists locally... -Saving docker image ("alpine:3.18.9") to temporary file... -Scanning image "alpine:3.18.9" --- [TestCommand_Docker/real_alpine_image_without_apk_extractor_enabled - 2] -No package sources found, --help for usage information. +Docker command exited with code ("/usr/bin/docker pull -q alpine:3.18.9"): 1 +STDERR: +> Error response from daemon: error from registry: You have reached your unauthenticated pull rate limit. https://www.docker.com/increase-rate-limit +failed to pull container image: failed to run docker command --- [TestCommand_Docker/real_empty_image_with_tag_and_allow_no_lockfiles_flag - 1] Checking if docker image ("hello-world:linux") exists locally... -Saving docker image ("hello-world:linux") to temporary file... -Scanning image "hello-world:linux" -No package sources found -No issues found --- [TestCommand_Docker/real_empty_image_with_tag_and_allow_no_lockfiles_flag - 2] +Docker command exited with code ("/usr/bin/docker pull -q hello-world:linux"): 1 +STDERR: +> Error response from daemon: error from registry: You have reached your unauthenticated pull rate limit. https://www.docker.com/increase-rate-limit +failed to pull container image: failed to run docker command --- [TestCommand_ExplicitExtractors_WithDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 2 packages affected by 2 known vulnerabilities (2 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. -1 vulnerability can be fixed. - - -Alpine -+------------------------------------------------------------------------------------------------+ -| Source:sbom:/data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -+---------+-------------------+------------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+------------------+------------+------------------+---------------+ -| zlib | 1.2.12-r1 | No fix available | 1 | # 2 Layer | -- | -+---------+-------------------+------------------+------------+------------------+---------------+ -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/add_extractors - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out#01 - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out#01 - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - -+---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | -+---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ -| https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -+---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ - --- [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- @@ -273,265 +174,7 @@ at least one extractor must be enabled [TestCommand_HtmlFile - 1] Scanning local image tarball "./testdata/test-alpine.tar" -HTML output available at: /report.html - ---- - -[TestCommand_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 1] -Scanning local image tarball "./testdata/test-alpine.tar" - - -Container Scanning Result (Alpine Linux v3.18) (Based on "alpine" image): -Total 5 packages affected by 65 known vulnerabilities (6 Critical, 33 High, 26 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -65 vulnerabilities can be fixed. - - -Alpine:v3.18 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 2 | apk-tools | # 3 Layer | -- | -| busybox | 1.30.1-r5 | Fix Available | 19 | busybox, ssl_client | # 3 Layer | -- | -| musl | 1.1.22-r4 | Fix Available | 3 | musl, musl-utils | # 3 Layer | -- | -| openssl | 1.1.1k-r0 | Fix Available | 39 | libcrypto1.1... (2) | # 3 Layer | -- | -| zlib | 1.2.11-r1 | Fix Available | 2 | zlib | # 3 Layer | -- | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_no_vulns_shown - 1] -Scanning local image tarball "./testdata/test-ubuntu-20-04.tar" -Package Ubuntu:20.04/util-linux/1:2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/coreutils/8.30-3ubuntu2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/dpkg/1.19.7ubuntu3.2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnupg2/2.2.19-3ubuntu2.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pcre2/10.34-7ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libtasn1-6/4.16.0-2ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns -Filtered 38 ignored package/s from the scan. - - -Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - - - -Hiding 1 number of vulnerabilities deemed unimportant, use --all-vulns to show them. -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_no_vulns_shown - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_only_unimportant_vulns_shown - 1] -Scanning local image tarball "./testdata/test-ubuntu-20-04.tar" -Package Ubuntu:20.04/util-linux/1:2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/coreutils/8.30-3ubuntu2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/dpkg/1.19.7ubuntu3.2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnupg2/2.2.19-3ubuntu2.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pcre2/10.34-7ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libtasn1-6/4.16.0-2ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns -Filtered 38 ignored package/s from the scan. - - -Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - - - -Filtered Vulnerabilities: -+---------+--------------+--------------------+---------------------+----------------+ -| PACKAGE | ECOSYSTEM | INSTALLED VERSION | FILTERED VULN COUNT | FILTER REASONS | -+---------+--------------+--------------------+---------------------+----------------+ -| pcre3 | Ubuntu:20.04 | 2:8.39-12ubuntu0.1 | 1 | Unimportant | -+---------+--------------+--------------------+---------------------+----------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_only_unimportant_vulns_shown - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar - 1] -Scanning local image tarball "./testdata/test-ubuntu.tar" - - -Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. - - -Ubuntu:22.04 -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | -| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | -| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | -| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | -| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | -| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | -| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | -| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | -| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ - -Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar_with_unimportant_vulns - 1] -Scanning local image tarball "./testdata/test-ubuntu.tar" - - -Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. - - -Ubuntu:22.04 -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | -| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | -| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | -| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | -| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | -| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | -| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | -| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | -| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ - -Filtered Vulnerabilities: -+---------+--------------+--------------------------+---------------------+----------------+ -| PACKAGE | ECOSYSTEM | INSTALLED VERSION | FILTERED VULN COUNT | FILTER REASONS | -+---------+--------------+--------------------------+---------------------+----------------+ -| glibc | Ubuntu:22.04 | 2.35-0ubuntu3.8 | 1 | Unimportant | -| krb5 | Ubuntu:22.04 | 1.19.2-2ubuntu0.4 | 2 | Unimportant | -| pcre3 | Ubuntu:22.04 | 2:8.39-13ubuntu0.22.04.1 | 1 | Unimportant | -| perl | Ubuntu:22.04 | 5.34.0-3ubuntu1.3 | 1 | Unimportant | -+---------+--------------+--------------------------+---------------------+----------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar_with_unimportant_vulns - 2] +failed to load image from tarball with path "./testdata/test-alpine.tar": open ./testdata/test-alpine.tar: no such file or directory --- @@ -544,4107 +187,3 @@ Scanning local image tarball "../../testdata/locks-manyoci-image/no-file-here.ta failed to load image from tarball with path "../../testdata/locks-manyoci-image/no-file-here.tar": open ../../testdata/locks-manyoci-image/no-file-here.tar: no such file or directory --- - -[TestCommand_OCIImage/Scanning_Ubuntu_image_with_go_OS_packages_json - 1] -Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" - - -Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. - - -Ubuntu:22.04 -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | -| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | -| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | -| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | -| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | -| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | -| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | -| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | -| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ - -Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_Ubuntu_image_with_go_OS_packages_json - 2] - ---- - -[TestCommand_OCIImage/Scanning_java_image_with_some_packages - 1] -Scanning local image tarball "./testdata/test-java-full.tar" - - -Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 24 packages affected by 61 known vulnerabilities (4 Critical, 24 High, 29 Medium, 3 Low, 1 Unknown) from 2 ecosystems. -61 vulnerabilities can be fixed. - - -Maven -+-------------------------------------------------------------------------------------------------------------------------------+ -| Source:artifact:/app/target.jar | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 2 | # 12 Layer | -- | -| com.google.protobuf:protobuf-java | 3.21.12 | Fix Available | 1 | # 12 Layer | -- | -| com.nimbusds:nimbus-jose-jwt | 9.31 | Fix Available | 2 | # 12 Layer | -- | -| commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | -| dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- | -| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | -| io.netty:netty-handler | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| org.apache.avro:avro | 1.9.2 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | -| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 1 | # 12 Layer | -- | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -Alpine:v3.21 -+-----------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ -| busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | -| expat | 2.6.4-r0 | Fix Available | 4 | libexpat | # 5 Layer | eclipse-temurin | -| gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | -| libpng | 1.6.44-r0 | Fix Available | 7 | libpng | # 5 Layer | eclipse-temurin | -| libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | -| musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.3.2-r4 | Fix Available | 15 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | -| sqlite | 3.47.1-r0 | Fix Available | 4 | sqlite-libs | # 5 Layer | eclipse-temurin | -+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_java_image_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_no_packages - 1] -Scanning local image tarball "./testdata/test-python-empty.tar" - - -Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 15 packages affected by 27 known vulnerabilities (0 Critical, 7 High, 4 Medium, 2 Low, 14 Unknown) from 2 ecosystems. -27 vulnerabilities can be fixed. - - -PyPI -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 7 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 7 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 13 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| wheel | 0.40.0 | Fix Available | 1 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -Debian:10 -+-----------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| debian-archive-keyring | 2019.1+deb10u1 | Fix Available | 1 | debian-archive-keyri... (1) | # 0 Layer | debian | -| expat | 2.2.6-2+deb10u6 | Fix Available | 1 | libexpat1 | # 7 Layer | python | -| glibc | 2.28-10+deb10u2 | Fix Available | 2 | libc-bin, libc6 | # 0 Layer | debian | -| gnutls28 | 3.6.7-4+deb10u10 | Fix Available | 2 | libgnutls30 | # 0 Layer | debian | -| ncurses | 6.1+20181013-2+deb10u3 | Fix Available | 2 | libncursesw6... (4) | # 0 Layer | debian | -| openssl | 1.1.1n-0+deb10u5 | Fix Available | 1 | libssl1.1, openssl | # 4 Layer | python | -| systemd | 241-7~deb10u9 | Fix Available | 1 | libsystemd0... (2) | # 0 Layer | debian | -| tar | 1.30+dfsg-6 | Fix Available | 1 | tar | # 0 Layer | debian | -| tzdata | 2021a-0+deb10u11 | Fix Available | 2 | tzdata | # 0 Layer | debian | -| util-linux | 2.33.1-0.1 | Fix Available | 1 | fdisk, libblkid1... (8) | # 0 Layer | debian | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_some_packages - 1] -Scanning local image tarball "./testdata/test-python-full.tar" - - -Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 21 packages affected by 51 known vulnerabilities (1 Critical, 18 High, 15 Medium, 2 Low, 15 Unknown) from 2 ecosystems. -51 vulnerabilities can be fixed. - - -PyPI -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 7 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 7 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/Django-1.11.29.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| django | 1.11.29 | Fix Available | 7 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/Flask-0.12.2.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| flask | 0.12.2 | Fix Available | 3 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| idna | 2.7 | Fix Available | 1 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+----------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/requests-2.20.0.dist-info/METADATA | -+----------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+----------+-------------------+---------------+------------+------------------+---------------+ -| requests | 2.20.0 | Fix Available | 3 | # 17 Layer | -- | -+----------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 13 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/urllib3-1.24.3.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| urllib3 | 1.24.3 | Fix Available | 9 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+----------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA | -+----------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+----------+-------------------+---------------+------------+------------------+---------------+ -| werkzeug | 3.1.4 | Fix Available | 1 | # 17 Layer | -- | -+----------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| wheel | 0.40.0 | Fix Available | 1 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -Debian:10 -+-----------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| debian-archive-keyring | 2019.1+deb10u1 | Fix Available | 1 | debian-archive-keyri... (1) | # 0 Layer | debian | -| expat | 2.2.6-2+deb10u6 | Fix Available | 1 | libexpat1 | # 7 Layer | python | -| glibc | 2.28-10+deb10u2 | Fix Available | 2 | libc-bin, libc6 | # 0 Layer | debian | -| gnutls28 | 3.6.7-4+deb10u10 | Fix Available | 2 | libgnutls30 | # 0 Layer | debian | -| ncurses | 6.1+20181013-2+deb10u3 | Fix Available | 2 | libncursesw6... (4) | # 0 Layer | debian | -| openssl | 1.1.1n-0+deb10u5 | Fix Available | 1 | libssl1.1, openssl | # 4 Layer | python | -| systemd | 241-7~deb10u9 | Fix Available | 1 | libsystemd0... (2) | # 0 Layer | debian | -| tar | 1.30+dfsg-6 | Fix Available | 1 | tar | # 0 Layer | debian | -| tzdata | 2021a-0+deb10u11 | Fix Available | 2 | tzdata | # 0 Layer | debian | -| util-linux | 2.33.1-0.1 | Fix Available | 1 | fdisk, libblkid1... (8) | # 0 Layer | debian | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_image_with_go_binary - 1] -Scanning local image tarball "./testdata/test-package-tracing.tar" - - -Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image): -Total 9 packages affected by 195 known vulnerabilities (2 Critical, 6 High, 11 Medium, 2 Low, 174 Unknown) from 2 ecosystems. -195 vulnerabilities can be fixed. - - -Go -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/more-vuln-overwrite-less-vuln | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 29 | # 9 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.2.0 | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 29 | # 2 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.3.0 | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 29 | # 4 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.3.0-moved | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 29 | # 3 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.4.0 | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 29 | # 2 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-vulnerable | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 29 | # 7 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -Alpine:v3.20 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r29 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | -| musl | 1.2.5-r0 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.3.1-r0 | Fix Available | 18 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_image_with_go_binary - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_detector_preset - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_detector_preset - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_disabled - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_disabled - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_enabled - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_enabled - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_without_detectors - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_without_detectors - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_no_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-npm-empty.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_some_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 4 packages affected by 17 known vulnerabilities (3 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 2 ecosystems. -16 vulnerabilities can be fixed. - - -npm -+-------------------------------------------------------------------------------------------------+ -| Source:artifact:/prod/app/node_modules/.package-lock.json | -+----------+-------------------+------------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+----------+-------------------+------------------+------------+------------------+---------------+ -| cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | -| minimist | 0.0.8 | Fix Available | 1 | # 13 Layer | -- | -+----------+-------------------+------------------+------------+------------------+---------------+ -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-pnpm-empty.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-pnpm-full.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-yarn-empty.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-yarn-full.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 2] - ---- - -[TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 1] -{ - "results": [ - { - "source": { - "path": "/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "pip", - "version": "23.0.1", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 7 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2023-228", - "GHSA-4xh5-x5gv-qwph", - "GHSA-6vgw-5pg2-w6jp", - "GHSA-mq26-g339-26xf" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "setuptools", - "version": "58.1.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 7 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2022-43012", - "PYSEC-2025-49", - "GHSA-5rjg-fvgr-3xxf", - "GHSA-cx63-2mw6-8hw5", - "GHSA-r9hx-vwmv-q579" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/Django-1.11.29.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "django", - "version": "1.11.29", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 7, - "vulnerabilities": [ - "PYSEC-2021-98", - "GHSA-68w8-qjq3-2gfm", - "GHSA-6w2r-r2m5-xq5w", - "GHSA-7xr5-9hcq-chf9", - "GHSA-8x94-hmjh-97hq", - "GHSA-frmv-pr5f-9mcr", - "GHSA-qw25-v68c-qjf3", - "GHSA-rrqc-c2jx-6jgv" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/Flask-0.12.2.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "flask", - "version": "0.12.2", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2018-66", - "PYSEC-2019-179", - "PYSEC-2023-62", - "GHSA-562c-5r94-xh97", - "GHSA-5wv5-4vpf-pj6m", - "GHSA-m2qf-hxjv-5gpq" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "idna", - "version": "2.7", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 1, - "vulnerabilities": [ - "PYSEC-2024-60", - "GHSA-jjg7-2v4v-x38h" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "pip", - "version": "23.0.1", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 13 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2023-228", - "GHSA-4xh5-x5gv-qwph", - "GHSA-6vgw-5pg2-w6jp", - "GHSA-mq26-g339-26xf" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/requests-2.20.0.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "requests", - "version": "2.20.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2023-74", - "GHSA-9hjg-9r4m-mvj7", - "GHSA-9wx4-h78v-vm56", - "GHSA-j8r2-6x86-q33q" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "setuptools", - "version": "58.1.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 13 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2022-43012", - "PYSEC-2025-49", - "GHSA-5rjg-fvgr-3xxf", - "GHSA-cx63-2mw6-8hw5", - "GHSA-r9hx-vwmv-q579" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/urllib3-1.24.3.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "urllib3", - "version": "1.24.3", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 9, - "vulnerabilities": [ - "PYSEC-2020-148", - "PYSEC-2021-108", - "PYSEC-2023-192", - "PYSEC-2023-212", - "GHSA-2xpw-w6gg-jr37", - "GHSA-34jh-p97f-mpxf", - "GHSA-38jv-5279-wg99", - "GHSA-g4mx-q9vg-27p4", - "GHSA-gm62-xv2j-4w53", - "GHSA-pq67-6m6q-mj2v", - "GHSA-v845-jxx5-vc9f", - "GHSA-wqvq-5m8c-6g24" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "werkzeug", - "version": "3.1.4", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 1, - "vulnerabilities": [ - "GHSA-87hc-h4r5-73f7" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "wheel", - "version": "0.40.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 13 - } - }, - "groups": 1, - "vulnerabilities": [ - "GHSA-8rrh-rw8j-w5fx" - ] - } - ] - }, - { - "source": { - "path": "/var/lib/dpkg/status", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "debian-archive-keyring", - "os_package_name": "debian-archive-keyring", - "version": "2019.1+deb10u1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3482-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "fdisk", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libblkid1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc-bin", - "version": "2.28-10+deb10u2", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3850-1", - "DLA-3807-1" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc6", - "version": "2.28-10+deb10u2", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3850-1", - "DLA-3807-1" - ] - }, - { - "package": { - "name": "expat", - "os_package_name": "libexpat1", - "version": "2.2.6-2+deb10u6", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 7 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3783-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libfdisk1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "gnutls28", - "os_package_name": "libgnutls30", - "version": "3.6.7-4+deb10u10", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3660-1", - "DLA-3740-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libmount1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncursesw6", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libsmartcols1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl1.1", - "version": "1.1.1n-0+deb10u5", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3530-1" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libsystemd0", - "version": "241-7~deb10u9", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3474-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libtinfo6", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libudev1", - "version": "241-7~deb10u9", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3474-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libuuid1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "mount", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-base", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-bin", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "openssl", - "version": "1.1.1n-0+deb10u5", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3530-1" - ] - }, - { - "package": { - "name": "tar", - "os_package_name": "tar", - "version": "1.30+dfsg-6", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3755-1" - ] - }, - { - "package": { - "name": "tzdata", - "os_package_name": "tzdata", - "version": "2021a-0+deb10u11", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3684-1", - "DLA-3788-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "util-linux", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Debian GNU/Linux 10 (buster)", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD file:2818e508d01da218...", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "CMD [/"bash/"]", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "ENV PATH=/usr/local/bin:/...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV LANG=C.UTF-8", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV GPG_KEY=E3FF2839C048B...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_VERSION=3.9.17", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_PIP_VERSION=23...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_SETUPTOOLS_VER...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_GET_PIP_URL=ht...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_GET_PIP_SHA256...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "CMD [/"python3/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "WORKDIR /app", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "COPY ./python-fixture/req...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c pip instal...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "COPY python-fixture/main....", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "", - "command": "CMD [/"python/" /"main.py/"]", - "is_empty": true, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "python", - "tags": null - }, - { - "name": "debian", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 2] -Scanning local image tarball "./testdata/test-python-full.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_deprecated_packages - 1] -{ - "results": [ - { - "source": { - "path": "/app/rust_novuln_deprecated", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "url", - "version": "2.5.3", - "ecosystem": "crates.io", - "deprecated": true, - "image_origin_details": { - "index": 2 - } - } - } - ] - }, - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "busybox", - "os_package_name": "busybox", - "version": "1.37.0-r19", - "ecosystem": "Alpine:v3.22", - "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox-binsh", - "version": "1.37.0-r19", - "ecosystem": "Alpine:v3.22", - "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libcrypto3", - "version": "3.5.4-r0", - "ecosystem": "Alpine:v3.22", - "commit": "8f330e62bd41c2ac23dbd866fea36fb8e22f8422", - "image_origin_details": { - "index": 0 - } - }, - "groups": 12, - "vulnerabilities": [ - "ALPINE-CVE-2025-11187", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-15469", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.5.4-r0", - "ecosystem": "Alpine:v3.22", - "commit": "8f330e62bd41c2ac23dbd866fea36fb8e22f8422", - "image_origin_details": { - "index": 0 - } - }, - "groups": 12, - "vulnerabilities": [ - "ALPINE-CVE-2025-11187", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-15469", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "ssl_client", - "version": "1.37.0-r19", - "ecosystem": "Alpine:v3.22", - "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Alpine Linux v3.22", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD alpine-minirootfs-3.22.2-x86_64.tar.gz / # buildkit", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY /app/target/release/rust_novuln_deprecated /app/rust_novuln_deprecated # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_deprecated_packages - 2] -Scanning local image tarball "./testdata/test-image-with-deprecated.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_go_binary - 1] -{ - "results": [ - { - "source": { - "path": "/go/bin/ptf-1.4.0", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "github.com/BurntSushi/toml", - "version": "1.4.0", - "ecosystem": "Go", - "image_origin_details": { - "index": 2 - } - } - }, - { - "package": { - "name": "stdlib", - "version": "1.22.4", - "ecosystem": "Go", - "image_origin_details": { - "index": 2 - } - }, - "groups": 29, - "vulnerabilities": [ - "GO-2024-2963", - "GO-2024-3105", - "GO-2024-3106", - "GO-2024-3107", - "GO-2025-3373", - "GO-2025-3420", - "GO-2025-3447", - "GO-2025-3563", - "GO-2025-3750", - "GO-2025-3751", - "GO-2025-3849", - "GO-2025-3956", - "GO-2025-4006", - "GO-2025-4007", - "GO-2025-4008", - "GO-2025-4009", - "GO-2025-4010", - "GO-2025-4011", - "GO-2025-4012", - "GO-2025-4013", - "GO-2025-4014", - "GO-2025-4015", - "GO-2025-4155", - "GO-2025-4175", - "GO-2026-4337", - "GO-2026-4340", - "GO-2026-4341", - "GO-2026-4342", - "GO-2026-4403" - ] - }, - { - "package": { - "name": "ptf", - "version": "(devel)", - "ecosystem": "Go", - "image_origin_details": { - "index": 2 - } - } - } - ] - }, - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "alpine-baselayout", - "os_package_name": "alpine-baselayout", - "version": "3.6.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "66187892e05b03a41d08e9acabd19b7576a1c875", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "alpine-baselayout", - "os_package_name": "alpine-baselayout-data", - "version": "3.6.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "66187892e05b03a41d08e9acabd19b7576a1c875", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "alpine-keys", - "os_package_name": "alpine-keys", - "version": "2.4-r1", - "ecosystem": "Alpine:v3.20", - "commit": "aab68f8c9ab434a46710de8e12fb3206e2930a59", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "apk-tools", - "os_package_name": "apk-tools", - "version": "2.14.4-r0", - "ecosystem": "Alpine:v3.20", - "commit": "d435c805af8af4171438da3ec3429c094aac4c6e", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox", - "version": "1.36.1-r29", - "ecosystem": "Alpine:v3.20", - "commit": "1747c01fb96905f101c25609011589d28e01cbb8", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox-binsh", - "version": "1.36.1-r29", - "ecosystem": "Alpine:v3.20", - "commit": "1747c01fb96905f101c25609011589d28e01cbb8", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "ca-certificates", - "os_package_name": "ca-certificates-bundle", - "version": "20240226-r0", - "ecosystem": "Alpine:v3.20", - "commit": "56fb003da0adcea3b59373ef6a633d0c5bfef3ac", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "openssl", - "os_package_name": "libcrypto3", - "version": "3.3.1-r0", - "ecosystem": "Alpine:v3.20", - "commit": "15cc530882e1e6f3dc8a77200ee8bd01cb98f53c", - "image_origin_details": { - "index": 0 - } - }, - "groups": 18, - "vulnerabilities": [ - "ALPINE-CVE-2024-12797", - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9231", - "ALPINE-CVE-2025-9232", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.3.1-r0", - "ecosystem": "Alpine:v3.20", - "commit": "15cc530882e1e6f3dc8a77200ee8bd01cb98f53c", - "image_origin_details": { - "index": 0 - } - }, - "groups": 18, - "vulnerabilities": [ - "ALPINE-CVE-2024-12797", - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9231", - "ALPINE-CVE-2025-9232", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "musl", - "os_package_name": "musl", - "version": "1.2.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "4fe5bdbe47b100daa6380f81c4c8ea3f99b61362", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2025-26519" - ] - }, - { - "package": { - "name": "musl", - "os_package_name": "musl-utils", - "version": "1.2.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "4fe5bdbe47b100daa6380f81c4c8ea3f99b61362", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2025-26519" - ] - }, - { - "package": { - "name": "pax-utils", - "os_package_name": "scanelf", - "version": "1.3.7-r2", - "ecosystem": "Alpine:v3.20", - "commit": "e65a4f2d0470e70d862ef2b5c412ecf2cb9ad0a6", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "busybox", - "os_package_name": "ssl_client", - "version": "1.36.1-r29", - "ecosystem": "Alpine:v3.20", - "commit": "1747c01fb96905f101c25609011589d28e01cbb8", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib", - "version": "1.3.1-r1", - "ecosystem": "Alpine:v3.20", - "commit": "fad2d175bd85eb4c5566765375392a7394dfbcf2", - "image_origin_details": { - "index": 0 - } - } - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Alpine Linux v3.20", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD file:33ebe56b967747a97dcec01bc2559962bee8823686c9739d26be060381bbb3ca in / ", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY /work/ptf-1.4.0 /go/bin/ # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_go_binary - 2] -Scanning local image tarball "./testdata/test-go-binary.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_detector_preset - 1] -{ - "results": [ - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "apk-tools", - "os_package_name": "apk-tools", - "version": "2.10.6-r0", - "ecosystem": "Alpine:v3.10", - "commit": "ee458ccae264321745e9622c759baf110130eb2f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2021-36159" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "experimental_generic_findings": [ - { - "Adv": { - "ID": { - "Publisher": "SCALIBR", - "Reference": "etc-shadow-weakcredentials" - }, - "Title": "Ensure all users have strong passwords configured", - "Description": "The /etc/shadow file contains user account password hashes. These passwords must be strong and not easily guessable.", - "Recommendation": "Run the following command to reset password for the reported users:/n# change password for USER: sudo passwd USER", - "Sev": 5 - }, - "Target": { - "Extra": "/etc/shadow: The following users have weak passwords:/nuser-bcrypt/n" - }, - "Plugins": [ - "weakcredentials/etcshadow" - ], - "ExploitabilitySignals": null - } - ], - "image_metadata": { - "os": "Alpine Linux v3.10", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / ", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-bcrypt:$2b$05$IYDlXvHmeORyyiUwu8KKuek2LE8VrxIYZ2skPvRDDNngpXJHRq7sG' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-descrypt:chERDiI95PGCQ' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_detector_preset - 2] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_specific_detector_enabled - 1] -{ - "results": [ - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "apk-tools", - "os_package_name": "apk-tools", - "version": "2.10.6-r0", - "ecosystem": "Alpine:v3.10", - "commit": "ee458ccae264321745e9622c759baf110130eb2f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2021-36159" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "experimental_generic_findings": [ - { - "Adv": { - "ID": { - "Publisher": "SCALIBR", - "Reference": "etc-shadow-weakcredentials" - }, - "Title": "Ensure all users have strong passwords configured", - "Description": "The /etc/shadow file contains user account password hashes. These passwords must be strong and not easily guessable.", - "Recommendation": "Run the following command to reset password for the reported users:/n# change password for USER: sudo passwd USER", - "Sev": 5 - }, - "Target": { - "Extra": "/etc/shadow: The following users have weak passwords:/nuser-bcrypt/n" - }, - "Plugins": [ - "weakcredentials/etcshadow" - ], - "ExploitabilitySignals": null - } - ], - "image_metadata": { - "os": "Alpine Linux v3.10", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / ", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-bcrypt:$2b$05$IYDlXvHmeORyyiUwu8KKuek2LE8VrxIYZ2skPvRDDNngpXJHRq7sG' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-descrypt:chERDiI95PGCQ' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_specific_detector_enabled - 2] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_node_modules_using_npm_with_some_packages - 1] -{ - "results": [ - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "busybox", - "os_package_name": "busybox", - "version": "1.36.1-r15", - "ecosystem": "Alpine:v3.19", - "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 6, - "vulnerabilities": [ - "ALPINE-CVE-2023-42363", - "ALPINE-CVE-2023-42364", - "ALPINE-CVE-2023-42365", - "ALPINE-CVE-2023-42366", - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox-binsh", - "version": "1.36.1-r15", - "ecosystem": "Alpine:v3.19", - "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 6, - "vulnerabilities": [ - "ALPINE-CVE-2023-42363", - "ALPINE-CVE-2023-42364", - "ALPINE-CVE-2023-42365", - "ALPINE-CVE-2023-42366", - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libcrypto3", - "version": "3.1.4-r5", - "ecosystem": "Alpine:v3.19", - "commit": "b784a22cad0c452586b438cb7a597d846fc09ff4", - "image_origin_details": { - "index": 0 - } - }, - "groups": 9, - "vulnerabilities": [ - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-2511", - "ALPINE-CVE-2024-4603", - "ALPINE-CVE-2024-4741", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9232" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.1.4-r5", - "ecosystem": "Alpine:v3.19", - "commit": "b784a22cad0c452586b438cb7a597d846fc09ff4", - "image_origin_details": { - "index": 0 - } - }, - "groups": 9, - "vulnerabilities": [ - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-2511", - "ALPINE-CVE-2024-4603", - "ALPINE-CVE-2024-4741", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9232" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "ssl_client", - "version": "1.36.1-r15", - "ecosystem": "Alpine:v3.19", - "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 6, - "vulnerabilities": [ - "ALPINE-CVE-2023-42363", - "ALPINE-CVE-2023-42364", - "ALPINE-CVE-2023-42365", - "ALPINE-CVE-2023-42366", - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - } - ] - }, - { - "source": { - "path": "/prod/app/node_modules/.package-lock.json", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "cryo", - "version": "0.0.6", - "ecosystem": "npm", - "image_origin_details": { - "index": 14 - } - }, - "groups": 1, - "vulnerabilities": [ - "GHSA-38f5-ghc2-fcmv" - ] - }, - { - "package": { - "name": "minimist", - "version": "0.0.8", - "ecosystem": "npm", - "image_origin_details": { - "index": 13 - } - }, - "groups": 1, - "vulnerabilities": [ - "GHSA-vh95-rmgr-6w4m", - "GHSA-xvch-5gv4-984h" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Alpine Linux v3.19", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD file:37a76ec18f988775...", - "is_empty": false, - "base_image_index": 4 - }, - { - "diff_id": "", - "command": "CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 3 - }, - { - "diff_id": "", - "command": "ENV NODE_VERSION=20.11.1", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "sha256:...", - "command": "RUN /0addgroup -g 1000 no...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV YARN_VERSION=1.22.19", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /0apk add --no-cache ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY file:4d192565a7220e1...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENTRYPOINT [/"docker-entry...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "CMD [/"node/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ARG MANAGER_VERSION=10.2.4", - "is_empty": true, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "WORKDIR /prod/app", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "library/node", - "tags": null - }, - { - "name": "ayan4m1/maven-node", - "tags": null - }, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_node_modules_using_npm_with_some_packages - 2] -Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_ubuntu_image - 1] -{ - "results": [ - { - "source": { - "path": "/var/lib/dpkg/status", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "coreutils", - "os_package_name": "coreutils", - "version": "8.32-4.1ubuntu1.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2016-2781", - "UBUNTU-CVE-2025-5278" - ] - }, - { - "package": { - "name": "dpkg", - "os_package_name": "dpkg", - "version": "1.21.1ubuntu2.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-7768-1", - "UBUNTU-CVE-2025-6297" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "gcc-12-base", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "gnupg2", - "os_package_name": "gpgv", - "version": "2.2.27-3ubuntu2.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7412-1", - "USN-7946-1", - "UBUNTU-CVE-2022-3219", - "UBUNTU-CVE-2025-30258", - "UBUNTU-CVE-2025-68972", - "UBUNTU-CVE-2025-68973", - "USN-7412-2" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc-bin", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc6", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" - ] - }, - { - "package": { - "name": "libcap2", - "os_package_name": "libcap2", - "version": "1:2.44-1ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-7287-1", - "UBUNTU-CVE-2025-1390" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libgcc-s1", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "libgcrypt20", - "os_package_name": "libgcrypt20", - "version": "1.9.4-3ubuntu3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2024-2236" - ] - }, - { - "package": { - "name": "gnutls28", - "os_package_name": "libgnutls30", - "version": "3.7.3-4ubuntu1.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7635-1", - "USN-7281-1", - "UBUNTU-CVE-2024-12243", - "UBUNTU-CVE-2025-14831", - "UBUNTU-CVE-2025-32988", - "UBUNTU-CVE-2025-32989", - "UBUNTU-CVE-2025-32990", - "UBUNTU-CVE-2025-6395", - "UBUNTU-CVE-2025-9820", - "UBUNTU-CVE-2026-1584" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libgssapi-krb5-2", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libk5crypto3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5-3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5support0", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "lz4", - "os_package_name": "liblz4-1", - "version": "1.9.3-2build2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-62813" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncurses6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncursesw6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules-bin", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-runtime", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam0g", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pcre2", - "os_package_name": "libpcre2-8-0", - "version": "10.39-3ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-41409" - ] - }, - { - "package": { - "name": "pcre3", - "os_package_name": "libpcre3", - "version": "2:8.39-13ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2017-11164" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.0.2-0ubuntu1.18", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7980-1", - "USN-7786-1", - "USN-7278-1", - "UBUNTU-CVE-2024-13176", - "UBUNTU-CVE-2024-41996", - "UBUNTU-CVE-2024-9143", - "UBUNTU-CVE-2025-15467", - "UBUNTU-CVE-2025-27587", - "UBUNTU-CVE-2025-68160", - "UBUNTU-CVE-2025-69418", - "UBUNTU-CVE-2025-69419", - "UBUNTU-CVE-2025-69420", - "UBUNTU-CVE-2025-69421", - "UBUNTU-CVE-2025-9230", - "UBUNTU-CVE-2026-22795", - "UBUNTU-CVE-2026-22796" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libstdc++6", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libsystemd0", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "libtasn1-6", - "os_package_name": "libtasn1-6", - "version": "4.18.0-4build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7954-1", - "USN-7275-1", - "UBUNTU-CVE-2021-46848", - "UBUNTU-CVE-2024-12133", - "UBUNTU-CVE-2025-13151" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libtinfo6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libudev1", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "libzstd", - "os_package_name": "libzstd1", - "version": "1.4.8+dfsg-3build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-4899" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "login", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-base", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-bin", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "passwd", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "perl", - "os_package_name": "perl-base", - "version": "5.34.0-3ubuntu1.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7434-1", - "USN-7678-1", - "UBUNTU-CVE-2023-31486", - "UBUNTU-CVE-2023-47039", - "UBUNTU-CVE-2024-56406", - "UBUNTU-CVE-2025-40909" - ] - }, - { - "package": { - "name": "tar", - "os_package_name": "tar", - "version": "1.34+dfsg-1ubuntu0.1.22.04.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-45582" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Ubuntu 22.04.5 LTS", - "layer_metadata": [ - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG RELEASE", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:1b6c8c9518be42fa2afe5e241ca31677fce58d27cdfa88baa91a65a259be3637 in / ", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/bash/"]", - "is_empty": true, - "base_image_index": 1 - } - ], - "base_images": [ - {}, - { - "name": "ubuntu", - "tags": null - }, - { - "name": "laurentsogeti/pod_showname_formation_ckad", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_ubuntu_image - 2] -Scanning local image tarball "./testdata/test-ubuntu.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/ubuntu_image_with_go_OS_packages_json - 1] -{ - "results": [ - { - "source": { - "path": "/usr/bin/fzf", - "type": "artifact" - }, - "experimental_pes": [ - { - "Plugin": "vex/os-duplicate/dpkg", - "Justification": 1, - "VulnIdentifiers": null, - "MatchesAllVulns": true - } - ], - "packages": [ - { - "package": { - "name": "stdlib", - "version": "1.18.1", - "ecosystem": "Go", - "image_origin_details": { - "index": 7 - } - }, - "groups": 81, - "vulnerabilities": [ - "GO-2022-0477", - "GO-2022-0493", - "GO-2022-0515", - "GO-2022-0520", - "GO-2022-0521", - "GO-2022-0522", - "GO-2022-0523", - "GO-2022-0524", - "GO-2022-0525", - "GO-2022-0526", - "GO-2022-0527", - "GO-2022-0531", - "GO-2022-0532", - "GO-2022-0533", - "GO-2022-0537", - "GO-2022-0969", - "GO-2022-1037", - "GO-2022-1038", - "GO-2022-1039", - "GO-2022-1095", - "GO-2022-1143", - "GO-2022-1144", - "GO-2023-1568", - "GO-2023-1569", - "GO-2023-1570", - "GO-2023-1571", - "GO-2023-1621", - "GO-2023-1702", - "GO-2023-1703", - "GO-2023-1704", - "GO-2023-1705", - "GO-2023-1751", - "GO-2023-1752", - "GO-2023-1753", - "GO-2023-1840", - "GO-2023-1878", - "GO-2023-1987", - "GO-2023-2041", - "GO-2023-2043", - "GO-2023-2102", - "GO-2023-2185", - "GO-2023-2186", - "GO-2023-2375", - "GO-2023-2382", - "GO-2024-2598", - "GO-2024-2599", - "GO-2024-2600", - "GO-2024-2609", - "GO-2024-2610", - "GO-2024-2687", - "GO-2024-2887", - "GO-2024-2888", - "GO-2024-2963", - "GO-2024-3105", - "GO-2024-3106", - "GO-2024-3107", - "GO-2025-3373", - "GO-2025-3420", - "GO-2025-3447", - "GO-2025-3563", - "GO-2025-3750", - "GO-2025-3751", - "GO-2025-3849", - "GO-2025-3956", - "GO-2025-4006", - "GO-2025-4007", - "GO-2025-4008", - "GO-2025-4009", - "GO-2025-4010", - "GO-2025-4011", - "GO-2025-4012", - "GO-2025-4013", - "GO-2025-4014", - "GO-2025-4015", - "GO-2025-4155", - "GO-2025-4175", - "GO-2026-4337", - "GO-2026-4340", - "GO-2026-4341", - "GO-2026-4342", - "GO-2026-4403" - ] - } - ] - }, - { - "source": { - "path": "/var/lib/dpkg/status", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "coreutils", - "os_package_name": "coreutils", - "version": "8.32-4.1ubuntu1.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2016-2781", - "UBUNTU-CVE-2025-5278" - ] - }, - { - "package": { - "name": "dpkg", - "os_package_name": "dpkg", - "version": "1.21.1ubuntu2.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-7768-1", - "UBUNTU-CVE-2025-6297" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "gcc-12-base", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "gnupg2", - "os_package_name": "gpgv", - "version": "2.2.27-3ubuntu2.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7412-1", - "USN-7946-1", - "UBUNTU-CVE-2022-3219", - "UBUNTU-CVE-2025-30258", - "UBUNTU-CVE-2025-68972", - "UBUNTU-CVE-2025-68973", - "USN-7412-2" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc-bin", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc6", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" - ] - }, - { - "package": { - "name": "libcap2", - "os_package_name": "libcap2", - "version": "1:2.44-1ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-7287-1", - "UBUNTU-CVE-2025-1390" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libgcc-s1", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "libgcrypt20", - "os_package_name": "libgcrypt20", - "version": "1.9.4-3ubuntu3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2024-2236" - ] - }, - { - "package": { - "name": "gnutls28", - "os_package_name": "libgnutls30", - "version": "3.7.3-4ubuntu1.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7635-1", - "USN-7281-1", - "UBUNTU-CVE-2024-12243", - "UBUNTU-CVE-2025-14831", - "UBUNTU-CVE-2025-32988", - "UBUNTU-CVE-2025-32989", - "UBUNTU-CVE-2025-32990", - "UBUNTU-CVE-2025-6395", - "UBUNTU-CVE-2025-9820", - "UBUNTU-CVE-2026-1584" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libgssapi-krb5-2", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libk5crypto3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5-3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5support0", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "lz4", - "os_package_name": "liblz4-1", - "version": "1.9.3-2build2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-62813" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncurses6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncursesw6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules-bin", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-runtime", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam0g", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pcre2", - "os_package_name": "libpcre2-8-0", - "version": "10.39-3ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-41409" - ] - }, - { - "package": { - "name": "pcre3", - "os_package_name": "libpcre3", - "version": "2:8.39-13ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2017-11164" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.0.2-0ubuntu1.18", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7980-1", - "USN-7786-1", - "USN-7278-1", - "UBUNTU-CVE-2024-13176", - "UBUNTU-CVE-2024-41996", - "UBUNTU-CVE-2024-9143", - "UBUNTU-CVE-2025-15467", - "UBUNTU-CVE-2025-27587", - "UBUNTU-CVE-2025-68160", - "UBUNTU-CVE-2025-69418", - "UBUNTU-CVE-2025-69419", - "UBUNTU-CVE-2025-69420", - "UBUNTU-CVE-2025-69421", - "UBUNTU-CVE-2025-9230", - "UBUNTU-CVE-2026-22795", - "UBUNTU-CVE-2026-22796" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libstdc++6", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libsystemd0", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "libtasn1-6", - "os_package_name": "libtasn1-6", - "version": "4.18.0-4build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7954-1", - "USN-7275-1", - "UBUNTU-CVE-2021-46848", - "UBUNTU-CVE-2024-12133", - "UBUNTU-CVE-2025-13151" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libtinfo6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libudev1", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "libzstd", - "os_package_name": "libzstd1", - "version": "1.4.8+dfsg-3build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-4899" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "login", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-base", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-bin", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "passwd", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "perl", - "os_package_name": "perl-base", - "version": "5.34.0-3ubuntu1.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7434-1", - "USN-7678-1", - "UBUNTU-CVE-2023-31486", - "UBUNTU-CVE-2023-47039", - "UBUNTU-CVE-2024-56406", - "UBUNTU-CVE-2025-40909" - ] - }, - { - "package": { - "name": "tar", - "os_package_name": "tar", - "version": "1.34+dfsg-1ubuntu0.1.22.04.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-45582" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Ubuntu 22.04.5 LTS", - "layer_metadata": [ - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG RELEASE", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:1b6c8c9518be42fa2afe5e241ca31677fce58d27cdfa88baa91a65a259be3637 in / ", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/bash/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY ./sample-pkgs/fzf_0.29.0-1ubuntu0.1_amd64.deb /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb # buildkit", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c dpkg -i /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb /u0026/u0026 rm /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "ubuntu", - "tags": null - }, - { - "name": "laurentsogeti/pod_showname_formation_ckad", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/ubuntu_image_with_go_OS_packages_json - 2] -Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" - ---- diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 0d774aa6991..ecdbfc40dee 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -611,7 +611,7 @@ No issues found } ], "published": "2021-06-29T03:13:28Z", - "updated": "2026-03-10T23:45:30Z", + "updated": "2026-03-13T22:01:08Z", "credits": { "organizations": [] }, @@ -697,7 +697,7 @@ Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found } ], "published": "2021-06-29T03:13:28Z", - "updated": "2026-03-10T23:45:30Z", + "updated": "2026-03-13T22:01:08Z", "credits": { "organizations": [] }, @@ -1811,7 +1811,7 @@ Scanned /testdata/locks-git/osv-scanner.json file and found 11 packages Loaded GIT local db from /osv-scanner/GIT/all.zip Skipping commit scanning for: 45fda76bc1b9fd74d10e85e0ce9b65a12dcc58b0 -Total 8 packages affected by 28 known vulnerabilities (5 Critical, 6 High, 11 Medium, 0 Low, 6 Unknown) from 1 ecosystem. +Total 8 packages affected by 28 known vulnerabilities (5 Critical, 5 High, 11 Medium, 0 Low, 7 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------+----------------------------+---------------+-------------------------------------+ @@ -1836,12 +1836,12 @@ Total 8 packages affected by 28 known vulnerabilities (5 Critical, 6 High, 11 Me | https://osv.dev/CVE-2025-69418 | 4.0 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-69419 | 7.4 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-69420 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2025-69421 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9231 | 6.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-22795 | 5.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-22796 | 5.3 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | +| https://osv.dev/CVE-2026-2673 | | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2016-10931 | 8.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2018-20997 | 9.8 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json | @@ -4343,7 +4343,7 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 21 packages affected by 167 known vulnerabilities (18 Critical, 69 High, 53 Medium, 3 Low, 24 Unknown) from 2 ecosystems. +Total 21 packages affected by 168 known vulnerabilities (18 Critical, 69 High, 53 Medium, 3 Low, 25 Unknown) from 2 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -4494,6 +4494,7 @@ Total 21 packages affected by 167 known vulnerabilities (18 Critical, 69 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4560,7 +4561,7 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 21 packages affected by 167 known vulnerabilities (18 Critical, 69 High, 53 Medium, 3 Low, 24 Unknown) from 2 ecosystems. +Total 21 packages affected by 168 known vulnerabilities (18 Critical, 69 High, 53 Medium, 3 Low, 25 Unknown) from 2 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -4711,6 +4712,7 @@ Total 21 packages affected by 167 known vulnerabilities (18 Critical, 69 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | diff --git a/pkg/osvscanner/__snapshots__/osvscanner_test.snap b/pkg/osvscanner/__snapshots__/osvscanner_test.snap index f72f805a989..8e3a00fd192 100755 --- a/pkg/osvscanner/__snapshots__/osvscanner_test.snap +++ b/pkg/osvscanner/__snapshots__/osvscanner_test.snap @@ -36,6 +36,16 @@ }, "ranges": [ { + "database_specific": { + "versions": [ + { + "introduced": "0" + }, + { + "last_affected": "1.2.4" + } + ] + }, "events": [ { "introduced": "0" @@ -66,7 +76,7 @@ ], "details": "cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.", "id": "CVE-2025-63675", - "modified": "2025-12-11T11:54:27.991298Z", + "modified": "2026-03-14T12:45:39.021698Z", "published": "2025-10-31T07:15:38.283Z", "references": [ { @@ -78,7 +88,7 @@ "url": "https://github.com/javiermorales36/cryptidy-analysis" } ], - "schema_version": "1.7.3", + "schema_version": "1.7.5", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", From b9ff76e52cc9f3772ce848f5b4d6526243ca0ae6 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 05:34:30 +0000 Subject: [PATCH 6/8] test: update snapshots for acceptance tests Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .github/workflows/dependencies.yml | 1 - CHANGELOG.md | 16 - cmd/osv-scanner/__snapshots__/main_test.snap | 7 +- .../scan/__snapshots__/command_test.snap | 3 - .../image/__snapshots__/command_test.snap | 4691 +--------------- .../cassettes/TestCommand_Docker.yaml | 12 +- ...mmand_ExplicitExtractors_WithDefaults.yaml | 22 +- ...nd_ExplicitExtractors_WithoutDefaults.yaml | 14 +- .../cassettes/TestCommand_HtmlFile.yaml | 256 +- .../cassettes/TestCommand_OCIImage.yaml | 1972 +++---- .../TestCommand_OCIImage_JSONFormat.yaml | 704 +-- .../source/__snapshots__/command_test.snap | 346 +- .../testdata/cassettes/TestCommand.yaml | 958 ++-- .../cassettes/TestCommand_CommitSupport.yaml | 120 +- .../TestCommand_Config_UnusedIgnores.yaml | 858 ++- .../cassettes/TestCommand_GithubActions.yaml | 124 +- .../TestCommand_JavareachArchive.yaml | 508 +- .../cassettes/TestCommand_Licenses.yaml | 2 +- ...stCommand_LockfileWithExplicitParseAs.yaml | 6 +- .../cassettes/TestCommand_MoreLockfiles.yaml | 8 +- .../cassettes/TestCommand_Transitive.yaml | 4819 +++++++++++++++-- docs/github-action.md | 12 +- go.mod | 2 +- go.sum | 4 +- internal/imodels/imodels.go | 62 +- internal/output/__snapshots__/sarif_test.snap | 104 +- internal/spdx/licenses.go | 2 - internal/version/version.go | 2 +- pkg/osvscanner/osvscanner.go | 10 +- pkg/osvscanner/scan.go | 36 +- 30 files changed, 6978 insertions(+), 8703 deletions(-) diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index ef069fe3d39..a782c468401 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -37,7 +37,6 @@ jobs: - run: go test ./cmd/osv-scanner/ -run 'Test_run$' || true env: TEST_ACCEPTANCE: true - TEST_VCR_MODE: replaywithnewepisodes UPDATE_SNAPS: always - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index a3bd9dd44db..ab4b3ef2fe3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,19 +1,3 @@ -# v2.3.4 - -### Features: - -- [Feature #2571](https://github.com/google/osv-scanner/pull/2571) Enable transitive scanning for Python requirements.txt files using the deps.dev API. - -### Fixes: - -- [Bug #2630](https://github.com/google/osv-scanner/pull/2630) Improve startup performance on Windows Terminal by updating lipgloss. -- [Bug #2599](https://github.com/google/osv-scanner/pull/2599) Ensure the package deprecation enricher respects the same configuration as other plugins. -- [Bug #2600](https://github.com/google/osv-scanner/pull/2600) Ensure the Java extractor plugin for call analysis respects the same configuration as other plugins. - -### Misc: - -- Update osv-scalibr from v0.4.2 to v0.4.5. Release notes: [v0.4.3](https://github.com/google/osv-scalibr/releases/tag/v0.4.3), [v0.4.4](https://github.com/google/osv-scalibr/releases/tag/v0.4.4), [v0.4.5](https://github.com/google/osv-scalibr/releases/tag/v0.4.5). - # v2.3.3 ### Features: diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 2e3d448bb4d..c363a56c7df 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -46,8 +46,8 @@ OPTIONS: --- [Test_run/version - 1] -osv-scanner version: 2.3.4 -osv-scalibr version: 0.4.5 +osv-scanner version: 2.3.3 +osv-scalibr version: 0.4.4 commit: n/a built at: n/a @@ -61,7 +61,6 @@ built at: n/a Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -74,7 +73,6 @@ Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the [Test_run_SubCommands/with_no_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -86,7 +84,6 @@ No issues found [Test_run_SubCommands/with_scan_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- diff --git a/cmd/osv-scanner/scan/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/__snapshots__/command_test.snap index 4852e3fe970..9d2b3632c4e 100755 --- a/cmd/osv-scanner/scan/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/__snapshots__/command_test.snap @@ -3,7 +3,6 @@ Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -38,7 +37,6 @@ OPTIONS: [TestCommand_SubCommands/with_no_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -50,7 +48,6 @@ No issues found [TestCommand_SubCommands/with_scan_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index fc0f7dff4a7..0a8d50cda19 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -113,136 +113,50 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 2 packages affected by 4 known vulnerabilities (3 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 2 ecosystems. -1 vulnerability can be fixed. - - -Alpine -+------------------------------------------------------------------------------------------------+ -| Source:sbom:/data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -+---------+-------------------+------------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+------------------+------------+------------------+---------------+ -| zlib | 1.2.12-r1 | No fix available | 3 | # 2 Layer | -- | -+---------+-------------------+------------------+------------+------------------+---------------+ -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/add_extractors - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out#01 - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out#01 - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" -Total 1 package affected by 3 known vulnerabilities (2 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - -+---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ -| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | -+---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ -| https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -+---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ - --- [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 2] +failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- @@ -275,269 +189,7 @@ at least one extractor must be enabled [TestCommand_HtmlFile - 1] Scanning local image tarball "./testdata/test-alpine.tar" -HTML output available at: /report.html - ---- - -[TestCommand_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 1] -Scanning local image tarball "./testdata/test-alpine.tar" - - -Container Scanning Result (Alpine Linux v3.18) (Based on "alpine" image): -Total 5 packages affected by 65 known vulnerabilities (6 Critical, 33 High, 26 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -65 vulnerabilities can be fixed. - - -Alpine:v3.18 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 2 | apk-tools | # 3 Layer | -- | -| busybox | 1.30.1-r5 | Fix Available | 19 | busybox, ssl_client | # 3 Layer | -- | -| musl | 1.1.22-r4 | Fix Available | 3 | musl, musl-utils | # 3 Layer | -- | -| openssl | 1.1.1k-r0 | Fix Available | 39 | libcrypto1.1... (2) | # 3 Layer | -- | -| zlib | 1.2.11-r1 | Fix Available | 2 | zlib | # 3 Layer | -- | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_no_vulns_shown - 1] -Scanning local image tarball "./testdata/test-ubuntu-20-04.tar" -Package Ubuntu:20.04/util-linux/1:2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/coreutils/8.30-3ubuntu2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/dpkg/1.19.7ubuntu3.2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnupg2/2.2.19-3ubuntu2.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pcre2/10.34-7ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libtasn1-6/4.16.0-2ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns -Filtered 38 ignored package/s from the scan. - - -Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - - - -Hiding 1 number of vulnerabilities deemed unimportant, use --all-vulns to show them. -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_no_vulns_shown - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_only_unimportant_vulns_shown - 1] -Scanning local image tarball "./testdata/test-ubuntu-20-04.tar" -Package Ubuntu:20.04/util-linux/1:2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/coreutils/8.30-3ubuntu2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/dpkg/1.19.7ubuntu3.2 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnupg2/2.2.19-3ubuntu2.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/pcre2/10.34-7ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/libtasn1-6/4.16.0-2ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns -Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns -Filtered 38 ignored package/s from the scan. - - -Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - - - -Filtered Vulnerabilities: -+---------+--------------+--------------------+---------------------+----------------+ -| PACKAGE | ECOSYSTEM | INSTALLED VERSION | FILTERED VULN COUNT | FILTER REASONS | -+---------+--------------+--------------------+---------------------+----------------+ -| pcre3 | Ubuntu:20.04 | 2:8.39-12ubuntu0.1 | 1 | Unimportant | -+---------+--------------+--------------------+---------------------+----------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_only_unimportant_vulns_shown - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar - 1] -Scanning local image tarball "./testdata/test-ubuntu.tar" - - -Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 47 known vulnerabilities (3 Critical, 14 High, 25 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. - - -Ubuntu:22.04 -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | -| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 4 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | -| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | -| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | -| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | -| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | -| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | -| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | -| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ - -Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar - 2] - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar_with_unimportant_vulns - 1] -Scanning local image tarball "./testdata/test-ubuntu.tar" - - -Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 47 known vulnerabilities (3 Critical, 14 High, 25 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. - - -Ubuntu:22.04 -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | -| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 4 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | -| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | -| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | -| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | -| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | -| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | -| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | -| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ - -Filtered Vulnerabilities: -+---------+--------------+--------------------------+---------------------+----------------+ -| PACKAGE | ECOSYSTEM | INSTALLED VERSION | FILTERED VULN COUNT | FILTER REASONS | -+---------+--------------+--------------------------+---------------------+----------------+ -| glibc | Ubuntu:22.04 | 2.35-0ubuntu3.8 | 1 | Unimportant | -| krb5 | Ubuntu:22.04 | 1.19.2-2ubuntu0.4 | 2 | Unimportant | -| pcre3 | Ubuntu:22.04 | 2:8.39-13ubuntu0.22.04.1 | 1 | Unimportant | -| perl | Ubuntu:22.04 | 5.34.0-3ubuntu1.3 | 1 | Unimportant | -+---------+--------------+--------------------------+---------------------+----------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar_with_unimportant_vulns - 2] +failed to load image from tarball with path "./testdata/test-alpine.tar": open ./testdata/test-alpine.tar: no such file or directory --- @@ -550,4334 +202,3 @@ Scanning local image tarball "../../testdata/locks-manyoci-image/no-file-here.ta failed to load image from tarball with path "../../testdata/locks-manyoci-image/no-file-here.tar": open ../../testdata/locks-manyoci-image/no-file-here.tar: no such file or directory --- - -[TestCommand_OCIImage/Scanning_Ubuntu_image_with_go_OS_packages_json - 1] -Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" - - -Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 47 known vulnerabilities (3 Critical, 14 High, 25 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. - - -Ubuntu:22.04 -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ -| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | -| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 4 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | -| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | -| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | -| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | -| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | -| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | -| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | -| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | -+----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ - -Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_Ubuntu_image_with_go_OS_packages_json - 2] - ---- - -[TestCommand_OCIImage/Scanning_java_image_with_some_packages - 1] -Scanning local image tarball "./testdata/test-java-full.tar" - - -Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 25 packages affected by 71 known vulnerabilities (4 Critical, 29 High, 33 Medium, 4 Low, 1 Unknown) from 2 ecosystems. -71 vulnerabilities can be fixed. - - -Maven -+-------------------------------------------------------------------------------------------------------------------------------+ -| Source:artifact:/app/target.jar | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 3 | # 12 Layer | -- | -| com.google.protobuf:protobuf-java | 3.21.12 | Fix Available | 1 | # 12 Layer | -- | -| com.nimbusds:nimbus-jose-jwt | 9.31 | Fix Available | 2 | # 12 Layer | -- | -| commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | -| dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- | -| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | -| io.netty:netty-handler | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| org.apache.avro:avro | 1.9.2 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | -| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 2 | # 12 Layer | -- | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -Alpine:v3.21 -+-----------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ -| busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | -| expat | 2.6.4-r0 | Fix Available | 4 | libexpat | # 5 Layer | eclipse-temurin | -| gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | -| gnutls | 3.8.8-r0 | Fix Available | 7 | gnutls | # 5 Layer | eclipse-temurin | -| libpng | 1.6.44-r0 | Fix Available | 8 | libpng | # 5 Layer | eclipse-temurin | -| libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | -| musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.3.2-r4 | Fix Available | 15 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | -| sqlite | 3.47.1-r0 | Fix Available | 4 | sqlite-libs | # 5 Layer | eclipse-temurin | -+----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_java_image_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_no_packages - 1] -Scanning local image tarball "./testdata/test-python-empty.tar" - - -Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 15 packages affected by 27 known vulnerabilities (0 Critical, 7 High, 4 Medium, 2 Low, 14 Unknown) from 2 ecosystems. -27 vulnerabilities can be fixed. - - -PyPI -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 7 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 7 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 13 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| wheel | 0.40.0 | Fix Available | 1 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -Debian:10 -+-----------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| debian-archive-keyring | 2019.1+deb10u1 | Fix Available | 1 | debian-archive-keyri... (1) | # 0 Layer | debian | -| expat | 2.2.6-2+deb10u6 | Fix Available | 1 | libexpat1 | # 7 Layer | python | -| glibc | 2.28-10+deb10u2 | Fix Available | 2 | libc-bin, libc6 | # 0 Layer | debian | -| gnutls28 | 3.6.7-4+deb10u10 | Fix Available | 2 | libgnutls30 | # 0 Layer | debian | -| ncurses | 6.1+20181013-2+deb10u3 | Fix Available | 2 | libncursesw6... (4) | # 0 Layer | debian | -| openssl | 1.1.1n-0+deb10u5 | Fix Available | 1 | libssl1.1, openssl | # 4 Layer | python | -| systemd | 241-7~deb10u9 | Fix Available | 1 | libsystemd0... (2) | # 0 Layer | debian | -| tar | 1.30+dfsg-6 | Fix Available | 1 | tar | # 0 Layer | debian | -| tzdata | 2021a-0+deb10u11 | Fix Available | 2 | tzdata | # 0 Layer | debian | -| util-linux | 2.33.1-0.1 | Fix Available | 1 | fdisk, libblkid1... (8) | # 0 Layer | debian | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_some_packages - 1] -Scanning local image tarball "./testdata/test-python-full.tar" - - -Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 21 packages affected by 53 known vulnerabilities (1 Critical, 18 High, 16 Medium, 3 Low, 15 Unknown) from 2 ecosystems. -53 vulnerabilities can be fixed. - - -PyPI -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 7 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 7 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/Django-1.11.29.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| django | 1.11.29 | Fix Available | 7 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/Flask-0.12.2.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| flask | 0.12.2 | Fix Available | 4 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| idna | 2.7 | Fix Available | 1 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| pip | 23.0.1 | Fix Available | 3 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -+----------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/requests-2.20.0.dist-info/METADATA | -+----------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+----------+-------------------+---------------+------------+------------------+---------------+ -| requests | 2.20.0 | Fix Available | 3 | # 17 Layer | -- | -+----------+-------------------+---------------+------------+------------------+---------------+ -+------------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | -+------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+------------+-------------------+---------------+------------+------------------+---------------+ -| setuptools | 58.1.0 | Fix Available | 3 | # 13 Layer | python | -+------------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/urllib3-1.24.3.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| urllib3 | 1.24.3 | Fix Available | 9 | # 17 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+----------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA | -+----------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+----------+-------------------+---------------+------------+------------------+---------------+ -| werkzeug | 3.1.4 | Fix Available | 2 | # 17 Layer | -- | -+----------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| wheel | 0.40.0 | Fix Available | 1 | # 13 Layer | python | -+---------+-------------------+---------------+------------+------------------+---------------+ -Debian:10 -+-----------------------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/var/lib/dpkg/status | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ -| debian-archive-keyring | 2019.1+deb10u1 | Fix Available | 1 | debian-archive-keyri... (1) | # 0 Layer | debian | -| expat | 2.2.6-2+deb10u6 | Fix Available | 1 | libexpat1 | # 7 Layer | python | -| glibc | 2.28-10+deb10u2 | Fix Available | 2 | libc-bin, libc6 | # 0 Layer | debian | -| gnutls28 | 3.6.7-4+deb10u10 | Fix Available | 2 | libgnutls30 | # 0 Layer | debian | -| ncurses | 6.1+20181013-2+deb10u3 | Fix Available | 2 | libncursesw6... (4) | # 0 Layer | debian | -| openssl | 1.1.1n-0+deb10u5 | Fix Available | 1 | libssl1.1, openssl | # 4 Layer | python | -| systemd | 241-7~deb10u9 | Fix Available | 1 | libsystemd0... (2) | # 0 Layer | debian | -| tar | 1.30+dfsg-6 | Fix Available | 1 | tar | # 0 Layer | debian | -| tzdata | 2021a-0+deb10u11 | Fix Available | 2 | tzdata | # 0 Layer | debian | -| util-linux | 2.33.1-0.1 | Fix Available | 1 | fdisk, libblkid1... (8) | # 0 Layer | debian | -+------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/Scanning_python_image_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_image_with_go_binary - 1] -Scanning local image tarball "./testdata/test-package-tracing.tar" - - -Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image): -Total 9 packages affected by 213 known vulnerabilities (2 Critical, 6 High, 11 Medium, 2 Low, 192 Unknown) from 2 ecosystems. -213 vulnerabilities can be fixed. - - -Go -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/more-vuln-overwrite-less-vuln | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 9 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.2.0 | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 2 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.3.0 | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 4 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.3.0-moved | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 3 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-1.4.0 | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 2 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -+---------------------------------------------------------------------------------------------+ -| Source:artifact:/go/bin/ptf-vulnerable | -+---------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 7 Layer | -- | -+---------+-------------------+---------------+------------+------------------+---------------+ -Alpine:v3.20 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r29 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | -| musl | 1.2.5-r0 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.3.1-r0 | Fix Available | 18 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_image_with_go_binary - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_detector_preset - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_detector_preset - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_disabled - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_disabled - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_enabled - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_enabled - 2] - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_without_detectors - 1] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - - -Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -1 vulnerability can be fixed. - - -Alpine:v3.10 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_insecure_alpine_image_without_detectors - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_no_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-npm-empty.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_some_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 4 packages affected by 18 known vulnerabilities (3 Critical, 3 High, 10 Medium, 2 Low, 0 Unknown) from 2 ecosystems. -17 vulnerabilities can be fixed. - - -npm -+-------------------------------------------------------------------------------------------------+ -| Source:artifact:/prod/app/node_modules/.package-lock.json | -+----------+-------------------+------------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+----------+-------------------+------------------+------------+------------------+---------------+ -| cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | -| minimist | 0.0.8 | Fix Available | 2 | # 13 Layer | -- | -+----------+-------------------+------------------+------------+------------------+---------------+ -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_npm_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-pnpm-empty.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-pnpm-full.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-yarn-empty.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 2] - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 1] -Scanning local image tarball "./testdata/test-node_modules-yarn-full.tar" - - -Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -15 vulnerabilities can be fixed. - - -Alpine:v3.19 -+------------------------------------------------------------------------------------------------------------------------------+ -| Source:os:/lib/apk/db/installed | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ -| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | -| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | -+----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. -You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. - ---- - -[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 2] - ---- - -[TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 1] -{ - "results": [ - { - "source": { - "path": "/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "pip", - "version": "23.0.1", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 7 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2023-228", - "GHSA-4xh5-x5gv-qwph", - "GHSA-6vgw-5pg2-w6jp", - "GHSA-mq26-g339-26xf" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "setuptools", - "version": "58.1.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 7 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2022-43012", - "PYSEC-2025-49", - "GHSA-5rjg-fvgr-3xxf", - "GHSA-cx63-2mw6-8hw5", - "GHSA-r9hx-vwmv-q579" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/Django-1.11.29.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "django", - "version": "1.11.29", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 7, - "vulnerabilities": [ - "PYSEC-2021-98", - "GHSA-68w8-qjq3-2gfm", - "GHSA-6w2r-r2m5-xq5w", - "GHSA-7xr5-9hcq-chf9", - "GHSA-8x94-hmjh-97hq", - "GHSA-frmv-pr5f-9mcr", - "GHSA-qw25-v68c-qjf3", - "GHSA-rrqc-c2jx-6jgv" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/Flask-0.12.2.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "flask", - "version": "0.12.2", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 4, - "vulnerabilities": [ - "PYSEC-2018-66", - "PYSEC-2019-179", - "PYSEC-2023-62", - "GHSA-562c-5r94-xh97", - "GHSA-5wv5-4vpf-pj6m", - "GHSA-68rp-wp8r-4726", - "GHSA-m2qf-hxjv-5gpq" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "idna", - "version": "2.7", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 1, - "vulnerabilities": [ - "PYSEC-2024-60", - "GHSA-jjg7-2v4v-x38h" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "pip", - "version": "23.0.1", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 13 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2023-228", - "GHSA-4xh5-x5gv-qwph", - "GHSA-6vgw-5pg2-w6jp", - "GHSA-mq26-g339-26xf" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/requests-2.20.0.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "requests", - "version": "2.20.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2023-74", - "GHSA-9hjg-9r4m-mvj7", - "GHSA-9wx4-h78v-vm56", - "GHSA-j8r2-6x86-q33q" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "setuptools", - "version": "58.1.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 13 - } - }, - "groups": 3, - "vulnerabilities": [ - "PYSEC-2022-43012", - "PYSEC-2025-49", - "GHSA-5rjg-fvgr-3xxf", - "GHSA-cx63-2mw6-8hw5", - "GHSA-r9hx-vwmv-q579" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/urllib3-1.24.3.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "urllib3", - "version": "1.24.3", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 9, - "vulnerabilities": [ - "PYSEC-2020-148", - "PYSEC-2021-108", - "PYSEC-2023-192", - "PYSEC-2023-212", - "GHSA-2xpw-w6gg-jr37", - "GHSA-34jh-p97f-mpxf", - "GHSA-38jv-5279-wg99", - "GHSA-g4mx-q9vg-27p4", - "GHSA-gm62-xv2j-4w53", - "GHSA-pq67-6m6q-mj2v", - "GHSA-v845-jxx5-vc9f", - "GHSA-wqvq-5m8c-6g24" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "werkzeug", - "version": "3.1.4", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 17 - } - }, - "groups": 2, - "vulnerabilities": [ - "GHSA-29vq-49wr-vm6x", - "GHSA-87hc-h4r5-73f7" - ] - } - ] - }, - { - "source": { - "path": "/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "wheel", - "version": "0.40.0", - "ecosystem": "PyPI", - "image_origin_details": { - "index": 13 - } - }, - "groups": 1, - "vulnerabilities": [ - "GHSA-8rrh-rw8j-w5fx" - ] - } - ] - }, - { - "source": { - "path": "/var/lib/dpkg/status", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "debian-archive-keyring", - "os_package_name": "debian-archive-keyring", - "version": "2019.1+deb10u1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3482-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "fdisk", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libblkid1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc-bin", - "version": "2.28-10+deb10u2", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3850-1", - "DLA-3807-1" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc6", - "version": "2.28-10+deb10u2", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3850-1", - "DLA-3807-1" - ] - }, - { - "package": { - "name": "expat", - "os_package_name": "libexpat1", - "version": "2.2.6-2+deb10u6", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 7 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3783-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libfdisk1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "gnutls28", - "os_package_name": "libgnutls30", - "version": "3.6.7-4+deb10u10", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3660-1", - "DLA-3740-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libmount1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncursesw6", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libsmartcols1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl1.1", - "version": "1.1.1n-0+deb10u5", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3530-1" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libsystemd0", - "version": "241-7~deb10u9", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3474-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libtinfo6", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libudev1", - "version": "241-7~deb10u9", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3474-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libuuid1", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "mount", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-base", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-bin", - "version": "6.1+20181013-2+deb10u3", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3682-1", - "DLA-3586-1" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "openssl", - "version": "1.1.1n-0+deb10u5", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3530-1" - ] - }, - { - "package": { - "name": "tar", - "os_package_name": "tar", - "version": "1.30+dfsg-6", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3755-1" - ] - }, - { - "package": { - "name": "tzdata", - "os_package_name": "tzdata", - "version": "2021a-0+deb10u11", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "DLA-3684-1", - "DLA-3788-1" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "util-linux", - "version": "2.33.1-0.1", - "ecosystem": "Debian:10", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "DLA-3782-1" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Debian GNU/Linux 10 (buster)", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD file:2818e508d01da218...", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "CMD [/"bash/"]", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "ENV PATH=/usr/local/bin:/...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV LANG=C.UTF-8", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV GPG_KEY=E3FF2839C048B...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_VERSION=3.9.17", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_PIP_VERSION=23...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_SETUPTOOLS_VER...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_GET_PIP_URL=ht...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV PYTHON_GET_PIP_SHA256...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c set -eux; ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "CMD [/"python3/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "WORKDIR /app", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "COPY ./python-fixture/req...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c pip instal...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "COPY python-fixture/main....", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "", - "command": "CMD [/"python/" /"main.py/"]", - "is_empty": true, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "python", - "tags": null - }, - { - "name": "debian", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 2] -Scanning local image tarball "./testdata/test-python-full.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_deprecated_packages - 1] -{ - "results": [ - { - "source": { - "path": "/app/rust_novuln_deprecated", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "url", - "version": "2.5.3", - "ecosystem": "crates.io", - "deprecated": true, - "image_origin_details": { - "index": 2 - } - } - } - ] - }, - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "busybox", - "os_package_name": "busybox", - "version": "1.37.0-r19", - "ecosystem": "Alpine:v3.22", - "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox-binsh", - "version": "1.37.0-r19", - "ecosystem": "Alpine:v3.22", - "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libcrypto3", - "version": "3.5.4-r0", - "ecosystem": "Alpine:v3.22", - "commit": "8f330e62bd41c2ac23dbd866fea36fb8e22f8422", - "image_origin_details": { - "index": 0 - } - }, - "groups": 12, - "vulnerabilities": [ - "ALPINE-CVE-2025-11187", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-15469", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.5.4-r0", - "ecosystem": "Alpine:v3.22", - "commit": "8f330e62bd41c2ac23dbd866fea36fb8e22f8422", - "image_origin_details": { - "index": 0 - } - }, - "groups": 12, - "vulnerabilities": [ - "ALPINE-CVE-2025-11187", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-15469", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "ssl_client", - "version": "1.37.0-r19", - "ecosystem": "Alpine:v3.22", - "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Alpine Linux v3.22", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD alpine-minirootfs-3.22.2-x86_64.tar.gz / # buildkit", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY /app/target/release/rust_novuln_deprecated /app/rust_novuln_deprecated # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_deprecated_packages - 2] -Scanning local image tarball "./testdata/test-image-with-deprecated.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_go_binary - 1] -{ - "results": [ - { - "source": { - "path": "/go/bin/ptf-1.4.0", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "github.com/BurntSushi/toml", - "version": "1.4.0", - "ecosystem": "Go", - "image_origin_details": { - "index": 2 - } - } - }, - { - "package": { - "name": "stdlib", - "version": "1.22.4", - "ecosystem": "Go", - "image_origin_details": { - "index": 2 - } - }, - "groups": 32, - "vulnerabilities": [ - "GO-2024-2963", - "GO-2024-3105", - "GO-2024-3106", - "GO-2024-3107", - "GO-2025-3373", - "GO-2025-3420", - "GO-2025-3447", - "GO-2025-3563", - "GO-2025-3750", - "GO-2025-3751", - "GO-2025-3849", - "GO-2025-3956", - "GO-2025-4006", - "GO-2025-4007", - "GO-2025-4008", - "GO-2025-4009", - "GO-2025-4010", - "GO-2025-4011", - "GO-2025-4012", - "GO-2025-4013", - "GO-2025-4014", - "GO-2025-4015", - "GO-2025-4155", - "GO-2025-4175", - "GO-2026-4337", - "GO-2026-4340", - "GO-2026-4341", - "GO-2026-4342", - "GO-2026-4403", - "GO-2026-4601", - "GO-2026-4602", - "GO-2026-4603" - ] - }, - { - "package": { - "name": "ptf", - "version": "(devel)", - "ecosystem": "Go", - "image_origin_details": { - "index": 2 - } - } - } - ] - }, - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "alpine-baselayout", - "os_package_name": "alpine-baselayout", - "version": "3.6.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "66187892e05b03a41d08e9acabd19b7576a1c875", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "alpine-baselayout", - "os_package_name": "alpine-baselayout-data", - "version": "3.6.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "66187892e05b03a41d08e9acabd19b7576a1c875", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "alpine-keys", - "os_package_name": "alpine-keys", - "version": "2.4-r1", - "ecosystem": "Alpine:v3.20", - "commit": "aab68f8c9ab434a46710de8e12fb3206e2930a59", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "apk-tools", - "os_package_name": "apk-tools", - "version": "2.14.4-r0", - "ecosystem": "Alpine:v3.20", - "commit": "d435c805af8af4171438da3ec3429c094aac4c6e", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox", - "version": "1.36.1-r29", - "ecosystem": "Alpine:v3.20", - "commit": "1747c01fb96905f101c25609011589d28e01cbb8", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox-binsh", - "version": "1.36.1-r29", - "ecosystem": "Alpine:v3.20", - "commit": "1747c01fb96905f101c25609011589d28e01cbb8", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "ca-certificates", - "os_package_name": "ca-certificates-bundle", - "version": "20240226-r0", - "ecosystem": "Alpine:v3.20", - "commit": "56fb003da0adcea3b59373ef6a633d0c5bfef3ac", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "openssl", - "os_package_name": "libcrypto3", - "version": "3.3.1-r0", - "ecosystem": "Alpine:v3.20", - "commit": "15cc530882e1e6f3dc8a77200ee8bd01cb98f53c", - "image_origin_details": { - "index": 0 - } - }, - "groups": 18, - "vulnerabilities": [ - "ALPINE-CVE-2024-12797", - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9231", - "ALPINE-CVE-2025-9232", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.3.1-r0", - "ecosystem": "Alpine:v3.20", - "commit": "15cc530882e1e6f3dc8a77200ee8bd01cb98f53c", - "image_origin_details": { - "index": 0 - } - }, - "groups": 18, - "vulnerabilities": [ - "ALPINE-CVE-2024-12797", - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-15467", - "ALPINE-CVE-2025-15468", - "ALPINE-CVE-2025-66199", - "ALPINE-CVE-2025-68160", - "ALPINE-CVE-2025-69418", - "ALPINE-CVE-2025-69419", - "ALPINE-CVE-2025-69420", - "ALPINE-CVE-2025-69421", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9231", - "ALPINE-CVE-2025-9232", - "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" - ] - }, - { - "package": { - "name": "musl", - "os_package_name": "musl", - "version": "1.2.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "4fe5bdbe47b100daa6380f81c4c8ea3f99b61362", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2025-26519" - ] - }, - { - "package": { - "name": "musl", - "os_package_name": "musl-utils", - "version": "1.2.5-r0", - "ecosystem": "Alpine:v3.20", - "commit": "4fe5bdbe47b100daa6380f81c4c8ea3f99b61362", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2025-26519" - ] - }, - { - "package": { - "name": "pax-utils", - "os_package_name": "scanelf", - "version": "1.3.7-r2", - "ecosystem": "Alpine:v3.20", - "commit": "e65a4f2d0470e70d862ef2b5c412ecf2cb9ad0a6", - "image_origin_details": { - "index": 0 - } - } - }, - { - "package": { - "name": "busybox", - "os_package_name": "ssl_client", - "version": "1.36.1-r29", - "ecosystem": "Alpine:v3.20", - "commit": "1747c01fb96905f101c25609011589d28e01cbb8", - "image_origin_details": { - "index": 0 - } - }, - "groups": 2, - "vulnerabilities": [ - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib", - "version": "1.3.1-r1", - "ecosystem": "Alpine:v3.20", - "commit": "fad2d175bd85eb4c5566765375392a7394dfbcf2", - "image_origin_details": { - "index": 0 - } - } - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Alpine Linux v3.20", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD file:33ebe56b967747a97dcec01bc2559962bee8823686c9739d26be060381bbb3ca in / ", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY /work/ptf-1.4.0 /go/bin/ # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_image_with_go_binary - 2] -Scanning local image tarball "./testdata/test-go-binary.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_detector_preset - 1] -{ - "results": [ - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "apk-tools", - "os_package_name": "apk-tools", - "version": "2.10.6-r0", - "ecosystem": "Alpine:v3.10", - "commit": "ee458ccae264321745e9622c759baf110130eb2f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2021-36159" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "experimental_generic_findings": [ - { - "Adv": { - "ID": { - "Publisher": "SCALIBR", - "Reference": "etc-shadow-weakcredentials" - }, - "Title": "Ensure all users have strong passwords configured", - "Description": "The /etc/shadow file contains user account password hashes. These passwords must be strong and not easily guessable.", - "Recommendation": "Run the following command to reset password for the reported users:/n# change password for USER: sudo passwd USER", - "Sev": 5 - }, - "Target": { - "Extra": "/etc/shadow: The following users have weak passwords:/nuser-bcrypt/n" - }, - "Plugins": [ - "weakcredentials/etcshadow" - ], - "ExploitabilitySignals": null - } - ], - "image_metadata": { - "os": "Alpine Linux v3.10", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / ", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-bcrypt:$2b$05$IYDlXvHmeORyyiUwu8KKuek2LE8VrxIYZ2skPvRDDNngpXJHRq7sG' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-descrypt:chERDiI95PGCQ' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_detector_preset - 2] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_specific_detector_enabled - 1] -{ - "results": [ - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "apk-tools", - "os_package_name": "apk-tools", - "version": "2.10.6-r0", - "ecosystem": "Alpine:v3.10", - "commit": "ee458ccae264321745e9622c759baf110130eb2f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 1, - "vulnerabilities": [ - "ALPINE-CVE-2021-36159" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "experimental_generic_findings": [ - { - "Adv": { - "ID": { - "Publisher": "SCALIBR", - "Reference": "etc-shadow-weakcredentials" - }, - "Title": "Ensure all users have strong passwords configured", - "Description": "The /etc/shadow file contains user account password hashes. These passwords must be strong and not easily guessable.", - "Recommendation": "Run the following command to reset password for the reported users:/n# change password for USER: sudo passwd USER", - "Sev": 5 - }, - "Target": { - "Extra": "/etc/shadow: The following users have weak passwords:/nuser-bcrypt/n" - }, - "Plugins": [ - "weakcredentials/etcshadow" - ], - "ExploitabilitySignals": null - } - ], - "image_metadata": { - "os": "Alpine Linux v3.10", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / ", - "is_empty": false, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-bcrypt:$2b$05$IYDlXvHmeORyyiUwu8KKuek2LE8VrxIYZ2skPvRDDNngpXJHRq7sG' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c echo 'user-descrypt:chERDiI95PGCQ' /u003e/u003e /etc/shadow # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_specific_detector_enabled - 2] -Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_node_modules_using_npm_with_some_packages - 1] -{ - "results": [ - { - "source": { - "path": "/lib/apk/db/installed", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "busybox", - "os_package_name": "busybox", - "version": "1.36.1-r15", - "ecosystem": "Alpine:v3.19", - "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 6, - "vulnerabilities": [ - "ALPINE-CVE-2023-42363", - "ALPINE-CVE-2023-42364", - "ALPINE-CVE-2023-42365", - "ALPINE-CVE-2023-42366", - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "busybox-binsh", - "version": "1.36.1-r15", - "ecosystem": "Alpine:v3.19", - "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 6, - "vulnerabilities": [ - "ALPINE-CVE-2023-42363", - "ALPINE-CVE-2023-42364", - "ALPINE-CVE-2023-42365", - "ALPINE-CVE-2023-42366", - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libcrypto3", - "version": "3.1.4-r5", - "ecosystem": "Alpine:v3.19", - "commit": "b784a22cad0c452586b438cb7a597d846fc09ff4", - "image_origin_details": { - "index": 0 - } - }, - "groups": 9, - "vulnerabilities": [ - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-2511", - "ALPINE-CVE-2024-4603", - "ALPINE-CVE-2024-4741", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9232" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.1.4-r5", - "ecosystem": "Alpine:v3.19", - "commit": "b784a22cad0c452586b438cb7a597d846fc09ff4", - "image_origin_details": { - "index": 0 - } - }, - "groups": 9, - "vulnerabilities": [ - "ALPINE-CVE-2024-13176", - "ALPINE-CVE-2024-2511", - "ALPINE-CVE-2024-4603", - "ALPINE-CVE-2024-4741", - "ALPINE-CVE-2024-5535", - "ALPINE-CVE-2024-6119", - "ALPINE-CVE-2024-9143", - "ALPINE-CVE-2025-9230", - "ALPINE-CVE-2025-9232" - ] - }, - { - "package": { - "name": "busybox", - "os_package_name": "ssl_client", - "version": "1.36.1-r15", - "ecosystem": "Alpine:v3.19", - "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", - "image_origin_details": { - "index": 0 - } - }, - "groups": 6, - "vulnerabilities": [ - "ALPINE-CVE-2023-42363", - "ALPINE-CVE-2023-42364", - "ALPINE-CVE-2023-42365", - "ALPINE-CVE-2023-42366", - "ALPINE-CVE-2024-58251", - "ALPINE-CVE-2025-46394" - ] - } - ] - }, - { - "source": { - "path": "/prod/app/node_modules/.package-lock.json", - "type": "artifact" - }, - "packages": [ - { - "package": { - "name": "cryo", - "version": "0.0.6", - "ecosystem": "npm", - "image_origin_details": { - "index": 14 - } - }, - "groups": 1, - "vulnerabilities": [ - "GHSA-38f5-ghc2-fcmv" - ] - }, - { - "package": { - "name": "minimist", - "version": "0.0.8", - "ecosystem": "npm", - "image_origin_details": { - "index": 13 - } - }, - "groups": 2, - "vulnerabilities": [ - "GHSA-vh95-rmgr-6w4m", - "GHSA-xvch-5gv4-984h" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Alpine Linux v3.19", - "layer_metadata": [ - { - "diff_id": "sha256:...", - "command": "ADD file:37a76ec18f988775...", - "is_empty": false, - "base_image_index": 4 - }, - { - "diff_id": "", - "command": "CMD [/"/bin/sh/"]", - "is_empty": true, - "base_image_index": 3 - }, - { - "diff_id": "", - "command": "ENV NODE_VERSION=20.11.1", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "sha256:...", - "command": "RUN /0addgroup -g 1000 no...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENV YARN_VERSION=1.22.19", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "RUN /0apk add --no-cache ...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY file:4d192565a7220e1...", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ENTRYPOINT [/"docker-entry...", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "CMD [/"node/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "ARG MANAGER_VERSION=10.2.4", - "is_empty": true, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "WORKDIR /prod/app", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN |1 MANAGER_VERSION=10...", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "library/node", - "tags": null - }, - { - "name": "ayan4m1/maven-node", - "tags": null - }, - { - "name": "alpine", - "tags": null - }, - { - "name": "alpine", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_node_modules_using_npm_with_some_packages - 2] -Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_ubuntu_image - 1] -{ - "results": [ - { - "source": { - "path": "/var/lib/dpkg/status", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "coreutils", - "os_package_name": "coreutils", - "version": "8.32-4.1ubuntu1.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2016-2781", - "UBUNTU-CVE-2025-5278" - ] - }, - { - "package": { - "name": "dpkg", - "os_package_name": "dpkg", - "version": "1.21.1ubuntu2.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7768-1", - "UBUNTU-CVE-2025-6297", - "UBUNTU-CVE-2026-2219" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "gcc-12-base", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "gnupg2", - "os_package_name": "gpgv", - "version": "2.2.27-3ubuntu2.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7412-1", - "USN-7946-1", - "UBUNTU-CVE-2022-3219", - "UBUNTU-CVE-2025-30258", - "UBUNTU-CVE-2025-68972", - "UBUNTU-CVE-2025-68973", - "USN-7412-2" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libblkid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc-bin", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc6", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" - ] - }, - { - "package": { - "name": "libcap2", - "os_package_name": "libcap2", - "version": "1:2.44-1ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-7287-1", - "UBUNTU-CVE-2025-1390" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libgcc-s1", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "libgcrypt20", - "os_package_name": "libgcrypt20", - "version": "1.9.4-3ubuntu3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2024-2236" - ] - }, - { - "package": { - "name": "gnutls28", - "os_package_name": "libgnutls30", - "version": "3.7.3-4ubuntu1.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7635-1", - "USN-8043-1", - "USN-7281-1", - "UBUNTU-CVE-2024-12243", - "UBUNTU-CVE-2025-14831", - "UBUNTU-CVE-2025-32988", - "UBUNTU-CVE-2025-32989", - "UBUNTU-CVE-2025-32990", - "UBUNTU-CVE-2025-6395", - "UBUNTU-CVE-2025-9820" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libgssapi-krb5-2", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libk5crypto3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5-3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5support0", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "lz4", - "os_package_name": "liblz4-1", - "version": "1.9.3-2build2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-62813" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libmount1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncurses6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncursesw6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules-bin", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-runtime", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam0g", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pcre2", - "os_package_name": "libpcre2-8-0", - "version": "10.39-3ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-41409" - ] - }, - { - "package": { - "name": "pcre3", - "os_package_name": "libpcre3", - "version": "2:8.39-13ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2017-11164" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libsmartcols1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.0.2-0ubuntu1.18", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7980-1", - "USN-7786-1", - "USN-7278-1", - "UBUNTU-CVE-2024-13176", - "UBUNTU-CVE-2024-41996", - "UBUNTU-CVE-2024-9143", - "UBUNTU-CVE-2025-15467", - "UBUNTU-CVE-2025-27587", - "UBUNTU-CVE-2025-68160", - "UBUNTU-CVE-2025-69418", - "UBUNTU-CVE-2025-69419", - "UBUNTU-CVE-2025-69420", - "UBUNTU-CVE-2025-69421", - "UBUNTU-CVE-2025-9230", - "UBUNTU-CVE-2026-22795", - "UBUNTU-CVE-2026-22796" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libstdc++6", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libsystemd0", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "libtasn1-6", - "os_package_name": "libtasn1-6", - "version": "4.18.0-4build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7954-1", - "USN-7275-1", - "UBUNTU-CVE-2021-46848", - "UBUNTU-CVE-2024-12133", - "UBUNTU-CVE-2025-13151" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libtinfo6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libudev1", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libuuid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "libzstd", - "os_package_name": "libzstd1", - "version": "1.4.8+dfsg-3build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-4899" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "login", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "mount", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-base", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-bin", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "passwd", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "perl", - "os_package_name": "perl-base", - "version": "5.34.0-3ubuntu1.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7434-1", - "USN-7678-1", - "UBUNTU-CVE-2023-31486", - "UBUNTU-CVE-2023-47039", - "UBUNTU-CVE-2024-56406", - "UBUNTU-CVE-2025-40909" - ] - }, - { - "package": { - "name": "tar", - "os_package_name": "tar", - "version": "1.34+dfsg-1ubuntu0.1.22.04.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-45582" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "util-linux", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib1g", - "version": "1:1.2.11.dfsg-2ubuntu9.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2026-27171" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Ubuntu 22.04.5 LTS", - "layer_metadata": [ - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG RELEASE", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:1b6c8c9518be42fa2afe5e241ca31677fce58d27cdfa88baa91a65a259be3637 in / ", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/bash/"]", - "is_empty": true, - "base_image_index": 1 - } - ], - "base_images": [ - {}, - { - "name": "ubuntu", - "tags": null - }, - { - "name": "laurentsogeti/pod_showname_formation_ckad", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/scanning_ubuntu_image - 2] -Scanning local image tarball "./testdata/test-ubuntu.tar" - ---- - -[TestCommand_OCIImage_JSONFormat/ubuntu_image_with_go_OS_packages_json - 1] -{ - "results": [ - { - "source": { - "path": "/usr/bin/fzf", - "type": "artifact" - }, - "experimental_pes": [ - { - "Plugin": "vex/os-duplicate/dpkg", - "Justification": 1, - "VulnIdentifiers": null, - "MatchesAllVulns": true - } - ], - "packages": [ - { - "package": { - "name": "stdlib", - "version": "1.18.1", - "ecosystem": "Go", - "image_origin_details": { - "index": 7 - } - }, - "groups": 84, - "vulnerabilities": [ - "GO-2022-0477", - "GO-2022-0493", - "GO-2022-0515", - "GO-2022-0520", - "GO-2022-0521", - "GO-2022-0522", - "GO-2022-0523", - "GO-2022-0524", - "GO-2022-0525", - "GO-2022-0526", - "GO-2022-0527", - "GO-2022-0531", - "GO-2022-0532", - "GO-2022-0533", - "GO-2022-0537", - "GO-2022-0969", - "GO-2022-1037", - "GO-2022-1038", - "GO-2022-1039", - "GO-2022-1095", - "GO-2022-1143", - "GO-2022-1144", - "GO-2023-1568", - "GO-2023-1569", - "GO-2023-1570", - "GO-2023-1571", - "GO-2023-1621", - "GO-2023-1702", - "GO-2023-1703", - "GO-2023-1704", - "GO-2023-1705", - "GO-2023-1751", - "GO-2023-1752", - "GO-2023-1753", - "GO-2023-1840", - "GO-2023-1878", - "GO-2023-1987", - "GO-2023-2041", - "GO-2023-2043", - "GO-2023-2102", - "GO-2023-2185", - "GO-2023-2186", - "GO-2023-2375", - "GO-2023-2382", - "GO-2024-2598", - "GO-2024-2599", - "GO-2024-2600", - "GO-2024-2609", - "GO-2024-2610", - "GO-2024-2687", - "GO-2024-2887", - "GO-2024-2888", - "GO-2024-2963", - "GO-2024-3105", - "GO-2024-3106", - "GO-2024-3107", - "GO-2025-3373", - "GO-2025-3420", - "GO-2025-3447", - "GO-2025-3563", - "GO-2025-3750", - "GO-2025-3751", - "GO-2025-3849", - "GO-2025-3956", - "GO-2025-4006", - "GO-2025-4007", - "GO-2025-4008", - "GO-2025-4009", - "GO-2025-4010", - "GO-2025-4011", - "GO-2025-4012", - "GO-2025-4013", - "GO-2025-4014", - "GO-2025-4015", - "GO-2025-4155", - "GO-2025-4175", - "GO-2026-4337", - "GO-2026-4340", - "GO-2026-4341", - "GO-2026-4342", - "GO-2026-4403", - "GO-2026-4601", - "GO-2026-4602", - "GO-2026-4603" - ] - } - ] - }, - { - "source": { - "path": "/var/lib/dpkg/status", - "type": "os" - }, - "packages": [ - { - "package": { - "name": "coreutils", - "os_package_name": "coreutils", - "version": "8.32-4.1ubuntu1.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2016-2781", - "UBUNTU-CVE-2025-5278" - ] - }, - { - "package": { - "name": "dpkg", - "os_package_name": "dpkg", - "version": "1.21.1ubuntu2.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7768-1", - "UBUNTU-CVE-2025-6297", - "UBUNTU-CVE-2026-2219" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "gcc-12-base", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "gnupg2", - "os_package_name": "gpgv", - "version": "2.2.27-3ubuntu2.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7412-1", - "USN-7946-1", - "UBUNTU-CVE-2022-3219", - "UBUNTU-CVE-2025-30258", - "UBUNTU-CVE-2025-68972", - "UBUNTU-CVE-2025-68973", - "USN-7412-2" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libblkid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc-bin", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" - ] - }, - { - "package": { - "name": "glibc", - "os_package_name": "libc6", - "version": "2.35-0ubuntu3.8", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-8005-1", - "USN-7259-1", - "USN-7541-1", - "USN-7760-1", - "UBUNTU-CVE-2016-20013", - "UBUNTU-CVE-2025-0395", - "UBUNTU-CVE-2025-15281", - "UBUNTU-CVE-2025-4802", - "UBUNTU-CVE-2025-8058", - "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" - ] - }, - { - "package": { - "name": "libcap2", - "os_package_name": "libcap2", - "version": "1:2.44-1ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-7287-1", - "UBUNTU-CVE-2025-1390" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libgcc-s1", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "libgcrypt20", - "os_package_name": "libgcrypt20", - "version": "1.9.4-3ubuntu3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2024-2236" - ] - }, - { - "package": { - "name": "gnutls28", - "os_package_name": "libgnutls30", - "version": "3.7.3-4ubuntu1.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7635-1", - "USN-8043-1", - "USN-7281-1", - "UBUNTU-CVE-2024-12243", - "UBUNTU-CVE-2025-14831", - "UBUNTU-CVE-2025-32988", - "UBUNTU-CVE-2025-32989", - "UBUNTU-CVE-2025-32990", - "UBUNTU-CVE-2025-6395", - "UBUNTU-CVE-2025-9820" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libgssapi-krb5-2", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libk5crypto3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5-3", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "krb5", - "os_package_name": "libkrb5support0", - "version": "1.19.2-2ubuntu0.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7314-1", - "USN-7257-1", - "USN-7542-1", - "UBUNTU-CVE-2018-5709", - "UBUNTU-CVE-2024-26458", - "UBUNTU-CVE-2024-26461", - "UBUNTU-CVE-2024-3596", - "UBUNTU-CVE-2025-24528", - "UBUNTU-CVE-2025-3576" - ] - }, - { - "package": { - "name": "lz4", - "os_package_name": "liblz4-1", - "version": "1.9.3-2build2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-62813" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libmount1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncurses6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libncursesw6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-modules-bin", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam-runtime", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pam", - "os_package_name": "libpam0g", - "version": "1.4.0-11ubuntu2.5", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 3, - "vulnerabilities": [ - "USN-7580-1", - "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" - ] - }, - { - "package": { - "name": "pcre2", - "os_package_name": "libpcre2-8-0", - "version": "10.39-3ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-41409" - ] - }, - { - "package": { - "name": "pcre3", - "os_package_name": "libpcre3", - "version": "2:8.39-13ubuntu0.22.04.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2017-11164" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libsmartcols1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "openssl", - "os_package_name": "libssl3", - "version": "3.0.2-0ubuntu1.18", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 5, - "vulnerabilities": [ - "USN-7980-1", - "USN-7786-1", - "USN-7278-1", - "UBUNTU-CVE-2024-13176", - "UBUNTU-CVE-2024-41996", - "UBUNTU-CVE-2024-9143", - "UBUNTU-CVE-2025-15467", - "UBUNTU-CVE-2025-27587", - "UBUNTU-CVE-2025-68160", - "UBUNTU-CVE-2025-69418", - "UBUNTU-CVE-2025-69419", - "UBUNTU-CVE-2025-69420", - "UBUNTU-CVE-2025-69421", - "UBUNTU-CVE-2025-9230", - "UBUNTU-CVE-2026-22795", - "UBUNTU-CVE-2026-22796" - ] - }, - { - "package": { - "name": "gcc-12", - "os_package_name": "libstdc++6", - "version": "12.3.0-1ubuntu1~22.04", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7700-1", - "UBUNTU-CVE-2022-27943", - "UBUNTU-CVE-2023-4039" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libsystemd0", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "libtasn1-6", - "os_package_name": "libtasn1-6", - "version": "4.18.0-4build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7954-1", - "USN-7275-1", - "UBUNTU-CVE-2021-46848", - "UBUNTU-CVE-2024-12133", - "UBUNTU-CVE-2025-13151" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "libtinfo6", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "systemd", - "os_package_name": "libudev1", - "version": "249.11-0ubuntu3.12", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "USN-7559-1", - "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "libuuid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "libzstd", - "os_package_name": "libzstd1", - "version": "1.4.8+dfsg-3build1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2022-4899" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "login", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "mount", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-base", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "ncurses", - "os_package_name": "ncurses-bin", - "version": "6.3-2ubuntu0.1", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" - ] - }, - { - "package": { - "name": "shadow", - "os_package_name": "passwd", - "version": "1:4.8.1-2ubuntu2.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 2, - "vulnerabilities": [ - "UBUNTU-CVE-2023-29383", - "UBUNTU-CVE-2024-56433" - ] - }, - { - "package": { - "name": "perl", - "os_package_name": "perl-base", - "version": "5.34.0-3ubuntu1.3", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 4, - "vulnerabilities": [ - "USN-7434-1", - "USN-7678-1", - "UBUNTU-CVE-2023-31486", - "UBUNTU-CVE-2023-47039", - "UBUNTU-CVE-2024-56406", - "UBUNTU-CVE-2025-40909" - ] - }, - { - "package": { - "name": "tar", - "os_package_name": "tar", - "version": "1.34+dfsg-1ubuntu0.1.22.04.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2025-45582" - ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "util-linux", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib1g", - "version": "1:1.2.11.dfsg-2ubuntu9.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2026-27171" - ] - } - ] - } - ], - "experimental_config": { - "licenses": { - "summary": false, - "allowlist": null - } - }, - "image_metadata": { - "os": "Ubuntu 22.04.5 LTS", - "layer_metadata": [ - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG RELEASE", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", - "is_empty": true, - "base_image_index": 2 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "/bin/sh -c #(nop) ADD file:1b6c8c9518be42fa2afe5e241ca31677fce58d27cdfa88baa91a65a259be3637 in / ", - "is_empty": false, - "base_image_index": 1 - }, - { - "diff_id": "", - "command": "/bin/sh -c #(nop) CMD [/"/bin/bash/"]", - "is_empty": true, - "base_image_index": 1 - }, - { - "diff_id": "sha256:...", - "command": "COPY ./sample-pkgs/fzf_0.29.0-1ubuntu0.1_amd64.deb /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb # buildkit", - "is_empty": false, - "base_image_index": 0 - }, - { - "diff_id": "sha256:...", - "command": "RUN /bin/sh -c dpkg -i /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb /u0026/u0026 rm /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb # buildkit", - "is_empty": false, - "base_image_index": 0 - } - ], - "base_images": [ - {}, - { - "name": "ubuntu", - "tags": null - }, - { - "name": "laurentsogeti/pod_showname_formation_ckad", - "tags": null - } - ] - } -} - ---- - -[TestCommand_OCIImage_JSONFormat/ubuntu_image_with_go_OS_packages_json - 2] -Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" - ---- diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml index 1bd19146f37..71f2616fd9b 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml @@ -144,11 +144,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -156,11 +156,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -168,7 +168,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -176,7 +176,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml index d03041df3e8..daee47b11f8 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml @@ -128,7 +128,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 364 + content_length: 220 body: | { "results": [ @@ -138,7 +138,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -157,15 +157,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -173,7 +165,7 @@ interactions: } headers: Content-Length: - - "364" + - "220" Content-Type: - application/json status: 200 OK @@ -309,7 +301,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -464,7 +456,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -619,7 +611,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml index f51c54c9f51..ada59723dc9 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml @@ -30,7 +30,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 241 + content_length: 97 body: | { "results": [ @@ -38,15 +38,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -54,7 +46,7 @@ interactions: } headers: Content-Length: - - "241" + - "97" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml index bd4b24f9d2f..4529e7333bc 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9117 + content_length: 9123 body: | { "results": [ @@ -131,11 +131,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-30139", - "modified": "2025-12-03T22:01:06.478756Z" + "modified": "2025-12-03T22:50:14.655691Z" }, { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -143,79 +143,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -225,159 +225,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -385,159 +385,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -546,15 +546,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -562,15 +562,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -579,79 +579,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -659,11 +659,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -671,7 +671,7 @@ interactions: } headers: Content-Length: - - "9117" + - "9123" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml index 1a38048eddd..c10bf32e216 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9117 + content_length: 9123 body: | { "results": [ @@ -131,11 +131,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-30139", - "modified": "2025-12-03T22:01:06.478756Z" + "modified": "2025-12-03T22:50:14.655691Z" }, { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -143,79 +143,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -225,159 +225,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -385,159 +385,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -546,15 +546,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -562,15 +562,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -579,79 +579,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -659,11 +659,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -671,7 +671,7 @@ interactions: } headers: Content-Length: - - "9117" + - "9123" Content-Type: - application/json status: 200 OK @@ -2356,7 +2356,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11894 + content_length: 11176 body: | { "results": [ @@ -2370,11 +2370,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -2388,10 +2388,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -2404,11 +2400,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -2457,14 +2453,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -2494,11 +2483,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -2514,7 +2499,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -2546,11 +2531,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -2566,7 +2547,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -2593,11 +2574,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -2622,7 +2603,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -2642,7 +2623,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -2651,10 +2636,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -2831,14 +2812,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -2968,20 +2942,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -2989,11 +2956,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -3001,7 +2968,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -3009,27 +2976,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -3041,7 +3008,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -3049,11 +3016,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -3081,15 +3048,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -3132,14 +3099,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -3164,14 +3124,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -3250,27 +3203,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "11894" + - "11176" Content-Type: - application/json status: 200 OK @@ -4005,7 +3944,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11894 + content_length: 11176 body: | { "results": [ @@ -4019,11 +3958,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -4037,10 +3976,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -4053,11 +3988,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4106,14 +4041,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -4143,11 +4071,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4163,7 +4087,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4195,11 +4119,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4215,7 +4135,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4242,11 +4162,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4271,7 +4191,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -4291,7 +4211,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -4300,10 +4224,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -4480,14 +4400,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4617,20 +4530,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -4638,11 +4544,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -4650,7 +4556,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -4658,27 +4564,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -4690,7 +4596,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -4698,11 +4604,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4730,15 +4636,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -4781,14 +4687,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -4813,14 +4712,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4899,27 +4791,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "11894" + - "11176" Content-Type: - application/json status: 200 OK @@ -5668,7 +5546,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17082 + content_length: 16168 body: | { "results": [ @@ -5682,11 +5560,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -5700,10 +5578,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -5717,11 +5591,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -5945,23 +5819,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -5969,7 +5843,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -5977,7 +5851,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -5989,47 +5863,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -6037,7 +5911,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -6045,27 +5919,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -6110,14 +5972,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -6147,11 +6002,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6167,7 +6018,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6199,11 +6050,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6219,7 +6066,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6246,11 +6093,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6275,7 +6122,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -6295,7 +6142,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -6304,10 +6155,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -6484,14 +6331,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6621,20 +6461,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -6642,11 +6475,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -6654,7 +6487,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -6662,27 +6495,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -6694,7 +6527,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -6702,11 +6535,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6734,15 +6567,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -6785,14 +6618,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -6817,14 +6643,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6903,27 +6722,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "17082" + - "16168" Content-Type: - application/json status: 200 OK @@ -8379,7 +8184,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9991 + content_length: 9268 body: | { "results": [ @@ -8394,11 +8199,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -8406,11 +8211,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -8420,10 +8225,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" - }, { "id": "GHSA-h46c-h94j-95f3", "modified": "2026-02-04T03:44:39.385253Z" @@ -8507,11 +8308,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8519,11 +8320,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8531,11 +8332,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8543,11 +8344,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8555,11 +8356,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8567,55 +8368,24 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" - } - ] - }, - { - "vulns": [ - { - "id": "ALPINE-CVE-2024-12243", - "modified": "2026-02-24T08:30:42.520717Z" - }, - { - "id": "ALPINE-CVE-2025-14831", - "modified": "2026-02-24T08:30:41.701341Z" - }, - { - "id": "ALPINE-CVE-2025-32988", - "modified": "2026-02-24T08:01:14.207044Z" - }, - { - "id": "ALPINE-CVE-2025-32989", - "modified": "2026-02-24T08:01:14.218394Z" - }, - { - "id": "ALPINE-CVE-2025-32990", - "modified": "2026-02-24T08:01:14.156108Z" - }, - { - "id": "ALPINE-CVE-2025-6395", - "modified": "2026-02-24T08:01:14.252351Z" - }, - { - "id": "ALPINE-CVE-2025-9820", - "modified": "2026-02-24T08:01:14.195104Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, + {}, { "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8623,11 +8393,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8635,11 +8405,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8647,11 +8417,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8659,11 +8429,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8765,63 +8535,63 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -8829,19 +8599,19 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-8176", - "modified": "2025-12-03T22:01:07.752677Z" + "modified": "2025-12-03T22:57:51.246966Z" }, { "id": "ALPINE-CVE-2025-59375", - "modified": "2025-12-03T22:01:07.922612Z" + "modified": "2025-12-03T22:59:58.939558Z" }, { "id": "ALPINE-CVE-2026-24515", - "modified": "2026-02-06T11:01:11.343543Z" + "modified": "2026-02-06T11:22:51.413545Z" }, { "id": "ALPINE-CVE-2026-25210", - "modified": "2026-03-13T06:29:27.213127Z" + "modified": "2026-02-04T00:16:04.699793Z" } ] }, @@ -8858,19 +8628,19 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-64505", - "modified": "2025-12-08T15:00:57.813758Z" + "modified": "2025-12-08T15:11:42.598503Z" }, { "id": "ALPINE-CVE-2025-64506", - "modified": "2025-12-08T15:00:57.771692Z" + "modified": "2025-12-08T15:14:01.131553Z" }, { "id": "ALPINE-CVE-2025-64720", - "modified": "2025-12-08T15:00:57.773593Z" + "modified": "2025-12-08T15:14:12.627370Z" }, { "id": "ALPINE-CVE-2025-65018", - "modified": "2025-12-08T15:00:57.817561Z" + "modified": "2025-12-08T15:14:18.487828Z" }, { "id": "ALPINE-CVE-2025-66293", @@ -8883,10 +8653,6 @@ interactions: { "id": "ALPINE-CVE-2026-22801", "modified": "2026-01-22T19:30:04.012462Z" - }, - { - "id": "ALPINE-CVE-2026-25646", - "modified": "2026-02-24T12:00:36.302208Z" } ] }, @@ -8895,63 +8661,63 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -8959,7 +8725,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12133", - "modified": "2025-12-03T22:01:07.518013Z" + "modified": "2025-12-03T22:55:00.302559Z" }, { "id": "ALPINE-CVE-2025-13151", @@ -8973,7 +8739,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -8983,7 +8749,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -8994,63 +8760,63 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -9144,10 +8910,6 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" - }, - { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" } ] }, @@ -9179,19 +8941,19 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-29087", - "modified": "2025-11-19T01:01:53.905906Z" + "modified": "2025-11-19T06:21:22.290875Z" }, { "id": "ALPINE-CVE-2025-29088", - "modified": "2025-11-19T01:01:53.923660Z" + "modified": "2025-11-19T06:21:22.419722Z" }, { "id": "ALPINE-CVE-2025-3277", - "modified": "2025-11-19T01:01:53.906493Z" + "modified": "2025-11-19T06:21:22.993026Z" }, { "id": "ALPINE-CVE-2025-6965", - "modified": "2026-02-05T02:01:12.170793Z" + "modified": "2026-02-05T02:19:39.445651Z" } ] }, @@ -9199,11 +8961,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -9215,7 +8977,7 @@ interactions: } headers: Content-Length: - - "9991" + - "9268" Content-Type: - application/json status: 200 OK @@ -9929,7 +9691,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 3731 + content_length: 3752 body: | { "results": [ @@ -9947,7 +9709,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -9959,7 +9721,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -9979,7 +9741,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -9988,11 +9750,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -10000,11 +9762,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -10016,7 +9778,7 @@ interactions: "vulns": [ { "id": "DLA-3783-1", - "modified": "2026-03-09T01:21:52.762023Z" + "modified": "2025-05-26T07:23:51.550862Z" } ] }, @@ -10025,7 +9787,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10038,11 +9800,11 @@ interactions: "vulns": [ { "id": "DLA-3660-1", - "modified": "2026-03-09T02:10:14.556560Z" + "modified": "2025-05-26T07:23:53.429764Z" }, { "id": "DLA-3740-1", - "modified": "2026-03-09T01:23:17.775568Z" + "modified": "2025-05-26T07:23:55.348455Z" } ] }, @@ -10055,7 +9817,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10063,11 +9825,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10088,7 +9850,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10098,7 +9860,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -10107,7 +9869,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -10116,11 +9878,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10128,7 +9890,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -10137,7 +9899,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10148,7 +9910,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10156,11 +9918,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10168,11 +9930,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10181,7 +9943,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -10195,7 +9957,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -10215,7 +9977,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -10282,7 +10044,7 @@ interactions: "vulns": [ { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -10290,11 +10052,11 @@ interactions: "vulns": [ { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" } ] }, @@ -10302,7 +10064,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10319,7 +10081,7 @@ interactions: } headers: Content-Length: - - "3731" + - "3752" Content-Type: - application/json status: 200 OK @@ -11124,7 +10886,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6219 + content_length: 6100 body: | { "results": [ @@ -11174,10 +10936,6 @@ interactions: "id": "GHSA-5wv5-4vpf-pj6m", "modified": "2024-09-20T21:24:25.140560Z" }, - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -11200,10 +10958,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-29vq-49wr-vm6x", - "modified": "2026-02-23T23:43:27.690386Z" - }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "2026-02-04T03:18:07.993642Z" @@ -11227,7 +10981,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -11239,7 +10993,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11272,7 +11026,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11281,11 +11035,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -11293,11 +11047,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -11309,7 +11063,7 @@ interactions: "vulns": [ { "id": "DLA-3783-1", - "modified": "2026-03-09T01:21:52.762023Z" + "modified": "2025-05-26T07:23:51.550862Z" } ] }, @@ -11318,7 +11072,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11331,11 +11085,11 @@ interactions: "vulns": [ { "id": "DLA-3660-1", - "modified": "2026-03-09T02:10:14.556560Z" + "modified": "2025-05-26T07:23:53.429764Z" }, { "id": "DLA-3740-1", - "modified": "2026-03-09T01:23:17.775568Z" + "modified": "2025-05-26T07:23:55.348455Z" } ] }, @@ -11348,7 +11102,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11356,11 +11110,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11381,7 +11135,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11391,7 +11145,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -11400,7 +11154,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -11409,11 +11163,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11421,7 +11175,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -11430,7 +11184,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11441,7 +11195,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11449,11 +11203,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11461,11 +11215,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11474,7 +11228,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -11488,7 +11242,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -11508,7 +11262,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -11596,7 +11350,7 @@ interactions: "vulns": [ { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -11604,11 +11358,11 @@ interactions: "vulns": [ { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" } ] }, @@ -11668,7 +11422,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11685,7 +11439,7 @@ interactions: } headers: Content-Length: - - "6219" + - "6100" Content-Type: - application/json status: 200 OK @@ -11937,7 +11691,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 15478 + content_length: 14302 body: | { "results": [ @@ -11949,11 +11703,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -11961,11 +11715,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -11984,23 +11738,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12008,7 +11762,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12016,7 +11770,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12028,47 +11782,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12076,7 +11830,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12084,27 +11838,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12116,23 +11858,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12140,7 +11882,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12148,7 +11890,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12160,47 +11902,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12208,7 +11950,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12216,27 +11958,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12248,23 +11978,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12272,7 +12002,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12280,7 +12010,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12292,47 +12022,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12340,7 +12070,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12348,27 +12078,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12380,23 +12098,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12404,7 +12122,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12412,7 +12130,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12424,47 +12142,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12472,7 +12190,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12480,27 +12198,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12512,23 +12218,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12536,7 +12242,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12544,7 +12250,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12556,47 +12262,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12604,7 +12310,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12612,27 +12318,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12644,23 +12338,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12668,7 +12362,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12676,7 +12370,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12688,47 +12382,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12736,7 +12430,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12744,27 +12438,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12772,75 +12454,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -12848,75 +12530,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -12924,7 +12606,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -12932,7 +12614,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -12947,11 +12629,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -12960,7 +12642,7 @@ interactions: } headers: Content-Length: - - "15478" + - "14302" Content-Type: - application/json status: 200 OK @@ -13096,7 +12778,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13251,7 +12933,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13406,7 +13088,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13561,7 +13243,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13739,27 +13421,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -13767,27 +13449,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -13797,39 +13479,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -13838,39 +13520,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -13882,27 +13564,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14091,27 +13773,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14119,27 +13801,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14157,39 +13839,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14198,39 +13880,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14239,11 +13921,11 @@ interactions: "vulns": [ { "id": "GHSA-vh95-rmgr-6w4m", - "modified": "2026-03-13T22:11:31.390433Z" + "modified": "2025-01-14T08:57:16.325412Z" }, { "id": "GHSA-xvch-5gv4-984h", - "modified": "2026-03-13T22:11:59.523514Z" + "modified": "2025-01-14T10:12:15.693708Z" } ] }, @@ -14255,27 +13937,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14443,27 +14125,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14471,27 +14153,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14501,39 +14183,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14542,39 +14224,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14586,27 +14268,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14774,27 +14456,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14802,27 +14484,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14832,39 +14514,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14873,39 +14555,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14917,27 +14599,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15105,27 +14787,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15133,27 +14815,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15163,39 +14845,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15204,39 +14886,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15248,27 +14930,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15436,27 +15118,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15464,27 +15146,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15494,39 +15176,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15535,39 +15217,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15579,27 +15261,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml index 7a608e63663..48db4a2822b 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml @@ -800,7 +800,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6219 + content_length: 6100 body: | { "results": [ @@ -850,10 +850,6 @@ interactions: "id": "GHSA-5wv5-4vpf-pj6m", "modified": "2024-09-20T21:24:25.140560Z" }, - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -876,10 +872,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-29vq-49wr-vm6x", - "modified": "2026-02-23T23:43:27.690386Z" - }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "2026-02-04T03:18:07.993642Z" @@ -903,7 +895,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -915,7 +907,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -948,7 +940,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -957,11 +949,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -969,11 +961,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -985,7 +977,7 @@ interactions: "vulns": [ { "id": "DLA-3783-1", - "modified": "2026-03-09T01:21:52.762023Z" + "modified": "2025-05-26T07:23:51.550862Z" } ] }, @@ -994,7 +986,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1007,11 +999,11 @@ interactions: "vulns": [ { "id": "DLA-3660-1", - "modified": "2026-03-09T02:10:14.556560Z" + "modified": "2025-05-26T07:23:53.429764Z" }, { "id": "DLA-3740-1", - "modified": "2026-03-09T01:23:17.775568Z" + "modified": "2025-05-26T07:23:55.348455Z" } ] }, @@ -1024,7 +1016,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1032,11 +1024,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1057,7 +1049,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1067,7 +1059,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -1076,7 +1068,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -1085,11 +1077,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1097,7 +1089,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -1106,7 +1098,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1117,7 +1109,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1125,11 +1117,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1137,11 +1129,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1150,7 +1142,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -1164,7 +1156,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -1184,7 +1176,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -1272,7 +1264,7 @@ interactions: "vulns": [ { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -1280,11 +1272,11 @@ interactions: "vulns": [ { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" } ] }, @@ -1344,7 +1336,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1361,7 +1353,7 @@ interactions: } headers: Content-Length: - - "6219" + - "6100" Content-Type: - application/json status: 200 OK @@ -1745,11 +1737,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -1757,11 +1749,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -1782,51 +1774,51 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-11187", - "modified": "2026-01-30T11:01:00.222803Z" + "modified": "2026-01-30T11:15:53.799925Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-15469", - "modified": "2026-01-30T11:01:00.225366Z" + "modified": "2026-01-30T11:16:52.287694Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -1834,51 +1826,51 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-11187", - "modified": "2026-01-30T11:01:00.222803Z" + "modified": "2026-01-30T11:15:53.799925Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-15469", - "modified": "2026-01-30T11:01:00.225366Z" + "modified": "2026-01-30T11:16:52.287694Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -1896,11 +1888,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2071,7 +2063,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 5308 + content_length: 5112 body: | { "results": [ @@ -2083,11 +2075,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2095,11 +2087,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2113,23 +2105,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -2137,7 +2129,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -2145,7 +2137,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -2157,47 +2149,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -2205,7 +2197,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -2213,27 +2205,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -2241,75 +2221,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -2317,75 +2297,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -2393,7 +2373,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -2401,7 +2381,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -2411,11 +2391,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2424,7 +2404,7 @@ interactions: } headers: Content-Length: - - "5308" + - "5112" Content-Type: - application/json status: 200 OK @@ -2560,7 +2540,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -2715,7 +2695,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -2914,27 +2894,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2942,27 +2922,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2980,39 +2960,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -3021,39 +3001,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -3062,11 +3042,11 @@ interactions: "vulns": [ { "id": "GHSA-vh95-rmgr-6w4m", - "modified": "2026-03-13T22:11:31.390433Z" + "modified": "2025-01-14T08:57:16.325412Z" }, { "id": "GHSA-xvch-5gv4-984h", - "modified": "2026-03-13T22:11:59.523514Z" + "modified": "2025-01-14T10:12:15.693708Z" } ] }, @@ -3078,27 +3058,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -3842,7 +3822,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11894 + content_length: 11176 body: | { "results": [ @@ -3856,11 +3836,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -3874,10 +3854,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -3890,11 +3866,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -3943,14 +3919,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -3980,11 +3949,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4000,7 +3965,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4032,11 +3997,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4052,7 +4013,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4079,11 +4040,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4108,7 +4069,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -4128,7 +4089,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -4137,10 +4102,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -4317,14 +4278,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4454,20 +4408,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -4475,11 +4422,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -4487,7 +4434,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -4495,27 +4442,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -4527,7 +4474,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -4535,11 +4482,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4567,15 +4514,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -4618,14 +4565,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -4650,14 +4590,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4736,27 +4669,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "11894" + - "11176" Content-Type: - application/json status: 200 OK @@ -5505,7 +5424,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17082 + content_length: 16168 body: | { "results": [ @@ -5519,11 +5438,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -5537,10 +5456,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -5554,11 +5469,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -5782,23 +5697,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -5806,7 +5721,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -5814,7 +5729,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -5826,47 +5741,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -5874,7 +5789,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -5882,27 +5797,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -5947,14 +5850,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -5984,11 +5880,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6004,7 +5896,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6036,11 +5928,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6056,7 +5944,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6083,11 +5971,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6112,7 +6000,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -6132,7 +6020,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -6141,10 +6033,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -6321,14 +6209,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6458,20 +6339,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -6479,11 +6353,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -6491,7 +6365,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -6499,27 +6373,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -6531,7 +6405,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -6539,11 +6413,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6571,15 +6445,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -6622,14 +6496,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -6654,14 +6521,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6740,27 +6600,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "17082" + - "16168" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 61df3a9c042..ecdbfc40dee 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -3,7 +3,6 @@ Scanning dir ./testdata/locks-gitignore Scanned /testdata/locks-gitignore/Gemfile.lock file and found 1 package Scanned /testdata/locks-gitignore/subdir/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -27,7 +26,6 @@ No issues found [TestCommand/Empty_cyclonedx_1.4_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -47,7 +45,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_cyclonedx_1.5_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -59,7 +56,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_gh-annotations_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -100,7 +96,7 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -118,7 +114,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_sarif_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -160,7 +155,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_spdx_2.3_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -168,11 +162,7 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Go_project_with_an_overridden_go_version - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. - -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -184,11 +174,7 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package Scanned /testdata/go-project/nested/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. - -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -199,16 +185,10 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/Go_project_with_an_overridden_go_version_and_licences - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. -+--------------+-------------------------+ -| LICENSE | NO. OF PACKAGE VERSIONS | -+--------------+-------------------------+ -| BSD-3-Clause | 1 | -+--------------+-------------------------+ --- @@ -219,10 +199,9 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/PURL_SBOM_case_sensitivity_(api) - 1] Scanning dir ./testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ @@ -231,8 +210,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -379,7 +356,7 @@ Total 2 packages affected by 9 known vulnerabilities (4 Critical, 4 High, 1 Medi ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -397,7 +374,6 @@ Total 2 packages affected by 9 known vulnerabilities (4 Critical, 4 High, 1 Medi [TestCommand/Sarif_with_vulns - 2] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -407,7 +383,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -421,7 +396,6 @@ No issues found Scanning dir ./testdata/locks-many-with-invalid Scanned /testdata/locks-many-with-invalid/Gemfile.lock file and found 1 package Scanned /testdata/locks-many-with-invalid/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. @@ -448,7 +422,6 @@ Scanned /testdata/locks-many-with-insecure/composer.lock file and found Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package Scanned /testdata/locks-many-with-insecure/yarn.lock file and found 1 package Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Package npm/has-flag/4.0.0 has been filtered out because: (no reason given) Package npm/wrappy/1.0.2 has been filtered out because: (no reason given) @@ -506,13 +479,12 @@ Total 6 packages affected by 10 known vulnerabilities (3 Critical, 1 High, 2 Med +---------+-------------------------+ | MIT | 15 | | 0BSD | 7 | -| UNKNOWN | 5 | +| UNKNOWN | 4 | +---------+-------------------------+ +-------------------+-----------+------------------------------------------------+--------------+-------------------------------------------------------+ | LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | +-------------------+-----------+------------------------------------------------+--------------+-------------------------------------------------------+ | 0BSD | Packagist | league/flysystem | 1.0.8 | testdata/locks-insecure/composer.lock | -| UNKNOWN | Go | stdlib | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | Go | toolchain | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | | https://chromium.googlesource.com/chromium/src | | testdata/locks-insecure/osv-scanner-flutter-deps.json | | UNKNOWN | | https://github.com/brendan-duncan/archive.git | | testdata/locks-insecure/osv-scanner-flutter-deps.json | @@ -534,7 +506,6 @@ Total 6 packages affected by 10 known vulnerabilities (3 Critical, 1 High, 2 Med [TestCommand/config_file_is_invalid - 1] Scanning dir ./testdata/config-invalid Scanned /testdata/config-invalid/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. @@ -564,7 +535,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. ./testdata/osv-scanner-duplicate-config.toml has unused ignores: - GO-2022-0274 - GO-2022-0274 @@ -593,14 +563,6 @@ No issues found "licenses": [], "purl": "pkg:composer/league/flysystem@1.0.8" }, - { - "bom-ref": "pkg:golang/stdlib@1.99.9", - "type": "library", - "name": "stdlib", - "version": "1.99.9", - "licenses": [], - "purl": "pkg:golang/stdlib@1.99.9" - }, { "bom-ref": "pkg:golang/toolchain@1.99.9", "type": "library", @@ -669,7 +631,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -688,14 +649,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a "licenses": [], "purl": "pkg:composer/league/flysystem@1.0.8" }, - { - "bom-ref": "pkg:golang/stdlib@1.99.9", - "type": "library", - "name": "stdlib", - "version": "1.99.9", - "licenses": [], - "purl": "pkg:golang/stdlib@1.99.9" - }, { "bom-ref": "pkg:golang/toolchain@1.99.9", "type": "library", @@ -764,7 +717,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -772,7 +724,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -785,7 +736,6 @@ No issues found Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -807,7 +757,6 @@ failed to parse exclude patterns: invalid regex pattern "[invalid": error parsin Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -820,7 +769,6 @@ No issues found Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -832,7 +780,6 @@ No issues found [TestCommand/exclude_with_regex_pattern - 1] Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -844,7 +791,6 @@ No issues found [TestCommand/folder_of_supported_sbom_with_only_unimportant - 1] Scanning dir ./testdata/sbom-insecure/only-unimportant.spdx.json Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -859,7 +805,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/folder_of_supported_sbom_with_only_unimportant#01 - 1] Scanning dir ./testdata/sbom-insecure/only-unimportant.spdx.json Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -886,10 +831,9 @@ Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 pac Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 10 local/unscannable package/s from the scan. -Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 56 Medium, 3 Low, 25 Unknown) from 4 ecosystems. +Total 26 packages affected by 172 known vulnerabilities (21 Critical, 72 High, 53 Medium, 3 Low, 23 Unknown) from 4 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -918,18 +862,12 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/DSA-4685-1 | 5.5 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4808-1 | 5.7 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-0501 | 5.9 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -940,7 +878,6 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/DLA-3482-1 | | Debian | debian-archive-keyring | 2017.5+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5147-1 | 9.8 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-6297 | 8.2 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2219 | 7.5 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4535-1 | 7.5 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2019-5188 | 6.7 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2022-1304 | 7.8 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1053,7 +990,6 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1101,7 +1037,6 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1120,41 +1055,18 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 [TestCommand/gh-annotations_with_vulns - 2] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. ::error file=testdata/locks-many-with-insecure/package-lock.json::testdata/locks-many-with-insecure/package-lock.json%0A+-----------+-------------------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+-----------+-------------------------------------+------+-----------------+---------------+%0A| ansi-html | https://osv.dev/GHSA-whgm-jr23-g3j9 | 7.5 | 0.0.1 | 0.0.8 |%0A+-----------+-------------------------------------+------+-----------------+---------------+ --- [TestCommand/go_packages_in_osv-scanner.json_format - 1] Scanned /testdata/locks-insecure/osv-scanner.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 2 packages affected by 24 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 24 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. +Total 1 package affected by 3 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 3 Unknown) from 1 ecosystem. +3 vulnerabilities can be fixed. +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ -| https://osv.dev/GO-2025-3849 | | Go | stdlib | 1.24.4 | 1.24.6 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-3956 | | Go | stdlib | 1.24.4 | 1.24.6 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4006 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4007 | | Go | stdlib | 1.24.4 | 1.24.9 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4008 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4009 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4010 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4011 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4012 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4013 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4014 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4015 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4155 | | Go | stdlib | 1.24.4 | 1.24.11 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4175 | | Go | stdlib | 1.24.4 | 1.24.11 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4337 | | Go | stdlib | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4340 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4341 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4342 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4601 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4602 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4603 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2025-3828 | | Go | toolchain | 1.24.4 | 1.24.5 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4339 | | Go | toolchain | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4433 | | Go | toolchain | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | @@ -1219,7 +1131,6 @@ Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Packagist/sentry/sdk/2.0.4 has been filtered out because: (no reason given) Filtered 1 ignored package/s from the scan. GHSA-whgm-jr23-g3j9 and 1 alias have been filtered out because: (no reason given) @@ -1242,7 +1153,6 @@ Scanned /testdata/locks-gitignore/subdir/Gemfile.lock file and found 1 Scanned /testdata/locks-gitignore/subdir/composer.lock file and found 1 package Scanned /testdata/locks-gitignore/subdir/yarn.lock file and found 1 package Scanned /testdata/locks-gitignore/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1276,7 +1186,6 @@ invalid verbosity level "unknown" - must be one of: error, warn, info [TestCommand/json_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -1285,7 +1194,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1307,7 +1215,6 @@ failed to resolve path: stat /testdata/locks-none-does-not-exist: no su [TestCommand/no_lockfiles_with_recursion_and_with_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none Scanned /testdata/locks-none/nested/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1319,7 +1226,6 @@ No issues found [TestCommand/no_lockfiles_with_recursion_but_without_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none Scanned /testdata/locks-none/nested/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1330,7 +1236,6 @@ No issues found [TestCommand/no_lockfiles_without_recursion_but_with_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No package sources found No issues found @@ -1342,7 +1247,6 @@ No issues found [TestCommand/no_lockfiles_without_recursion_or_allow_flag_give_an_error - 1] Scanning dir ./testdata/locks-none -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1375,7 +1279,6 @@ could not determine extractor, requested spdx [TestCommand/one_specific_supported_lockfile - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1388,7 +1291,6 @@ No issues found [TestCommand/one_specific_supported_lockfile_with_ignore - 1] Scanning dir ./testdata/locks-test-ignore/package-lock.json Scanned /testdata/locks-test-ignore/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-test-ignore/osv-scanner-test.toml CVE-2021-23424 and 1 alias have been filtered out because: Test manifest file (package-lock.json) Filtered 1 vulnerability from output @@ -1403,7 +1305,6 @@ No issues found [TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1416,10 +1317,9 @@ No issues found [TestCommand/one_specific_supported_sbom_with_duplicate_PURLs - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ @@ -1428,8 +1328,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ --- @@ -1440,10 +1338,9 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_duplicate_PURLs_using_-L_flag - 1] Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ @@ -1452,8 +1349,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ --- @@ -1465,7 +1360,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_invalid_PURLs - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 7 local/unscannable package/s from the scan. No issues found @@ -1477,7 +1371,6 @@ No issues found [TestCommand/one_specific_supported_sbom_with_invalid_PURLs_using_-L_flag - 1] Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 7 local/unscannable package/s from the scan. No issues found @@ -1490,10 +1383,9 @@ No issues found [TestCommand/one_specific_supported_sbom_with_vulns - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ @@ -1502,8 +1394,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -1514,10 +1404,9 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_vulns_using_-L_flag - 1] Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ @@ -1526,8 +1415,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -1538,7 +1425,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_unsupported_lockfile - 1] Scanning dir ./testdata/locks-many/not-a-lockfile.toml -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1550,7 +1436,6 @@ No package sources found, --help for usage information. [TestCommand/only_the_files_in_the_given_directories_are_checked_by_default_(no_recursion) - 1] Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1562,7 +1447,6 @@ No issues found [TestCommand/output_format:_markdown_table - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -1596,16 +1480,14 @@ Scanned /testdata/locks-requirements/requirements.txt file and found 3 Scanned /testdata/locks-requirements/the_requirements_for_test.txt file and found 1 package Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages -Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 Medium, 4 Low, 1 Unknown) from 1 ecosystem. -50 vulnerabilities can be fixed. +Total 11 packages affected by 45 known vulnerabilities (5 Critical, 19 High, 20 Medium, 0 Low, 1 Unknown) from 1 ecosystem. +45 vulnerabilities can be fixed. +-------------------------------------+------+-----------+------------+---------+---------------+-----------------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+------------+---------+---------------+-----------------------------------------------------------+ | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/my-requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/my-requirements.txt | -| https://osv.dev/GHSA-3936-cmfr-pm3m | 8.7 | PyPI | black | 25.1.0 | 26.3.1 | testdata/locks-requirements/requirements-dev.txt | | https://osv.dev/PYSEC-2021-98 | 6.9 | PyPI | django | 1.11.29 | 2.2.24 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-68w8-qjq3-2gfm | | | | | | | | https://osv.dev/GHSA-6w2r-r2m5-xq5w | 7.1 | PyPI | django | 1.11.29 | 4.2.24 | testdata/locks-requirements/requirements-transitive.txt | @@ -1616,7 +1498,6 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 | https://osv.dev/GHSA-rrqc-c2jx-6jgv | 6.3 | PyPI | django | 1.11.29 | 4.2.16 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/PYSEC-2023-74 | 6.1 | PyPI | requests | 2.20.0 | 2.31.0 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements-transitive.txt | @@ -1653,14 +1534,12 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 | https://osv.dev/GHSA-rrqc-c2jx-6jgv | 6.3 | PyPI | django | 1.11.29 | 4.2.16 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-74 | 6.1 | PyPI | requests | 2.20.0 | 2.31.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/PYSEC-2020-43 | 8.7 | PyPI | flask-cors | 1.0.0 | 3.0.9 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/GHSA-xc3p-ff3m-f46v | | | | | | | | https://osv.dev/PYSEC-2024-71 | 8.7 | PyPI | flask-cors | 1.0.0 | 4.0.2 | testdata/locks-requirements/unresolvable-requirements.txt | @@ -1754,27 +1633,9 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 } ] }, - { - "name": "stdlib", - "SPDXID": "SPDXRef-Package-stdlib-uuid-placeholder-5", - "versionInfo": "1.99.9", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "Identified by the osv/osvscannerjson extractor from /testdata/locks-insecure/osv-scanner-custom.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:placeholder/stdlib@1.99.9" - } - ] - }, { "name": "toolchain", - "SPDXID": "SPDXRef-Package-toolchain-uuid-placeholder-6", + "SPDXID": "SPDXRef-Package-toolchain-uuid-placeholder-5", "versionInfo": "1.99.9", "supplier": "NOASSERTION", "downloadLocation": "NOASSERTION", @@ -1829,21 +1690,11 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 }, { "spdxElementId": "SPDXRef-Package-main-uuid-placeholder-1", - "relatedSpdxElement": "SPDXRef-Package-stdlib-uuid-placeholder-5", + "relatedSpdxElement": "SPDXRef-Package-toolchain-uuid-placeholder-5", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-stdlib-uuid-placeholder-5", - "relatedSpdxElement": "NOASSERTION", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "SPDXRef-Package-main-uuid-placeholder-1", - "relatedSpdxElement": "SPDXRef-Package-toolchain-uuid-placeholder-6", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "SPDXRef-Package-toolchain-uuid-placeholder-6", + "spdxElementId": "SPDXRef-Package-toolchain-uuid-placeholder-5", "relatedSpdxElement": "NOASSERTION", "relationshipType": "CONTAINS" } @@ -1857,7 +1708,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1873,7 +1723,6 @@ No issues found [TestCommand/verbosity_level_=_info - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1886,7 +1735,6 @@ No issues found [TestCommandNonGit/one_specific_supported_lockfile - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -1899,7 +1747,6 @@ No issues found [TestCommand_CallAnalysis/Run_with_govulncheck - 1] Scanning dir ./testdata/call-analysis-go-project Scanned /testdata/call-analysis-go-project/go.mod file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -1922,7 +1769,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, [TestCommand_CallAnalysis/Run_with_govulncheck_all_uncalled - 1] Scanning dir ./testdata/call-analysis-go-project-all-uncalled Scanned /testdata/call-analysis-go-project-all-uncalled/go.mod file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -1939,7 +1785,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_CallAnalysis/Run_with_govulncheck_all_uncalled_but_enabled_all-vulns_flag - 1] Scanning dir ./testdata/call-analysis-go-project-all-uncalled Scanned /testdata/call-analysis-go-project-all-uncalled/go.mod file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -2010,9 +1855,8 @@ Total 8 packages affected by 28 known vulnerabilities (5 Critical, 5 High, 11 Me [TestCommand_CommitSupport/online_uses_git_commits - 1] Scanned /testdata/locks-git/osv-scanner.json file and found 11 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 Medium, 7 Low, 7 Unknown) from 1 ecosystem. +Total 11 packages affected by 53 known vulnerabilities (7 Critical, 13 High, 23 Medium, 4 Low, 6 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------+-----------------------------+---------------+-------------------------------------+ @@ -2029,13 +1873,9 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 | https://osv.dev/CVE-2025-26623 | 5.3 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-54080 | 1.8 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-55304 | 1.8 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-25884 | 2.7 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-27596 | 2.7 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-27631 | 2.7 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/OSV-2023-1161 | | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/OSV-2024-340 | | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2021-22569 | 5.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2022-1941 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2022-3171 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2022-3509 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2022-3510 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | @@ -2051,6 +1891,7 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9231 | 6.5 | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json | +| https://osv.dev/CVE-2016-2183 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-11187 | 6.1 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-15467 | 9.8 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-15468 | 5.9 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | @@ -2060,12 +1901,12 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 | https://osv.dev/CVE-2025-69418 | 4.0 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-69419 | 7.4 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-69420 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | +| https://osv.dev/CVE-2025-69421 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9231 | 6.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-22795 | 5.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-22796 | 5.3 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-2673 | | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2023-6180 | 5.3 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-24898 | 6.3 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json | @@ -2086,7 +1927,6 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 [TestCommand_Config_UnusedIgnores/unused_ignores_are_reported_with_specific_config_and_file - 1] Scanning dir testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2096,15 +1936,13 @@ testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 - CVE-2022-1304 -Total 1 package affected by 3 known vulnerabilities (2 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -2121,7 +1959,6 @@ Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 pac Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 10 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2133,7 +1970,7 @@ Filtered 8 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 55 Medium, 3 Low, 25 Unknown) from 4 ecosystems. +Total 24 packages affected by 166 known vulnerabilities (21 Critical, 67 High, 52 Medium, 3 Low, 23 Unknown) from 4 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -2160,14 +1997,8 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/DSA-4685-1 | 5.5 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4808-1 | 5.7 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-0501 | 5.9 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2178,7 +2009,6 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/DLA-3482-1 | | Debian | debian-archive-keyring | 2017.5+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5147-1 | 9.8 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-6297 | 8.2 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2219 | 7.5 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4535-1 | 7.5 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2019-5188 | 6.7 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5122-1 | 8.8 | Debian | gzip | 1.6-5+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2289,7 +2119,6 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2337,7 +2166,6 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2354,7 +2182,6 @@ Scanning dir testdata/sbom-insecure/alpine.cdx.xml Scanning dir testdata/sbom-insecure/postgres-stretch.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 2 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2364,7 +2191,7 @@ Filtered 6 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 53 Medium, 3 Low, 25 Unknown) from 3 ecosystems. +Total 22 packages affected by 164 known vulnerabilities (19 Critical, 67 High, 52 Medium, 3 Low, 23 Unknown) from 3 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -2391,8 +2218,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/DSA-4685-1 | 5.5 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4808-1 | 5.7 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-0501 | 5.9 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2403,7 +2228,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/DLA-3482-1 | | Debian | debian-archive-keyring | 2017.5+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5147-1 | 9.8 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-6297 | 8.2 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2219 | 7.5 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4535-1 | 7.5 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2019-5188 | 6.7 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5122-1 | 8.8 | Debian | gzip | 1.6-5+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2514,7 +2338,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2562,7 +2385,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2586,7 +2408,6 @@ flag needs an argument: --experimental-plugins= --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_specified_individually - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2596,7 +2417,6 @@ No package sources found, --help for usage information. --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_specified_together - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2606,7 +2426,6 @@ No package sources found, --help for usage information. --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2621,7 +2440,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2637,7 +2455,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2653,7 +2470,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -2672,7 +2488,6 @@ Scanning dir ./testdata/locks-many Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2688,7 +2503,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2701,7 +2515,6 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_different_extractor_enabled - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2714,7 +2527,6 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_specific_extractor_enabled - 1] Scanning dir ./testdata/locks-many/package-lock.json Scanned /testdata/locks-many/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2818,7 +2630,6 @@ Scanning dir ./testdata/locks-many Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2880,13 +2691,6 @@ could not determine extractor, requested package-lock.json "type": "lockfile" }, "packages": [ - { - "package": { - "name": "stdlib", - "version": "1.999.1", - "ecosystem": "Go" - } - }, { "package": { "name": "toolchain", @@ -2909,7 +2713,6 @@ could not determine extractor, requested package-lock.json [TestCommand_Filter/Show_all_Packages_with_empty_config - 2] Scanned /testdata/locks-insecure/osv-scanner-with-unscannables.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. --- @@ -2930,7 +2733,6 @@ Filtered 1 local/unscannable package/s from the scan. [TestCommand_FlagDeprecatedPackages/package_deprecated_false_no_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/clean/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/clean/Cargo.lock file and found 5 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2967,7 +2769,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_FlagDeprecatedPackages/package_deprecated_npm_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-npm/package-lock.json Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-npm/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -3004,14 +2805,12 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_FlagDeprecatedPackages/package_deprecated_true_no_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock file and found 36 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_FlagDeprecatedPackages/package_deprecated_true_no_vuln_table - 1] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock file and found 36 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3072,14 +2871,12 @@ Total 1 package deprecated. [TestCommand_FlagDeprecatedPackages/package_deprecated_true_with_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock file and found 7 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_FlagDeprecatedPackages/package_deprecated_true_with_vuln_table - 1] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock file and found 7 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -3110,7 +2907,6 @@ Total 1 package deprecated. [TestCommand_GithubActions/scanning_osv-scanner_custom_format - 1] Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3297,7 +3093,7 @@ Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Mediu ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3314,15 +3110,13 @@ Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Mediu [TestCommand_GithubActions/scanning_osv-scanner_custom_format_output_json - 2] Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_GithubActions/scanning_osv-scanner_custom_format_with_git_tag - 1] Scanned /testdata/locks-insecure/osv-scanner-custom-git-tag.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 1 package affected by 45 known vulnerabilities (5 Critical, 17 High, 23 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+ @@ -3330,40 +3124,45 @@ Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Me +--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+ | https://osv.dev/CVE-2016-2177 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2016-2182 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2021-3449 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-2274 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-3358 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2022-3602 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2022-3786 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-3996 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-4203 | 4.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-4304 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-4450 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0215 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | -| https://osv.dev/CVE-2023-0216 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0217 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0286 | 7.4 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | -| https://osv.dev/CVE-2023-0401 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0464 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0465 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0466 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-1255 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-2650 | 6.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-2975 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2023-3446 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-3817 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-4807 | 7.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-5363 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-5678 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-6129 | 6.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-6237 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2024-0727 | 5.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-13176 | 4.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-2511 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-4603 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-4741 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-5535 | 9.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2024-6119 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-9143 | 4.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-15467 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-68160 | 4.7 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69418 | 4.0 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69419 | 7.4 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69420 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2025-69421 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2026-22795 | 5.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | @@ -3383,7 +3182,6 @@ Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Me [TestCommand_HtmlFile - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml HTML output available at: /report.html @@ -3397,7 +3195,6 @@ HTML output available at: /report.html Warning: --output has been deprecated in favor of --output-file Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml HTML output available at: /report.html @@ -3407,16 +3204,14 @@ HTML output available at: /report.html Scanning dir ./testdata/artifact/javareach_test.jar Java reachability enricher marked 14 packages as unreachable Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. failed to download package err jar not found: https://repo1.maven.org/maven2/com/example/hello-tester/1.0-SNAPSHOT/hello-tester-1.0-SNAPSHOT.jar -Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -55 vulnerabilities can be fixed. +Total 4 packages affected by 53 known vulnerabilities (18 Critical, 29 High, 5 Medium, 1 Low, 0 Unknown) from 1 ecosystem. +53 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ -| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar | @@ -3470,7 +3265,6 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 M | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-wjpw-4j6x-6rwh | 3.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.31 | testdata/artifact/javareach_test.jar | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | Uncalled vulnerabilities | | | | | | | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ @@ -3491,10 +3285,9 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 M [TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis_and_disabled_enricher - 1] Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -60 vulnerabilities can be fixed. +Total 8 packages affected by 60 known vulnerabilities (18 Critical, 32 High, 8 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +59 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3555,7 +3348,6 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-wjpw-4j6x-6rwh | 3.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.31 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-3gh6-v5v9-6v9j | 3.5 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-gwcr-j4wh-j3cq | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.41 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j26w-f9rq-mr2q | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.54 | testdata/artifact/javareach_test.jar | @@ -3571,16 +3363,14 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M [TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis - 1] Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -60 vulnerabilities can be fixed. +Total 8 packages affected by 59 known vulnerabilities (18 Critical, 31 High, 8 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +58 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | https://osv.dev/GHSA-c28r-hw5m-5gv3 | 7.9 | Maven | com.amazonaws:aws-java-sdk-s3 | 1.11.327 | 1.12.261 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar | @@ -3635,7 +3425,6 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-wjpw-4j6x-6rwh | 3.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.31 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-3gh6-v5v9-6v9j | 3.5 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-gwcr-j4wh-j3cq | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.41 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j26w-f9rq-mr2q | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.54 | testdata/artifact/javareach_test.jar | @@ -3678,14 +3467,12 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M [TestCommand_Licenses/Licenses_in_summary_mode_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/Licenses_with_expressions - 1] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. overriding license for package npm/babel/6.23.0 with MIT AND (LGPL-2.1-or-later OR BSD-3-Clause) overriding license for package npm/human-signals/5.0.0 with LGPL-2.1-only OR MIT OR BSD-3-Clause overriding license for package npm/ms/2.1.3 with MIT WITH Bison-exception-2.2 @@ -3716,7 +3503,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_Licenses/Licenses_with_invalid_expression_in_config - 1] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. overriding license for package npm/babel/6.23.0 with MIT AND (LGPL-2.1-or-later OR BSD-3-Clause)) overriding license for package npm/human-signals/5.0.0 with LGPL-2.1-only OR OR BSD-3-Clause overriding license for package npm/ms/2.1.3 with MIT WITH (Bison-exception-2.2 AND somethingelse) @@ -3838,14 +3624,12 @@ license MIT WITH (Bison-exception-2.2 AND somethingelse) for package npm/ms/2.1. [TestCommand_Licenses/No_license_violations_and_show-all-packages_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/No_vulnerabilities_but_license_violations_with_allowlist - 1] Scanning dir ./testdata/locks-many/yarn.lock Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3873,7 +3657,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -3899,7 +3682,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -3996,7 +3778,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_Licenses/Show_all_Packages_with_license_summary_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -4010,7 +3791,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package npm/has-flag/4.0.0 has been filtered out because: (no reason given) Package npm/wrappy/1.0.2 has been filtered out because: (no reason given) Package npm/ansi-html/0.0.8 has been filtered out because: (no reason given) @@ -4032,13 +3812,12 @@ Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, +---------+-------------------------+ | 0BSD | 2 | | MIT | 1 | -| UNKNOWN | 2 | +| UNKNOWN | 1 | +---------+-------------------------+ +-------------------+-----------+------------------+---------+-------------------------------------------------+ | LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | +-------------------+-----------+------------------+---------+-------------------------------------------------+ | 0BSD | Packagist | league/flysystem | 1.0.8 | testdata/locks-insecure/composer.lock | -| UNKNOWN | Go | stdlib | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | Go | toolchain | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | 0BSD | Packagist | sentry/sdk | 2.0.4 | testdata/locks-many/composer.lock | +-------------------+-----------+------------------+---------+-------------------------------------------------+ @@ -4133,7 +3912,6 @@ Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, [TestCommand_Licenses/Some_packages_with_license_violations_and_show-all-packages_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -4191,14 +3969,12 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_Licenses/Some_packages_with_license_violations_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/Vulnerabilities_and_all_license_violations_allowlisted - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -4223,7 +3999,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, [TestCommand_Licenses/Vulnerabilities_and_license_summary - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -4248,7 +4023,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, [TestCommand_Licenses/Vulnerabilities_and_license_violations_with_allowlist - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5176,7 +4950,6 @@ could not load db for PyPI ecosystem: unable to fetch OSV database: no offline v [TestCommand_LockfileWithExplicitParseAs/"apk-installed"_is_supported - 1] Scanned /testdata/locks-many/installed file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5188,7 +4961,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/"dpkg-status"_is_supported - 1] Scanned /testdata/locks-many/status file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5200,7 +4972,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/absolute_paths_are_automatically_escaped_on_windows - 1] Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5222,7 +4993,6 @@ extraction failed on specified lockfile [TestCommand_LockfileWithExplicitParseAs/absolute_paths_work_with_explicit_escaping - 1] Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5234,7 +5004,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/empty_is_default - 1] Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5280,7 +5049,6 @@ Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/my-yarn.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 3 vulnerabilities can be fixed. @@ -5306,7 +5074,6 @@ Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/my-yarn.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 3 vulnerabilities can be fixed. @@ -5327,7 +5094,6 @@ Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medi [TestCommand_LockfileWithExplicitParseAs/one_lockfile_with_local_path - 1] Scanned /testdata/locks-many/replace-local.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. No issues found @@ -5362,7 +5128,6 @@ Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 2 known vulnerabilities (1 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 2 vulnerabilities can be fixed. @@ -5381,7 +5146,6 @@ Total 2 packages affected by 2 known vulnerabilities (1 Critical, 1 High, 0 Medi --- [TestCommand_MoreLockfiles/Package.resolved_-_Unsupported_ecosystem,_should_not_be_scanned - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5391,7 +5155,6 @@ could not determine extractor suitable to this file: "/testdata/locks-s --- [TestCommand_MoreLockfiles/Podfile.lock_-_Unsupported_ecosystem,_should_not_be_scanned - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5402,7 +5165,6 @@ could not determine extractor suitable to this file: "/testdata/locks-s [TestCommand_MoreLockfiles/cabal.project.freeze - 1] Scanned /testdata/locks-scalibr/cabal.project.freeze file and found 6 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5421,7 +5183,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/depsjson - 1] Scanned /testdata/locks-scalibr/depsjson file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5440,10 +5201,9 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/gems.locked - 1] Scanned /testdata/locks-scalibr/gems.locked file and found 26 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medium, 0 Low, 3 Unknown) from 1 ecosystem. -6 vulnerabilities can be fixed. +Total 2 packages affected by 5 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 3 Unknown) from 1 ecosystem. +5 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -5453,7 +5213,6 @@ Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medi | https://osv.dev/GHSA-5w6v-399v-w3cc | | RubyGems | nokogiri | 1.18.2 | 1.18.8 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-mrxw-mxhj-p664 | 7.8 | RubyGems | nokogiri | 1.18.2 | 1.18.4 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-vvfq-8hwr-qm4m | | RubyGems | nokogiri | 1.18.2 | 1.18.3 | testdata/locks-scalibr/gems.locked | -| https://osv.dev/GHSA-wx95-c6cv-8532 | 5.3 | RubyGems | nokogiri | 1.18.2 | 1.19.1 | testdata/locks-scalibr/gems.locked | +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ --- @@ -5464,7 +5223,6 @@ Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medi [TestCommand_MoreLockfiles/packages.config - 1] Scanned /testdata/locks-scalibr/packages.config file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -5475,7 +5233,6 @@ No issues found [TestCommand_MoreLockfiles/packages.lock.json - 1] Scanned /testdata/locks-scalibr/packages.lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -5486,7 +5243,6 @@ No issues found [TestCommand_MoreLockfiles/stack.yaml.lock - 1] Scanned /testdata/locks-scalibr/stack.yaml.lock file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -5497,7 +5253,6 @@ No issues found [TestCommand_MoreLockfiles/uv.lock - 1] Scanned /testdata/locks-scalibr/uv.lock file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 2 vulnerabilities can be fixed. @@ -5536,7 +5291,6 @@ No package sources found, --help for usage information. [TestCommand_Transitive/pom.xml_multiple_registries - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5571,7 +5325,6 @@ No issues found [TestCommand_Transitive/pom.xml_non_utf8_encoding - 1] Scanned /testdata/maven-transitive/encoding.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5603,7 +5356,6 @@ No issues found [TestCommand_Transitive/pom.xml_transitive_default - 1] Scanning dir ./testdata/maven-transitive/pom.xml Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 5 vulnerabilities can be fixed. @@ -5626,7 +5378,6 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu [TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - 1] Scanned /testdata/maven-transitive/abc.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 5 vulnerabilities can be fixed. @@ -5717,7 +5468,6 @@ Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/ Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j/2.14.1/log4j-2.14.1.pom Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/logging-parent/3/logging-parent-3.pom Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5741,7 +5491,6 @@ Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medi [TestCommand_Transitive/requirements.txt_enricher_requires_extractor - 1] Scanning dir ./testdata/locks-requirements/requirements-transitive.txt -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5819,7 +5568,6 @@ Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Med [TestCommand_Transitive/requirements.txt_resolution_fallback - 1] Scanning dir ./testdata/locks-requirements/unresolvable-requirements.txt Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 9 vulnerabilities can be fixed. @@ -5849,7 +5597,6 @@ Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medi [TestCommand_Transitive/requirements.txt_transitive_default - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 22 vulnerabilities can be fixed. @@ -5896,7 +5643,6 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me [TestCommand_Transitive/requirements.txt_transitive_native_source - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 22 vulnerabilities can be fixed. @@ -5944,7 +5690,6 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me [TestCommand_WithDetector_OffLinux/ssh_version_errors - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5957,7 +5702,6 @@ No issues found [TestCommand_WithDetector_OffLinux/ssh_version_is_after_last_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5970,7 +5714,6 @@ No issues found [TestCommand_WithDetector_OffLinux/ssh_version_is_before_first_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5984,7 +5727,6 @@ No issues found Scanning dir /composer.lock Command "ssh -V": exit status 1 Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5997,7 +5739,6 @@ No issues found [TestCommand_WithDetector_OnLinux/ssh_version_is_after_last_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -6010,7 +5751,6 @@ No issues found [TestCommand_WithDetector_OnLinux/ssh_version_is_before_first_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index 38277638bde..69201e91d54 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -53,106 +53,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 1024 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - }, - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/.gitignored_files - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 37 - body: | - { - "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} - ] - } - headers: - Content-Length: - - "37" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -402,7 +302,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2545 + content_length: 2349 body: | { "results": [ @@ -446,23 +346,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -470,7 +370,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -478,7 +378,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -490,47 +390,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -538,7 +438,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -546,27 +446,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] } @@ -574,7 +462,7 @@ interactions: } headers: Content-Length: - - "2545" + - "2349" Content-Type: - application/json status: 200 OK @@ -646,7 +534,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 5077 + content_length: 4685 body: | { "results": [ @@ -690,23 +578,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -714,7 +602,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -722,7 +610,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -734,47 +622,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -782,7 +670,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -790,27 +678,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -854,23 +730,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -878,7 +754,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -886,7 +762,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -898,47 +774,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -946,7 +822,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -954,27 +830,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] } @@ -982,7 +846,7 @@ interactions: } headers: Content-Length: - - "5077" + - "4685" Content-Type: - application/json status: 200 OK @@ -1047,7 +911,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2545 + content_length: 2349 body: | { "results": [ @@ -1091,23 +955,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -1115,7 +979,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -1123,7 +987,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -1135,47 +999,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -1183,7 +1047,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -1191,27 +1055,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] } @@ -1219,7 +1071,7 @@ interactions: } headers: Content-Length: - - "2545" + - "2349" Content-Type: - application/json status: 200 OK @@ -1375,7 +1227,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -1392,7 +1244,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -1403,19 +1255,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -1423,7 +1267,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -1799,7 +1643,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1281 + content_length: 1128 body: | { "results": [ @@ -1807,7 +1651,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -1818,11 +1662,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2025-11-20T12:19:03.518975Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2025-11-20T12:19:06.047365Z" } ] }, @@ -1841,25 +1685,14 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, {}, {}, {}, - { - "vulns": [ - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" - } - ] - }, + {}, { "vulns": [ { @@ -1909,7 +1742,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -1919,7 +1752,7 @@ interactions: } headers: Content-Length: - - "1281" + - "1128" Content-Type: - application/json status: 200 OK @@ -2496,7 +2329,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -2579,7 +2412,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -4257,7 +4090,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 22183 + content_length: 21592 body: | { "results": [ @@ -4265,15 +4098,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -4290,7 +4115,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -4301,19 +4126,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -4338,7 +4155,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-3374", - "modified": "2025-11-19T02:02:53.209453Z" + "modified": "2025-11-20T10:07:04.572010Z" }, { "id": "DEBIAN-CVE-2018-0501", @@ -4358,11 +4175,11 @@ interactions: }, { "id": "DSA-4685-1", - "modified": "2026-03-09T02:09:03.263738Z" + "modified": "2025-05-26T07:21:59.359875Z" }, { "id": "DSA-4808-1", - "modified": "2026-03-09T02:11:17.119108Z" + "modified": "2025-05-26T07:21:52.187597Z" } ] }, @@ -4376,7 +4193,7 @@ interactions: }, { "id": "DEBIAN-CVE-2022-3715", - "modified": "2025-11-19T01:08:50.887794Z" + "modified": "2025-11-20T10:15:59.798571Z" } ] }, @@ -4385,11 +4202,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-2781", - "modified": "2025-11-19T01:01:52.991827Z" + "modified": "2025-11-20T10:12:10.315580Z" }, { "id": "DEBIAN-CVE-2017-18018", - "modified": "2025-11-19T02:04:37.225425Z" + "modified": "2025-11-20T10:13:03.410084Z" }, { "id": "DEBIAN-CVE-2024-0684", @@ -4397,7 +4214,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-5278", - "modified": "2025-11-19T02:02:46.085480Z" + "modified": "2025-11-20T10:18:24.026350Z" } ] }, @@ -4407,7 +4224,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -4418,23 +4235,19 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1664", - "modified": "2025-11-19T02:02:46.659008Z" + "modified": "2025-11-20T10:15:48.083782Z" }, { "id": "DEBIAN-CVE-2025-6297", - "modified": "2025-11-19T02:04:34.056218Z" - }, - { - "id": "DEBIAN-CVE-2026-2219", - "modified": "2026-03-14T15:06:12.109941Z" + "modified": "2025-11-20T10:18:27.456848Z" }, { "id": "DLA-3022-1", - "modified": "2026-03-09T01:23:37.553205Z" + "modified": "2025-05-26T07:22:47.007443Z" }, { "id": "DSA-5147-1", - "modified": "2026-03-09T02:10:11.335992Z" + "modified": "2025-05-26T07:22:47.069263Z" } ] }, @@ -4451,15 +4264,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-1304", - "modified": "2025-11-19T02:02:38.540864Z" + "modified": "2025-11-20T10:15:47.847878Z" }, { "id": "DLA-3910-1", - "modified": "2026-03-09T01:22:32.343795Z" + "modified": "2025-05-26T07:22:45.827447Z" }, { "id": "DSA-4535-1", - "modified": "2026-03-09T02:10:12.902574Z" + "modified": "2025-05-26T07:21:16.735871Z" } ] }, @@ -4497,7 +4310,7 @@ interactions: }, { "id": "GHSA-v95c-p5hm-xq8f", - "modified": "2026-03-13T22:16:11.684125Z" + "modified": "2026-02-04T04:14:39.014326Z" }, { "id": "GHSA-vpvm-3wq2-2wvm", @@ -4513,19 +4326,19 @@ interactions: }, { "id": "GO-2022-0452", - "modified": "2026-02-04T03:17:02.340230Z" + "modified": "2026-02-05T00:56:58.617380Z" }, { "id": "GO-2023-1627", - "modified": "2026-02-04T03:58:42.107712Z" + "modified": "2026-02-04T06:40:30.956132Z" }, { "id": "GO-2023-1682", - "modified": "2026-02-04T02:59:23.815900Z" + "modified": "2026-02-05T01:12:55.466513Z" }, { "id": "GO-2023-1683", - "modified": "2026-02-04T04:01:58.343687Z" + "modified": "2026-02-04T06:56:17.304906Z" }, { "id": "GO-2024-2491", @@ -4533,7 +4346,7 @@ interactions: }, { "id": "GO-2024-3110", - "modified": "2026-02-04T02:23:26.560077Z" + "modified": "2026-02-04T17:25:12.514853Z" }, { "id": "GO-2025-4096", @@ -4545,7 +4358,7 @@ interactions: }, { "id": "GO-2025-4098", - "modified": "2026-02-04T02:52:46.004719Z" + "modified": "2026-02-05T09:13:43.863740Z" } ] }, @@ -4570,11 +4383,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DSA-5122-1", - "modified": "2026-03-09T02:09:10.163691Z" + "modified": "2025-05-26T07:22:45.579215Z" } ] }, @@ -4616,7 +4429,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-6829", - "modified": "2026-03-10T05:05:47.263837Z" + "modified": "2025-11-20T10:13:52.315674Z" }, { "id": "DEBIAN-CVE-2019-13627", @@ -4624,7 +4437,7 @@ interactions: }, { "id": "DEBIAN-CVE-2021-33560", - "modified": "2026-03-10T05:07:08.938163Z" + "modified": "2025-11-20T10:15:42.132245Z" }, { "id": "DEBIAN-CVE-2021-40528", @@ -4632,7 +4445,7 @@ interactions: }, { "id": "DEBIAN-CVE-2024-2236", - "modified": "2026-03-10T05:09:58.705229Z" + "modified": "2025-11-20T10:17:03.685651Z" } ] }, @@ -4698,27 +4511,27 @@ interactions: }, { "id": "DEBIAN-CVE-2021-46848", - "modified": "2025-11-19T02:01:15.883722Z" + "modified": "2025-11-20T10:15:14.681077Z" }, { "id": "DEBIAN-CVE-2024-12133", - "modified": "2025-11-19T01:12:36.661080Z" + "modified": "2025-11-20T10:17:02.620233Z" }, { "id": "DEBIAN-CVE-2025-13151", - "modified": "2026-01-20T05:01:23.018954Z" + "modified": "2026-01-20T05:13:20.502324Z" }, { "id": "DLA-3263-1", - "modified": "2026-03-09T01:22:34.273046Z" + "modified": "2025-05-26T07:22:42.617563Z" }, { "id": "DLA-4061-1", - "modified": "2026-03-09T01:20:16.124977Z" + "modified": "2025-05-26T07:23:58.435350Z" }, { "id": "DSA-5863-1", - "modified": "2026-03-09T02:08:50.747280Z" + "modified": "2025-05-26T07:23:58.495667Z" } ] }, @@ -4730,7 +4543,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-3709", - "modified": "2025-11-19T02:04:33.864716Z" + "modified": "2025-11-20T10:12:11.931996Z" }, { "id": "DEBIAN-CVE-2016-9318", @@ -4838,139 +4651,139 @@ interactions: }, { "id": "DEBIAN-CVE-2022-2309", - "modified": "2025-11-19T01:19:06.888Z" + "modified": "2025-11-20T10:15:28.694644Z" }, { "id": "DEBIAN-CVE-2022-23308", - "modified": "2025-11-19T02:01:18.152974Z" + "modified": "2025-11-20T10:15:29.029152Z" }, { "id": "DEBIAN-CVE-2022-29824", - "modified": "2025-11-19T02:04:38.738903Z" + "modified": "2025-11-20T10:15:52.814213Z" }, { "id": "DEBIAN-CVE-2022-40303", - "modified": "2025-11-19T01:01:57.785896Z" + "modified": "2025-11-20T10:16:01.982632Z" }, { "id": "DEBIAN-CVE-2022-40304", - "modified": "2025-11-19T01:06:26.094431Z" + "modified": "2025-11-20T10:16:01.918054Z" }, { "id": "DEBIAN-CVE-2022-49043", - "modified": "2025-11-19T02:02:50.782379Z" + "modified": "2025-11-20T10:16:12.358770Z" }, { "id": "DEBIAN-CVE-2023-28484", - "modified": "2025-11-19T01:19:08.743303Z" + "modified": "2025-11-20T10:16:35.199991Z" }, { "id": "DEBIAN-CVE-2023-29469", - "modified": "2025-11-19T01:19:08.724068Z" + "modified": "2025-11-20T10:17:34.943682Z" }, { "id": "DEBIAN-CVE-2023-39615", - "modified": "2025-11-19T02:02:52.012148Z" + "modified": "2025-11-20T10:16:41.593841Z" }, { "id": "DEBIAN-CVE-2023-45322", - "modified": "2025-11-19T01:06:25.116541Z" + "modified": "2025-11-20T10:16:44.891362Z" }, { "id": "DEBIAN-CVE-2024-25062", - "modified": "2025-11-19T01:08:46.580742Z" + "modified": "2025-11-20T10:17:04.986212Z" }, { "id": "DEBIAN-CVE-2024-34459", - "modified": "2025-11-19T02:02:47.091764Z" + "modified": "2025-11-20T10:17:41.570595Z" }, { "id": "DEBIAN-CVE-2024-56171", - "modified": "2025-11-19T02:02:52.483954Z" + "modified": "2025-11-20T10:17:48.605695Z" }, { "id": "DEBIAN-CVE-2025-24928", - "modified": "2025-11-19T02:02:46.051341Z" + "modified": "2025-11-20T10:18:05.778161Z" }, { "id": "DEBIAN-CVE-2025-27113", - "modified": "2025-11-19T01:03:10.967990Z" + "modified": "2025-11-20T10:18:06.358243Z" }, { "id": "DEBIAN-CVE-2025-32414", - "modified": "2025-11-19T01:03:12.180021Z" + "modified": "2025-11-20T10:18:08.076077Z" }, { "id": "DEBIAN-CVE-2025-32415", - "modified": "2025-11-19T01:19:04.543204Z" + "modified": "2025-11-20T10:18:08.251077Z" }, { "id": "DEBIAN-CVE-2025-49794", - "modified": "2025-11-19T02:02:44.020678Z" + "modified": "2025-11-20T10:18:23.322205Z" }, { "id": "DEBIAN-CVE-2025-49796", - "modified": "2025-11-19T01:04:38.934970Z" + "modified": "2025-11-20T10:18:23.585429Z" }, { "id": "DEBIAN-CVE-2025-6021", - "modified": "2025-11-19T01:19:06.898251Z" + "modified": "2025-11-20T10:18:26.314947Z" }, { "id": "DEBIAN-CVE-2025-6170", - "modified": "2025-11-19T02:02:49.894877Z" + "modified": "2025-11-20T10:18:26.670728Z" }, { "id": "DEBIAN-CVE-2025-8732", - "modified": "2025-12-14T10:01:32.599913Z" + "modified": "2025-12-14T10:13:26.467517Z" }, { "id": "DEBIAN-CVE-2025-9714", - "modified": "2026-01-10T14:00:56.039647Z" + "modified": "2026-01-10T14:08:12.148171Z" }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:01:10.004195Z" + "modified": "2026-01-16T11:05:07.928323Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:01:06.477646Z" + "modified": "2026-01-16T11:05:23.527352Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:01:12.961282Z" + "modified": "2026-01-16T11:05:10.515041Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:01:11.767706Z" + "modified": "2026-02-03T11:16:44.779248Z" }, { "id": "DLA-3012-1", - "modified": "2026-03-09T01:20:46.878115Z" + "modified": "2025-05-26T07:23:01.266561Z" }, { "id": "DLA-3172-1", - "modified": "2026-03-09T01:19:54.747665Z" + "modified": "2025-05-26T07:23:10.448009Z" }, { "id": "DLA-3405-1", - "modified": "2026-03-09T01:01:29.748040Z" + "modified": "2025-05-26T07:23:30.714665Z" }, { "id": "DLA-3878-1", - "modified": "2026-03-09T01:20:38.676387Z" + "modified": "2025-05-26T07:18:39.626843Z" }, { "id": "DLA-4064-1", - "modified": "2026-03-09T01:20:30.558703Z" + "modified": "2025-05-26T07:23:19.568188Z" }, { "id": "DLA-4146-1", - "modified": "2026-03-09T01:22:43.732573Z" + "modified": "2025-05-26T06:58:47.071983Z" }, { "id": "DLA-4251-1", - "modified": "2026-03-09T02:11:12.986866Z" + "modified": "2025-07-26T19:45:29.054316Z" }, { "id": "DLA-4319-1", @@ -4978,19 +4791,19 @@ interactions: }, { "id": "DSA-5142-1", - "modified": "2026-03-09T02:10:58.737631Z" + "modified": "2025-05-26T07:23:01.328825Z" }, { "id": "DSA-5271-1", - "modified": "2026-03-09T02:10:55.154283Z" + "modified": "2025-05-26T07:23:10.510965Z" }, { "id": "DSA-5391-1", - "modified": "2026-03-09T02:09:39.164621Z" + "modified": "2025-05-26T07:23:30.774960Z" }, { "id": "DSA-5949-1", - "modified": "2026-03-09T02:09:32.257423Z" + "modified": "2025-06-25T19:16:29.342484Z" }, { "id": "DSA-5990-1", @@ -5073,31 +4886,31 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3711", - "modified": "2025-11-19T01:03:12.176806Z" + "modified": "2025-11-20T10:15:44.121033Z" }, { "id": "DEBIAN-CVE-2021-3712", - "modified": "2025-11-19T01:06:25.943191Z" + "modified": "2025-11-20T10:15:44.130193Z" }, { "id": "DEBIAN-CVE-2021-4160", - "modified": "2025-11-19T02:02:49.031761Z" + "modified": "2025-11-20T10:15:10.185497Z" }, { "id": "DEBIAN-CVE-2022-0778", - "modified": "2025-11-19T01:19:03.832130Z" + "modified": "2025-11-20T10:15:47.332694Z" }, { "id": "DEBIAN-CVE-2022-1292", - "modified": "2025-11-19T02:02:51.844077Z" + "modified": "2025-11-20T10:15:25.471825Z" }, { "id": "DEBIAN-CVE-2022-2068", - "modified": "2025-11-19T02:02:42.085448Z" + "modified": "2025-11-20T10:15:27.022420Z" }, { "id": "DEBIAN-CVE-2022-2097", - "modified": "2025-11-19T01:02:00.163331Z" + "modified": "2025-11-20T10:15:27.065089Z" }, { "id": "DEBIAN-CVE-2022-2274", @@ -5125,15 +4938,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-4304", - "modified": "2025-11-19T01:12:34.364246Z" + "modified": "2025-11-20T10:16:04.313466Z" }, { "id": "DEBIAN-CVE-2022-4450", - "modified": "2025-11-19T01:03:13.857958Z" + "modified": "2025-11-20T10:16:05.367442Z" }, { "id": "DEBIAN-CVE-2023-0215", - "modified": "2025-11-19T02:01:14.351313Z" + "modified": "2025-11-20T10:16:27.838296Z" }, { "id": "DEBIAN-CVE-2023-0216", @@ -5145,7 +4958,7 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0286", - "modified": "2025-11-19T02:04:31.583209Z" + "modified": "2025-11-20T10:16:27.985311Z" }, { "id": "DEBIAN-CVE-2023-0401", @@ -5153,15 +4966,15 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0464", - "modified": "2025-11-19T02:02:47.611909Z" + "modified": "2025-11-20T10:16:28.057931Z" }, { "id": "DEBIAN-CVE-2023-0465", - "modified": "2025-11-19T01:19:04.585309Z" + "modified": "2025-11-20T10:16:28.143046Z" }, { "id": "DEBIAN-CVE-2023-0466", - "modified": "2025-11-19T02:02:51.634240Z" + "modified": "2025-11-20T10:16:28.053837Z" }, { "id": "DEBIAN-CVE-2023-1255", @@ -5169,39 +4982,39 @@ interactions: }, { "id": "DEBIAN-CVE-2023-2650", - "modified": "2025-11-19T01:06:23.059084Z" + "modified": "2025-11-20T10:17:34.439123Z" }, { "id": "DEBIAN-CVE-2023-2975", - "modified": "2025-11-19T01:12:34.218584Z" + "modified": "2025-11-20T10:16:36.112183Z" }, { "id": "DEBIAN-CVE-2023-3446", - "modified": "2025-11-19T02:02:48.905632Z" + "modified": "2025-11-20T10:16:38.860251Z" }, { "id": "DEBIAN-CVE-2023-3817", - "modified": "2025-11-19T01:08:51.044831Z" + "modified": "2025-11-20T10:17:35.737266Z" }, { "id": "DEBIAN-CVE-2023-5363", - "modified": "2025-11-19T02:04:32.554455Z" + "modified": "2025-11-20T10:16:59.430619Z" }, { "id": "DEBIAN-CVE-2023-5678", - "modified": "2025-11-19T01:04:41.738503Z" + "modified": "2025-11-20T10:17:38.719690Z" }, { "id": "DEBIAN-CVE-2023-6129", - "modified": "2025-11-19T01:01:55.283596Z" + "modified": "2025-11-20T10:17:39.029757Z" }, { "id": "DEBIAN-CVE-2023-6237", - "modified": "2025-11-19T02:02:39.792151Z" + "modified": "2025-11-20T10:17:39.218097Z" }, { "id": "DEBIAN-CVE-2024-0727", - "modified": "2025-11-19T01:04:40.537945Z" + "modified": "2025-11-20T10:17:01.258658Z" }, { "id": "DEBIAN-CVE-2024-12797", @@ -5209,51 +5022,51 @@ interactions: }, { "id": "DEBIAN-CVE-2024-13176", - "modified": "2026-01-10T14:00:51.432887Z" + "modified": "2026-01-10T14:06:53.941794Z" }, { "id": "DEBIAN-CVE-2024-2511", - "modified": "2025-11-19T02:04:38.588479Z" + "modified": "2025-11-20T10:17:05.139581Z" }, { "id": "DEBIAN-CVE-2024-4603", - "modified": "2025-11-19T02:04:28.636018Z" + "modified": "2025-11-20T10:17:43.955114Z" }, { "id": "DEBIAN-CVE-2024-4741", - "modified": "2025-11-19T01:01:56.969337Z" + "modified": "2025-11-20T10:17:26.990307Z" }, { "id": "DEBIAN-CVE-2024-5535", - "modified": "2025-11-19T02:02:53.246805Z" + "modified": "2025-11-20T10:17:48.194687Z" }, { "id": "DEBIAN-CVE-2024-6119", - "modified": "2025-11-19T02:04:35.555400Z" + "modified": "2025-11-20T10:17:53.824117Z" }, { "id": "DEBIAN-CVE-2024-9143", - "modified": "2025-11-19T01:01:56.791165Z" + "modified": "2025-11-20T10:17:55.864918Z" }, { "id": "DEBIAN-CVE-2025-11187", - "modified": "2026-02-01T20:01:22.848980Z" + "modified": "2026-02-01T20:15:44.382340Z" }, { "id": "DEBIAN-CVE-2025-15467", - "modified": "2026-02-26T08:01:15.079280Z" + "modified": "2026-02-01T20:16:03.195403Z" }, { "id": "DEBIAN-CVE-2025-15468", - "modified": "2026-02-01T20:01:21.279895Z" + "modified": "2026-02-01T20:15:50.413366Z" }, { "id": "DEBIAN-CVE-2025-15469", - "modified": "2026-02-01T20:01:16.747717Z" + "modified": "2026-02-01T20:15:56.347911Z" }, { "id": "DEBIAN-CVE-2025-27587", - "modified": "2025-11-19T01:03:13.852343Z" + "modified": "2025-11-20T10:18:06.745292Z" }, { "id": "DEBIAN-CVE-2025-4575", @@ -5261,143 +5074,135 @@ interactions: }, { "id": "DEBIAN-CVE-2025-66199", - "modified": "2026-02-01T20:01:23.308969Z" + "modified": "2026-02-01T20:15:59.468539Z" }, { "id": "DEBIAN-CVE-2025-68160", - "modified": "2026-02-23T15:01:30.829710Z" + "modified": "2026-02-01T20:15:53.558839Z" }, { "id": "DEBIAN-CVE-2025-69418", - "modified": "2026-02-23T15:01:34.534567Z" + "modified": "2026-02-01T20:16:10.273490Z" }, { "id": "DEBIAN-CVE-2025-69419", - "modified": "2026-02-23T15:01:26.866129Z" + "modified": "2026-02-01T20:16:13.803909Z" }, { "id": "DEBIAN-CVE-2025-69420", - "modified": "2026-02-23T15:01:24.396408Z" + "modified": "2026-02-01T20:15:47.671017Z" }, { "id": "DEBIAN-CVE-2025-69421", - "modified": "2026-02-23T15:01:33.767596Z" + "modified": "2026-02-03T11:16:34.961716Z" }, { "id": "DEBIAN-CVE-2025-9230", - "modified": "2025-11-19T02:02:49.060854Z" + "modified": "2025-11-20T10:18:28.690398Z" }, { "id": "DEBIAN-CVE-2025-9231", - "modified": "2025-11-19T02:04:23.949464Z" + "modified": "2025-11-20T10:18:28.713979Z" }, { "id": "DEBIAN-CVE-2025-9232", - "modified": "2025-11-19T02:02:53.725801Z" + "modified": "2025-11-20T10:18:28.748819Z" }, { "id": "DEBIAN-CVE-2026-22795", - "modified": "2026-02-23T15:01:35.146488Z" + "modified": "2026-02-01T20:15:40.679029Z" }, { "id": "DEBIAN-CVE-2026-22796", - "modified": "2026-02-23T15:01:28.414591Z" - }, - { - "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-14T16:48:13.279039Z" + "modified": "2026-02-01T20:16:16.928963Z" }, { "id": "DLA-3008-1", - "modified": "2026-03-09T01:23:33.375630Z" + "modified": "2025-05-26T07:22:45.706031Z" }, { "id": "DLA-3325-1", - "modified": "2026-03-09T01:19:40.983935Z" + "modified": "2025-05-26T07:22:47.806974Z" }, { "id": "DLA-3449-1", - "modified": "2026-03-09T01:22:47.322805Z" + "modified": "2025-05-26T07:23:20.191820Z" }, { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" }, { "id": "DLA-3942-1", - "modified": "2026-03-09T01:22:40.686044Z" + "modified": "2025-05-26T07:23:52.994725Z" }, { "id": "DLA-3942-2", - "modified": "2026-03-09T01:21:01.728730Z" + "modified": "2025-05-26T07:23:53.056205Z" }, { "id": "DLA-4176-1", - "modified": "2026-03-09T01:20:23.459313Z" + "modified": "2025-05-26T07:02:17.127596Z" }, { "id": "DLA-4321-1", "modified": "2025-10-03T16:33:24.717173Z" }, - { - "id": "DLA-4490-1", - "modified": "2026-02-23T10:30:28.927832Z" - }, { "id": "DSA-4539-1", - "modified": "2026-03-09T02:09:20.276054Z" + "modified": "2025-05-26T07:20:57.698150Z" }, { "id": "DSA-4539-3", - "modified": "2019-10-13T00:00:00Z" + "modified": "2025-05-26T07:05:14.261652Z" }, { "id": "DSA-4661-1", - "modified": "2026-03-09T02:08:53.792348Z" + "modified": "2025-05-26T07:21:44.983880Z" }, { "id": "DSA-4807-1", - "modified": "2026-03-09T02:10:20.442914Z" + "modified": "2025-05-26T07:21:45.227381Z" }, { "id": "DSA-4855-1", - "modified": "2026-03-09T02:11:29.405206Z" + "modified": "2025-05-26T07:20:57.944135Z" }, { "id": "DSA-4875-1", - "modified": "2026-03-09T02:10:05.387501Z" + "modified": "2025-05-26T07:22:25.295971Z" }, { "id": "DSA-4963-1", - "modified": "2026-03-09T02:10:15.488747Z" + "modified": "2025-05-26T07:22:29.610492Z" }, { "id": "DSA-5103-1", - "modified": "2026-03-09T02:09:42.407559Z" + "modified": "2025-05-26T07:22:36.298650Z" }, { "id": "DSA-5139-1", - "modified": "2026-03-09T02:09:17.334653Z" + "modified": "2025-05-26T07:22:45.765450Z" }, { "id": "DSA-5169-1", - "modified": "2026-03-09T02:09:37.692763Z" + "modified": "2025-05-26T07:22:47.687377Z" }, { "id": "DSA-5343-1", - "modified": "2026-03-09T02:09:47.149297Z" + "modified": "2025-05-26T07:22:47.870882Z" }, { "id": "DSA-5417-1", - "modified": "2026-03-09T02:09:39.950679Z" + "modified": "2025-05-26T07:23:20.254324Z" }, { "id": "DSA-5532-1", - "modified": "2026-03-09T02:08:31.395482Z" + "modified": "2025-05-26T07:23:52.176093Z" }, { "id": "DSA-5764-1", - "modified": "2026-03-09T02:09:02.723874Z" + "modified": "2025-05-26T07:24:15.576601Z" }, { "id": "DSA-6015-1", @@ -5405,7 +5210,7 @@ interactions: }, { "id": "DSA-6113-1", - "modified": "2026-01-27T20:30:04.397078Z" + "modified": "2026-01-27T20:15:37.634049Z" } ] }, @@ -5414,7 +5219,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-4116", - "modified": "2025-11-19T01:08:48.534508Z" + "modified": "2025-11-20T10:10:50.058601Z" }, { "id": "DEBIAN-CVE-2017-12837", @@ -5470,11 +5275,11 @@ interactions: }, { "id": "DEBIAN-CVE-2020-16156", - "modified": "2025-11-19T02:04:25.146090Z" + "modified": "2025-11-20T10:14:36.701112Z" }, { "id": "DEBIAN-CVE-2021-36770", - "modified": "2025-11-19T01:08:50.244924Z" + "modified": "2025-11-20T10:15:44.080114Z" }, { "id": "DEBIAN-CVE-2022-48522", @@ -5482,31 +5287,31 @@ interactions: }, { "id": "DEBIAN-CVE-2023-31484", - "modified": "2025-11-19T01:01:55.072028Z" + "modified": "2025-11-20T10:17:35.627220Z" }, { "id": "DEBIAN-CVE-2023-31486", - "modified": "2025-11-19T01:06:23.122275Z" + "modified": "2025-11-20T10:17:36.081192Z" }, { "id": "DEBIAN-CVE-2023-47038", - "modified": "2025-11-19T02:02:47.808046Z" + "modified": "2025-11-20T10:16:46.343364Z" }, { "id": "DEBIAN-CVE-2024-56406", - "modified": "2025-11-19T02:04:37.240014Z" + "modified": "2025-11-20T10:17:48.686371Z" }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-19T01:12:36.316842Z" + "modified": "2025-11-20T10:18:21.143971Z" }, { "id": "DLA-3926-1", - "modified": "2026-03-09T01:20:46.118633Z" + "modified": "2025-05-26T07:21:42.385892Z" }, { "id": "DSA-5902-1", - "modified": "2026-03-09T02:09:19.793163Z" + "modified": "2025-05-26T07:24:14.898997Z" } ] }, @@ -5518,35 +5323,35 @@ interactions: "vulns": [ { "id": "DLA-3072-1", - "modified": "2026-03-09T01:22:24.680239Z" + "modified": "2025-05-26T07:22:56.848703Z" }, { "id": "DLA-3189-1", - "modified": "2022-11-15T00:00:00Z" + "modified": "2025-05-26T07:01:07.887113Z" }, { "id": "DLA-3316-1", - "modified": "2023-02-10T00:00:00Z" + "modified": "2025-05-26T07:01:13.127412Z" }, { "id": "DLA-3422-1", - "modified": "2026-03-09T01:20:56.692752Z" + "modified": "2025-05-26T07:23:26.375715Z" }, { "id": "DLA-3600-1", - "modified": "2026-03-09T01:17:49.966197Z" + "modified": "2025-05-26T07:23:40.030714Z" }, { "id": "DLA-3651-1", - "modified": "2026-03-09T01:18:05.310519Z" + "modified": "2025-05-26T07:23:53.368012Z" }, { "id": "DLA-3764-1", - "modified": "2026-03-09T01:23:22.273526Z" + "modified": "2025-05-26T07:23:55.849014Z" }, { "id": "DSA-5135-1", - "modified": "2026-03-09T02:11:21.646978Z" + "modified": "2025-05-26T07:22:46.760638Z" } ] }, @@ -5569,7 +5374,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2005-2541", - "modified": "2025-11-19T02:02:39.239715Z" + "modified": "2025-11-20T10:09:01.923782Z" }, { "id": "DEBIAN-CVE-2018-20482", @@ -5585,15 +5390,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-48303", - "modified": "2025-11-19T01:01:59.298206Z" + "modified": "2025-11-20T10:16:07.552593Z" }, { "id": "DEBIAN-CVE-2023-39804", - "modified": "2025-11-19T02:02:53.596262Z" + "modified": "2025-11-20T10:16:41.587973Z" }, { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -5601,47 +5406,47 @@ interactions: "vulns": [ { "id": "DLA-3051-1", - "modified": "2022-06-15T00:00:00Z" + "modified": "2025-05-26T07:01:56.257796Z" }, { "id": "DLA-3134-1", - "modified": "2022-10-03T00:00:00Z" + "modified": "2025-05-26T07:01:01.500124Z" }, { "id": "DLA-3161-1", - "modified": "2022-10-26T00:00:00Z" + "modified": "2025-05-26T07:01:03.882213Z" }, { "id": "DLA-3366-1", - "modified": "2023-03-24T00:00:00Z" + "modified": "2025-05-26T07:01:17.027142Z" }, { "id": "DLA-3412-1", - "modified": "2023-05-02T00:00:00Z" + "modified": "2025-05-26T07:01:20.109212Z" }, { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" }, { "id": "DLA-3972-1", - "modified": "2024-11-28T00:00:00Z" + "modified": "2025-05-26T07:02:05.284676Z" }, { "id": "DLA-4085-1", - "modified": "2025-03-18T00:00:00Z" + "modified": "2025-05-26T07:02:10.958749Z" }, { "id": "DLA-4105-1", - "modified": "2025-04-01T00:00:00Z" + "modified": "2025-05-26T07:02:13.921097Z" }, { "id": "DLA-4403-1", - "modified": "2025-12-12T00:00:00Z" + "modified": "2025-12-12T10:13:37.154747Z" } ] }, @@ -5649,7 +5454,7 @@ interactions: "vulns": [ { "id": "DLA-4016-1", - "modified": "2025-01-16T00:00:00Z" + "modified": "2025-05-26T07:02:06.504254Z" } ] }, @@ -5661,7 +5466,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-7738", - "modified": "2025-11-19T02:04:41.803240Z" + "modified": "2025-11-20T10:13:54.493707Z" }, { "id": "DEBIAN-CVE-2021-37600", @@ -5669,39 +5474,35 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3995", - "modified": "2025-11-19T01:12:36.252792Z" + "modified": "2025-11-20T10:15:45.587792Z" }, { "id": "DEBIAN-CVE-2021-3996", - "modified": "2025-11-19T02:02:48.032233Z" + "modified": "2025-11-20T10:15:45.602424Z" }, { "id": "DEBIAN-CVE-2022-0563", - "modified": "2025-11-19T01:01:57.875266Z" + "modified": "2025-11-20T10:15:24.228408Z" }, { "id": "DEBIAN-CVE-2024-28085", - "modified": "2025-11-19T01:02:00.375077Z" + "modified": "2025-11-20T10:17:41.612682Z" }, { "id": "DEBIAN-CVE-2025-14104", - "modified": "2026-03-05T17:00:58.361610Z" - }, - { - "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2025-12-29T10:11:41.788817Z" }, { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" }, { "id": "DSA-5055-1", - "modified": "2026-03-09T02:10:40.826335Z" + "modified": "2025-05-26T07:22:33.646795Z" }, { "id": "DSA-5650-1", - "modified": "2026-03-09T02:08:30.371343Z" + "modified": "2025-05-26T07:24:03.887524Z" } ] }, @@ -5709,7 +5510,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DEBIAN-CVE-2024-3094", @@ -5717,15 +5518,15 @@ interactions: }, { "id": "DEBIAN-CVE-2025-31115", - "modified": "2025-11-19T02:02:42.561876Z" + "modified": "2025-11-20T10:18:07.484724Z" }, { "id": "DSA-5123-1", - "modified": "2026-03-09T02:10:46.054497Z" + "modified": "2025-05-26T07:22:45.643786Z" }, { "id": "DSA-5895-1", - "modified": "2026-03-09T02:08:52.515269Z" + "modified": "2025-05-26T07:24:22.556406Z" } ] }, @@ -5744,7 +5545,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -5755,19 +5556,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -5775,7 +5568,7 @@ interactions: } headers: Content-Length: - - "22183" + - "21592" Content-Type: - application/json status: 200 OK @@ -5868,7 +5661,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1549 + content_length: 1353 body: | { "results": [ @@ -5884,47 +5677,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -5932,7 +5725,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -5940,23 +5733,11 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" + "modified": "2026-02-04T02:59:19.152891Z" } ] }, @@ -5972,7 +5753,7 @@ interactions: }, { "id": "GO-2026-4433", - "modified": "2026-03-02T10:44:08.411132Z" + "modified": "2026-02-10T12:58:52.032392Z" } ] } @@ -5980,7 +5761,7 @@ interactions: } headers: Content-Length: - - "1549" + - "1353" Content-Type: - application/json status: 200 OK @@ -6639,7 +6420,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -6656,7 +6437,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -6667,19 +6448,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -6687,7 +6460,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -6813,7 +6586,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -6830,7 +6603,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -6841,19 +6614,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -6861,7 +6626,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -7187,7 +6952,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -7204,7 +6969,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -7215,19 +6980,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -7235,7 +6992,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -7361,7 +7118,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -7378,7 +7135,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -7389,19 +7146,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -7409,7 +7158,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -7630,16 +7379,12 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4809 + content_length: 4450 body: | { "results": [ { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7650,14 +7395,7 @@ interactions: } ] }, - { - "vulns": [ - { - "id": "GHSA-3936-cmfr-pm3m", - "modified": "2026-03-14T01:46:41.190718Z" - } - ] - }, + {}, { "vulns": [ { @@ -7696,10 +7434,6 @@ interactions: }, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7861,10 +7595,6 @@ interactions: }, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7898,10 +7628,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7960,7 +7686,7 @@ interactions: } headers: Content-Length: - - "4809" + - "4450" Content-Type: - application/json status: 200 OK @@ -8033,7 +7759,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml index aa995f4b635..bc688bbb622 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml @@ -56,7 +56,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 3821 + content_length: 3627 body: | { "results": [ @@ -88,43 +88,31 @@ interactions: "vulns": [ { "id": "CVE-2023-44398", - "modified": "2026-03-14T12:15:05.895469Z" + "modified": "2026-02-04T03:41:11.470088Z" }, { "id": "CVE-2024-24826", - "modified": "2026-03-14T12:31:29.719981Z" + "modified": "2026-02-04T02:26:53.684677Z" }, { "id": "CVE-2024-25112", - "modified": "2026-03-14T12:27:30.328627Z" + "modified": "2026-02-04T02:37:14.709755Z" }, { "id": "CVE-2024-39695", - "modified": "2026-03-14T12:34:50.263863Z" + "modified": "2026-02-04T03:14:25.349363Z" }, { "id": "CVE-2025-26623", - "modified": "2026-03-08T15:58:57.067224Z" + "modified": "2026-02-04T03:56:03.433125Z" }, { "id": "CVE-2025-54080", - "modified": "2026-03-08T15:58:53.801236Z" + "modified": "2025-12-05T10:19:44.470703Z" }, { "id": "CVE-2025-55304", - "modified": "2026-03-08T15:59:02.674652Z" - }, - { - "id": "CVE-2026-25884", - "modified": "2026-03-08T15:58:58.717366Z" - }, - { - "id": "CVE-2026-27596", - "modified": "2026-03-03T02:56:32.656501Z" - }, - { - "id": "CVE-2026-27631", - "modified": "2026-03-08T16:18:26.088498Z" + "modified": "2025-12-05T10:20:18.929451Z" }, { "id": "OSV-2023-1161", @@ -132,7 +120,7 @@ interactions: }, { "id": "OSV-2024-340", - "modified": "2026-03-15T14:25:46.861264Z" + "modified": "2026-02-10T14:19:49.199805Z" }, { "id": "PYSEC-2023-233", @@ -144,31 +132,27 @@ interactions: "vulns": [ { "id": "CVE-2021-22569", - "modified": "2026-03-15T14:08:15.471655Z" - }, - { - "id": "CVE-2022-1941", - "modified": "2026-03-15T14:46:49.579973Z" + "modified": "2026-02-05T06:11:26.110922Z" }, { "id": "CVE-2022-3171", - "modified": "2026-03-14T15:01:36.349851Z" + "modified": "2026-02-06T04:36:05.194043Z" }, { "id": "CVE-2022-3509", - "modified": "2026-03-14T11:46:42.854777Z" + "modified": "2026-02-10T04:36:28.552049Z" }, { "id": "CVE-2022-3510", - "modified": "2026-03-14T11:46:31.172987Z" + "modified": "2026-02-10T04:36:33.474216Z" }, { "id": "CVE-2024-2410", - "modified": "2026-03-14T12:30:27.419430Z" + "modified": "2025-11-23T18:15:05.493990Z" }, { "id": "CVE-2024-7254", - "modified": "2026-03-12T17:24:46.870042Z" + "modified": "2026-02-11T01:13:18.446737Z" } ] }, @@ -184,11 +168,11 @@ interactions: "vulns": [ { "id": "CVE-2024-51757", - "modified": "2026-03-14T12:38:40.503950Z" + "modified": "2025-12-05T07:18:50.040081Z" }, { "id": "CVE-2025-61927", - "modified": "2026-03-14T12:44:19.001278Z" + "modified": "2025-12-05T10:21:07.408729Z" }, { "id": "CVE-2025-62410", @@ -200,91 +184,95 @@ interactions: "vulns": [ { "id": "CVE-2024-12797", - "modified": "2026-03-15T14:13:01.994465Z" + "modified": "2026-02-04T02:22:27.281434Z" }, { "id": "CVE-2024-13176", - "modified": "2026-03-15T14:51:45.713332Z" + "modified": "2026-02-10T04:39:15.938128Z" }, { "id": "CVE-2024-9143", - "modified": "2026-03-15T14:52:43.827010Z" + "modified": "2026-02-09T05:19:22.729717Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-15T14:54:18.484012Z" + "modified": "2026-02-04T03:20:05.701563Z" }, { "id": "CVE-2025-9231", - "modified": "2026-03-15T14:54:14.243650Z" + "modified": "2026-02-04T03:53:37.207871Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-15T14:54:15.246161Z" + "modified": "2026-02-04T03:11:15.966181Z" } ] }, { "vulns": [ + { + "id": "CVE-2016-2183", + "modified": "2026-02-06T22:14:42.576939Z" + }, { "id": "CVE-2025-11187", - "modified": "2026-03-13T22:14:04.753650Z" + "modified": "2026-02-11T02:51:53.937348Z" }, { "id": "CVE-2025-15467", - "modified": "2026-03-15T14:53:03.311608Z" + "modified": "2026-02-11T02:52:15.745075Z" }, { "id": "CVE-2025-15468", - "modified": "2026-03-15T14:53:05.662612Z" + "modified": "2026-02-11T02:52:08.129090Z" }, { "id": "CVE-2025-15469", - "modified": "2026-03-15T14:52:52.732682Z" + "modified": "2026-02-11T02:52:12.448139Z" }, { "id": "CVE-2025-66199", - "modified": "2026-03-15T14:15:22.516013Z" + "modified": "2026-02-11T02:56:47.234597Z" }, { "id": "CVE-2025-68160", - "modified": "2026-03-15T14:54:12.653472Z" + "modified": "2026-02-11T01:38:55.882307Z" }, { "id": "CVE-2025-69418", - "modified": "2026-03-14T12:45:25.725090Z" + "modified": "2026-02-11T01:49:18.912304Z" }, { "id": "CVE-2025-69419", - "modified": "2026-03-15T14:54:15.145493Z" + "modified": "2026-02-11T01:49:18.331310Z" }, { "id": "CVE-2025-69420", - "modified": "2026-03-15T14:54:02.448397Z" + "modified": "2026-02-11T01:50:20.280417Z" + }, + { + "id": "CVE-2025-69421", + "modified": "2026-02-11T01:50:20.995301Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-15T14:54:18.484012Z" + "modified": "2026-02-04T03:20:05.701563Z" }, { "id": "CVE-2025-9231", - "modified": "2026-03-15T14:54:14.243650Z" + "modified": "2026-02-04T03:53:37.207871Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-15T14:54:15.246161Z" + "modified": "2026-02-04T03:11:15.966181Z" }, { "id": "CVE-2026-22795", - "modified": "2026-03-15T14:55:17.107605Z" + "modified": "2026-02-04T21:35:16.876104Z" }, { "id": "CVE-2026-22796", - "modified": "2026-03-14T15:07:15.748012Z" - }, - { - "id": "CVE-2026-2673", - "modified": "2026-03-15T14:54:45.482332Z" + "modified": "2026-02-04T21:35:18.187133Z" } ] }, @@ -292,11 +280,11 @@ interactions: "vulns": [ { "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" + "modified": "2026-02-04T19:13:47.392964Z" }, { "id": "CVE-2023-6180", - "modified": "2026-03-13T21:59:51.199646Z" + "modified": "2026-02-04T09:41:59.254101Z" }, { "id": "CVE-2025-24898", @@ -304,7 +292,7 @@ interactions: }, { "id": "CVE-2025-3416", - "modified": "2026-03-14T15:04:13.605678Z" + "modified": "2026-02-04T04:35:26.013846Z" } ] }, @@ -312,23 +300,23 @@ interactions: "vulns": [ { "id": "CVE-2016-10931", - "modified": "2026-03-14T09:18:29.278606Z" + "modified": "2025-11-20T10:24:03.340401Z" }, { "id": "CVE-2018-20997", - "modified": "2026-03-14T09:29:08.646634Z" + "modified": "2025-11-20T10:49:27.770050Z" }, { "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" + "modified": "2026-02-04T19:13:47.392964Z" }, { "id": "CVE-2023-6180", - "modified": "2026-03-13T21:59:51.199646Z" + "modified": "2026-02-04T09:41:59.254101Z" }, { "id": "CVE-2025-3416", - "modified": "2026-03-14T15:04:13.605678Z" + "modified": "2026-02-04T04:35:26.013846Z" } ] } @@ -336,7 +324,7 @@ interactions: } headers: Content-Length: - - "3821" + - "3627" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml index 6f4b8b12893..d236f43399d 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -138,7 +138,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -149,19 +149,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -169,7 +161,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -1408,7 +1400,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 22183 + content_length: 21592 body: | { "results": [ @@ -1416,15 +1408,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -1441,7 +1425,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -1452,19 +1436,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -1489,7 +1465,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-3374", - "modified": "2025-11-19T02:02:53.209453Z" + "modified": "2025-11-20T10:07:04.572010Z" }, { "id": "DEBIAN-CVE-2018-0501", @@ -1509,11 +1485,11 @@ interactions: }, { "id": "DSA-4685-1", - "modified": "2026-03-09T02:09:03.263738Z" + "modified": "2025-05-26T07:21:59.359875Z" }, { "id": "DSA-4808-1", - "modified": "2026-03-09T02:11:17.119108Z" + "modified": "2025-05-26T07:21:52.187597Z" } ] }, @@ -1527,7 +1503,7 @@ interactions: }, { "id": "DEBIAN-CVE-2022-3715", - "modified": "2025-11-19T01:08:50.887794Z" + "modified": "2025-11-20T10:15:59.798571Z" } ] }, @@ -1536,11 +1512,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-2781", - "modified": "2025-11-19T01:01:52.991827Z" + "modified": "2025-11-20T10:12:10.315580Z" }, { "id": "DEBIAN-CVE-2017-18018", - "modified": "2025-11-19T02:04:37.225425Z" + "modified": "2025-11-20T10:13:03.410084Z" }, { "id": "DEBIAN-CVE-2024-0684", @@ -1548,7 +1524,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-5278", - "modified": "2025-11-19T02:02:46.085480Z" + "modified": "2025-11-20T10:18:24.026350Z" } ] }, @@ -1558,7 +1534,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -1569,23 +1545,19 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1664", - "modified": "2025-11-19T02:02:46.659008Z" + "modified": "2025-11-20T10:15:48.083782Z" }, { "id": "DEBIAN-CVE-2025-6297", - "modified": "2025-11-19T02:04:34.056218Z" - }, - { - "id": "DEBIAN-CVE-2026-2219", - "modified": "2026-03-14T15:06:12.109941Z" + "modified": "2025-11-20T10:18:27.456848Z" }, { "id": "DLA-3022-1", - "modified": "2026-03-09T01:23:37.553205Z" + "modified": "2025-05-26T07:22:47.007443Z" }, { "id": "DSA-5147-1", - "modified": "2026-03-09T02:10:11.335992Z" + "modified": "2025-05-26T07:22:47.069263Z" } ] }, @@ -1602,15 +1574,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-1304", - "modified": "2025-11-19T02:02:38.540864Z" + "modified": "2025-11-20T10:15:47.847878Z" }, { "id": "DLA-3910-1", - "modified": "2026-03-09T01:22:32.343795Z" + "modified": "2025-05-26T07:22:45.827447Z" }, { "id": "DSA-4535-1", - "modified": "2026-03-09T02:10:12.902574Z" + "modified": "2025-05-26T07:21:16.735871Z" } ] }, @@ -1648,7 +1620,7 @@ interactions: }, { "id": "GHSA-v95c-p5hm-xq8f", - "modified": "2026-03-13T22:16:11.684125Z" + "modified": "2026-02-04T04:14:39.014326Z" }, { "id": "GHSA-vpvm-3wq2-2wvm", @@ -1664,19 +1636,19 @@ interactions: }, { "id": "GO-2022-0452", - "modified": "2026-02-04T03:17:02.340230Z" + "modified": "2026-02-05T00:56:58.617380Z" }, { "id": "GO-2023-1627", - "modified": "2026-02-04T03:58:42.107712Z" + "modified": "2026-02-04T06:40:30.956132Z" }, { "id": "GO-2023-1682", - "modified": "2026-02-04T02:59:23.815900Z" + "modified": "2026-02-05T01:12:55.466513Z" }, { "id": "GO-2023-1683", - "modified": "2026-02-04T04:01:58.343687Z" + "modified": "2026-02-04T06:56:17.304906Z" }, { "id": "GO-2024-2491", @@ -1684,7 +1656,7 @@ interactions: }, { "id": "GO-2024-3110", - "modified": "2026-02-04T02:23:26.560077Z" + "modified": "2026-02-04T17:25:12.514853Z" }, { "id": "GO-2025-4096", @@ -1696,7 +1668,7 @@ interactions: }, { "id": "GO-2025-4098", - "modified": "2026-02-04T02:52:46.004719Z" + "modified": "2026-02-05T09:13:43.863740Z" } ] }, @@ -1721,11 +1693,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DSA-5122-1", - "modified": "2026-03-09T02:09:10.163691Z" + "modified": "2025-05-26T07:22:45.579215Z" } ] }, @@ -1767,7 +1739,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-6829", - "modified": "2026-03-10T05:05:47.263837Z" + "modified": "2025-11-20T10:13:52.315674Z" }, { "id": "DEBIAN-CVE-2019-13627", @@ -1775,7 +1747,7 @@ interactions: }, { "id": "DEBIAN-CVE-2021-33560", - "modified": "2026-03-10T05:07:08.938163Z" + "modified": "2025-11-20T10:15:42.132245Z" }, { "id": "DEBIAN-CVE-2021-40528", @@ -1783,7 +1755,7 @@ interactions: }, { "id": "DEBIAN-CVE-2024-2236", - "modified": "2026-03-10T05:09:58.705229Z" + "modified": "2025-11-20T10:17:03.685651Z" } ] }, @@ -1849,27 +1821,27 @@ interactions: }, { "id": "DEBIAN-CVE-2021-46848", - "modified": "2025-11-19T02:01:15.883722Z" + "modified": "2025-11-20T10:15:14.681077Z" }, { "id": "DEBIAN-CVE-2024-12133", - "modified": "2025-11-19T01:12:36.661080Z" + "modified": "2025-11-20T10:17:02.620233Z" }, { "id": "DEBIAN-CVE-2025-13151", - "modified": "2026-01-20T05:01:23.018954Z" + "modified": "2026-01-20T05:13:20.502324Z" }, { "id": "DLA-3263-1", - "modified": "2026-03-09T01:22:34.273046Z" + "modified": "2025-05-26T07:22:42.617563Z" }, { "id": "DLA-4061-1", - "modified": "2026-03-09T01:20:16.124977Z" + "modified": "2025-05-26T07:23:58.435350Z" }, { "id": "DSA-5863-1", - "modified": "2026-03-09T02:08:50.747280Z" + "modified": "2025-05-26T07:23:58.495667Z" } ] }, @@ -1881,7 +1853,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-3709", - "modified": "2025-11-19T02:04:33.864716Z" + "modified": "2025-11-20T10:12:11.931996Z" }, { "id": "DEBIAN-CVE-2016-9318", @@ -1989,139 +1961,139 @@ interactions: }, { "id": "DEBIAN-CVE-2022-2309", - "modified": "2025-11-19T01:19:06.888Z" + "modified": "2025-11-20T10:15:28.694644Z" }, { "id": "DEBIAN-CVE-2022-23308", - "modified": "2025-11-19T02:01:18.152974Z" + "modified": "2025-11-20T10:15:29.029152Z" }, { "id": "DEBIAN-CVE-2022-29824", - "modified": "2025-11-19T02:04:38.738903Z" + "modified": "2025-11-20T10:15:52.814213Z" }, { "id": "DEBIAN-CVE-2022-40303", - "modified": "2025-11-19T01:01:57.785896Z" + "modified": "2025-11-20T10:16:01.982632Z" }, { "id": "DEBIAN-CVE-2022-40304", - "modified": "2025-11-19T01:06:26.094431Z" + "modified": "2025-11-20T10:16:01.918054Z" }, { "id": "DEBIAN-CVE-2022-49043", - "modified": "2025-11-19T02:02:50.782379Z" + "modified": "2025-11-20T10:16:12.358770Z" }, { "id": "DEBIAN-CVE-2023-28484", - "modified": "2025-11-19T01:19:08.743303Z" + "modified": "2025-11-20T10:16:35.199991Z" }, { "id": "DEBIAN-CVE-2023-29469", - "modified": "2025-11-19T01:19:08.724068Z" + "modified": "2025-11-20T10:17:34.943682Z" }, { "id": "DEBIAN-CVE-2023-39615", - "modified": "2025-11-19T02:02:52.012148Z" + "modified": "2025-11-20T10:16:41.593841Z" }, { "id": "DEBIAN-CVE-2023-45322", - "modified": "2025-11-19T01:06:25.116541Z" + "modified": "2025-11-20T10:16:44.891362Z" }, { "id": "DEBIAN-CVE-2024-25062", - "modified": "2025-11-19T01:08:46.580742Z" + "modified": "2025-11-20T10:17:04.986212Z" }, { "id": "DEBIAN-CVE-2024-34459", - "modified": "2025-11-19T02:02:47.091764Z" + "modified": "2025-11-20T10:17:41.570595Z" }, { "id": "DEBIAN-CVE-2024-56171", - "modified": "2025-11-19T02:02:52.483954Z" + "modified": "2025-11-20T10:17:48.605695Z" }, { "id": "DEBIAN-CVE-2025-24928", - "modified": "2025-11-19T02:02:46.051341Z" + "modified": "2025-11-20T10:18:05.778161Z" }, { "id": "DEBIAN-CVE-2025-27113", - "modified": "2025-11-19T01:03:10.967990Z" + "modified": "2025-11-20T10:18:06.358243Z" }, { "id": "DEBIAN-CVE-2025-32414", - "modified": "2025-11-19T01:03:12.180021Z" + "modified": "2025-11-20T10:18:08.076077Z" }, { "id": "DEBIAN-CVE-2025-32415", - "modified": "2025-11-19T01:19:04.543204Z" + "modified": "2025-11-20T10:18:08.251077Z" }, { "id": "DEBIAN-CVE-2025-49794", - "modified": "2025-11-19T02:02:44.020678Z" + "modified": "2025-11-20T10:18:23.322205Z" }, { "id": "DEBIAN-CVE-2025-49796", - "modified": "2025-11-19T01:04:38.934970Z" + "modified": "2025-11-20T10:18:23.585429Z" }, { "id": "DEBIAN-CVE-2025-6021", - "modified": "2025-11-19T01:19:06.898251Z" + "modified": "2025-11-20T10:18:26.314947Z" }, { "id": "DEBIAN-CVE-2025-6170", - "modified": "2025-11-19T02:02:49.894877Z" + "modified": "2025-11-20T10:18:26.670728Z" }, { "id": "DEBIAN-CVE-2025-8732", - "modified": "2025-12-14T10:01:32.599913Z" + "modified": "2025-12-14T10:13:26.467517Z" }, { "id": "DEBIAN-CVE-2025-9714", - "modified": "2026-01-10T14:00:56.039647Z" + "modified": "2026-01-10T14:08:12.148171Z" }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:01:10.004195Z" + "modified": "2026-01-16T11:05:07.928323Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:01:06.477646Z" + "modified": "2026-01-16T11:05:23.527352Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:01:12.961282Z" + "modified": "2026-01-16T11:05:10.515041Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:01:11.767706Z" + "modified": "2026-02-03T11:16:44.779248Z" }, { "id": "DLA-3012-1", - "modified": "2026-03-09T01:20:46.878115Z" + "modified": "2025-05-26T07:23:01.266561Z" }, { "id": "DLA-3172-1", - "modified": "2026-03-09T01:19:54.747665Z" + "modified": "2025-05-26T07:23:10.448009Z" }, { "id": "DLA-3405-1", - "modified": "2026-03-09T01:01:29.748040Z" + "modified": "2025-05-26T07:23:30.714665Z" }, { "id": "DLA-3878-1", - "modified": "2026-03-09T01:20:38.676387Z" + "modified": "2025-05-26T07:18:39.626843Z" }, { "id": "DLA-4064-1", - "modified": "2026-03-09T01:20:30.558703Z" + "modified": "2025-05-26T07:23:19.568188Z" }, { "id": "DLA-4146-1", - "modified": "2026-03-09T01:22:43.732573Z" + "modified": "2025-05-26T06:58:47.071983Z" }, { "id": "DLA-4251-1", - "modified": "2026-03-09T02:11:12.986866Z" + "modified": "2025-07-26T19:45:29.054316Z" }, { "id": "DLA-4319-1", @@ -2129,19 +2101,19 @@ interactions: }, { "id": "DSA-5142-1", - "modified": "2026-03-09T02:10:58.737631Z" + "modified": "2025-05-26T07:23:01.328825Z" }, { "id": "DSA-5271-1", - "modified": "2026-03-09T02:10:55.154283Z" + "modified": "2025-05-26T07:23:10.510965Z" }, { "id": "DSA-5391-1", - "modified": "2026-03-09T02:09:39.164621Z" + "modified": "2025-05-26T07:23:30.774960Z" }, { "id": "DSA-5949-1", - "modified": "2026-03-09T02:09:32.257423Z" + "modified": "2025-06-25T19:16:29.342484Z" }, { "id": "DSA-5990-1", @@ -2224,31 +2196,31 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3711", - "modified": "2025-11-19T01:03:12.176806Z" + "modified": "2025-11-20T10:15:44.121033Z" }, { "id": "DEBIAN-CVE-2021-3712", - "modified": "2025-11-19T01:06:25.943191Z" + "modified": "2025-11-20T10:15:44.130193Z" }, { "id": "DEBIAN-CVE-2021-4160", - "modified": "2025-11-19T02:02:49.031761Z" + "modified": "2025-11-20T10:15:10.185497Z" }, { "id": "DEBIAN-CVE-2022-0778", - "modified": "2025-11-19T01:19:03.832130Z" + "modified": "2025-11-20T10:15:47.332694Z" }, { "id": "DEBIAN-CVE-2022-1292", - "modified": "2025-11-19T02:02:51.844077Z" + "modified": "2025-11-20T10:15:25.471825Z" }, { "id": "DEBIAN-CVE-2022-2068", - "modified": "2025-11-19T02:02:42.085448Z" + "modified": "2025-11-20T10:15:27.022420Z" }, { "id": "DEBIAN-CVE-2022-2097", - "modified": "2025-11-19T01:02:00.163331Z" + "modified": "2025-11-20T10:15:27.065089Z" }, { "id": "DEBIAN-CVE-2022-2274", @@ -2276,15 +2248,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-4304", - "modified": "2025-11-19T01:12:34.364246Z" + "modified": "2025-11-20T10:16:04.313466Z" }, { "id": "DEBIAN-CVE-2022-4450", - "modified": "2025-11-19T01:03:13.857958Z" + "modified": "2025-11-20T10:16:05.367442Z" }, { "id": "DEBIAN-CVE-2023-0215", - "modified": "2025-11-19T02:01:14.351313Z" + "modified": "2025-11-20T10:16:27.838296Z" }, { "id": "DEBIAN-CVE-2023-0216", @@ -2296,7 +2268,7 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0286", - "modified": "2025-11-19T02:04:31.583209Z" + "modified": "2025-11-20T10:16:27.985311Z" }, { "id": "DEBIAN-CVE-2023-0401", @@ -2304,15 +2276,15 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0464", - "modified": "2025-11-19T02:02:47.611909Z" + "modified": "2025-11-20T10:16:28.057931Z" }, { "id": "DEBIAN-CVE-2023-0465", - "modified": "2025-11-19T01:19:04.585309Z" + "modified": "2025-11-20T10:16:28.143046Z" }, { "id": "DEBIAN-CVE-2023-0466", - "modified": "2025-11-19T02:02:51.634240Z" + "modified": "2025-11-20T10:16:28.053837Z" }, { "id": "DEBIAN-CVE-2023-1255", @@ -2320,39 +2292,39 @@ interactions: }, { "id": "DEBIAN-CVE-2023-2650", - "modified": "2025-11-19T01:06:23.059084Z" + "modified": "2025-11-20T10:17:34.439123Z" }, { "id": "DEBIAN-CVE-2023-2975", - "modified": "2025-11-19T01:12:34.218584Z" + "modified": "2025-11-20T10:16:36.112183Z" }, { "id": "DEBIAN-CVE-2023-3446", - "modified": "2025-11-19T02:02:48.905632Z" + "modified": "2025-11-20T10:16:38.860251Z" }, { "id": "DEBIAN-CVE-2023-3817", - "modified": "2025-11-19T01:08:51.044831Z" + "modified": "2025-11-20T10:17:35.737266Z" }, { "id": "DEBIAN-CVE-2023-5363", - "modified": "2025-11-19T02:04:32.554455Z" + "modified": "2025-11-20T10:16:59.430619Z" }, { "id": "DEBIAN-CVE-2023-5678", - "modified": "2025-11-19T01:04:41.738503Z" + "modified": "2025-11-20T10:17:38.719690Z" }, { "id": "DEBIAN-CVE-2023-6129", - "modified": "2025-11-19T01:01:55.283596Z" + "modified": "2025-11-20T10:17:39.029757Z" }, { "id": "DEBIAN-CVE-2023-6237", - "modified": "2025-11-19T02:02:39.792151Z" + "modified": "2025-11-20T10:17:39.218097Z" }, { "id": "DEBIAN-CVE-2024-0727", - "modified": "2025-11-19T01:04:40.537945Z" + "modified": "2025-11-20T10:17:01.258658Z" }, { "id": "DEBIAN-CVE-2024-12797", @@ -2360,51 +2332,51 @@ interactions: }, { "id": "DEBIAN-CVE-2024-13176", - "modified": "2026-01-10T14:00:51.432887Z" + "modified": "2026-01-10T14:06:53.941794Z" }, { "id": "DEBIAN-CVE-2024-2511", - "modified": "2025-11-19T02:04:38.588479Z" + "modified": "2025-11-20T10:17:05.139581Z" }, { "id": "DEBIAN-CVE-2024-4603", - "modified": "2025-11-19T02:04:28.636018Z" + "modified": "2025-11-20T10:17:43.955114Z" }, { "id": "DEBIAN-CVE-2024-4741", - "modified": "2025-11-19T01:01:56.969337Z" + "modified": "2025-11-20T10:17:26.990307Z" }, { "id": "DEBIAN-CVE-2024-5535", - "modified": "2025-11-19T02:02:53.246805Z" + "modified": "2025-11-20T10:17:48.194687Z" }, { "id": "DEBIAN-CVE-2024-6119", - "modified": "2025-11-19T02:04:35.555400Z" + "modified": "2025-11-20T10:17:53.824117Z" }, { "id": "DEBIAN-CVE-2024-9143", - "modified": "2025-11-19T01:01:56.791165Z" + "modified": "2025-11-20T10:17:55.864918Z" }, { "id": "DEBIAN-CVE-2025-11187", - "modified": "2026-02-01T20:01:22.848980Z" + "modified": "2026-02-01T20:15:44.382340Z" }, { "id": "DEBIAN-CVE-2025-15467", - "modified": "2026-02-26T08:01:15.079280Z" + "modified": "2026-02-01T20:16:03.195403Z" }, { "id": "DEBIAN-CVE-2025-15468", - "modified": "2026-02-01T20:01:21.279895Z" + "modified": "2026-02-01T20:15:50.413366Z" }, { "id": "DEBIAN-CVE-2025-15469", - "modified": "2026-02-01T20:01:16.747717Z" + "modified": "2026-02-01T20:15:56.347911Z" }, { "id": "DEBIAN-CVE-2025-27587", - "modified": "2025-11-19T01:03:13.852343Z" + "modified": "2025-11-20T10:18:06.745292Z" }, { "id": "DEBIAN-CVE-2025-4575", @@ -2412,143 +2384,135 @@ interactions: }, { "id": "DEBIAN-CVE-2025-66199", - "modified": "2026-02-01T20:01:23.308969Z" + "modified": "2026-02-01T20:15:59.468539Z" }, { "id": "DEBIAN-CVE-2025-68160", - "modified": "2026-02-23T15:01:30.829710Z" + "modified": "2026-02-01T20:15:53.558839Z" }, { "id": "DEBIAN-CVE-2025-69418", - "modified": "2026-02-23T15:01:34.534567Z" + "modified": "2026-02-01T20:16:10.273490Z" }, { "id": "DEBIAN-CVE-2025-69419", - "modified": "2026-02-23T15:01:26.866129Z" + "modified": "2026-02-01T20:16:13.803909Z" }, { "id": "DEBIAN-CVE-2025-69420", - "modified": "2026-02-23T15:01:24.396408Z" + "modified": "2026-02-01T20:15:47.671017Z" }, { "id": "DEBIAN-CVE-2025-69421", - "modified": "2026-02-23T15:01:33.767596Z" + "modified": "2026-02-03T11:16:34.961716Z" }, { "id": "DEBIAN-CVE-2025-9230", - "modified": "2025-11-19T02:02:49.060854Z" + "modified": "2025-11-20T10:18:28.690398Z" }, { "id": "DEBIAN-CVE-2025-9231", - "modified": "2025-11-19T02:04:23.949464Z" + "modified": "2025-11-20T10:18:28.713979Z" }, { "id": "DEBIAN-CVE-2025-9232", - "modified": "2025-11-19T02:02:53.725801Z" + "modified": "2025-11-20T10:18:28.748819Z" }, { "id": "DEBIAN-CVE-2026-22795", - "modified": "2026-02-23T15:01:35.146488Z" + "modified": "2026-02-01T20:15:40.679029Z" }, { "id": "DEBIAN-CVE-2026-22796", - "modified": "2026-02-23T15:01:28.414591Z" - }, - { - "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-14T16:48:13.279039Z" + "modified": "2026-02-01T20:16:16.928963Z" }, { "id": "DLA-3008-1", - "modified": "2026-03-09T01:23:33.375630Z" + "modified": "2025-05-26T07:22:45.706031Z" }, { "id": "DLA-3325-1", - "modified": "2026-03-09T01:19:40.983935Z" + "modified": "2025-05-26T07:22:47.806974Z" }, { "id": "DLA-3449-1", - "modified": "2026-03-09T01:22:47.322805Z" + "modified": "2025-05-26T07:23:20.191820Z" }, { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" }, { "id": "DLA-3942-1", - "modified": "2026-03-09T01:22:40.686044Z" + "modified": "2025-05-26T07:23:52.994725Z" }, { "id": "DLA-3942-2", - "modified": "2026-03-09T01:21:01.728730Z" + "modified": "2025-05-26T07:23:53.056205Z" }, { "id": "DLA-4176-1", - "modified": "2026-03-09T01:20:23.459313Z" + "modified": "2025-05-26T07:02:17.127596Z" }, { "id": "DLA-4321-1", "modified": "2025-10-03T16:33:24.717173Z" }, - { - "id": "DLA-4490-1", - "modified": "2026-02-23T10:30:28.927832Z" - }, { "id": "DSA-4539-1", - "modified": "2026-03-09T02:09:20.276054Z" + "modified": "2025-05-26T07:20:57.698150Z" }, { "id": "DSA-4539-3", - "modified": "2019-10-13T00:00:00Z" + "modified": "2025-05-26T07:05:14.261652Z" }, { "id": "DSA-4661-1", - "modified": "2026-03-09T02:08:53.792348Z" + "modified": "2025-05-26T07:21:44.983880Z" }, { "id": "DSA-4807-1", - "modified": "2026-03-09T02:10:20.442914Z" + "modified": "2025-05-26T07:21:45.227381Z" }, { "id": "DSA-4855-1", - "modified": "2026-03-09T02:11:29.405206Z" + "modified": "2025-05-26T07:20:57.944135Z" }, { "id": "DSA-4875-1", - "modified": "2026-03-09T02:10:05.387501Z" + "modified": "2025-05-26T07:22:25.295971Z" }, { "id": "DSA-4963-1", - "modified": "2026-03-09T02:10:15.488747Z" + "modified": "2025-05-26T07:22:29.610492Z" }, { "id": "DSA-5103-1", - "modified": "2026-03-09T02:09:42.407559Z" + "modified": "2025-05-26T07:22:36.298650Z" }, { "id": "DSA-5139-1", - "modified": "2026-03-09T02:09:17.334653Z" + "modified": "2025-05-26T07:22:45.765450Z" }, { "id": "DSA-5169-1", - "modified": "2026-03-09T02:09:37.692763Z" + "modified": "2025-05-26T07:22:47.687377Z" }, { "id": "DSA-5343-1", - "modified": "2026-03-09T02:09:47.149297Z" + "modified": "2025-05-26T07:22:47.870882Z" }, { "id": "DSA-5417-1", - "modified": "2026-03-09T02:09:39.950679Z" + "modified": "2025-05-26T07:23:20.254324Z" }, { "id": "DSA-5532-1", - "modified": "2026-03-09T02:08:31.395482Z" + "modified": "2025-05-26T07:23:52.176093Z" }, { "id": "DSA-5764-1", - "modified": "2026-03-09T02:09:02.723874Z" + "modified": "2025-05-26T07:24:15.576601Z" }, { "id": "DSA-6015-1", @@ -2556,7 +2520,7 @@ interactions: }, { "id": "DSA-6113-1", - "modified": "2026-01-27T20:30:04.397078Z" + "modified": "2026-01-27T20:15:37.634049Z" } ] }, @@ -2565,7 +2529,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-4116", - "modified": "2025-11-19T01:08:48.534508Z" + "modified": "2025-11-20T10:10:50.058601Z" }, { "id": "DEBIAN-CVE-2017-12837", @@ -2621,11 +2585,11 @@ interactions: }, { "id": "DEBIAN-CVE-2020-16156", - "modified": "2025-11-19T02:04:25.146090Z" + "modified": "2025-11-20T10:14:36.701112Z" }, { "id": "DEBIAN-CVE-2021-36770", - "modified": "2025-11-19T01:08:50.244924Z" + "modified": "2025-11-20T10:15:44.080114Z" }, { "id": "DEBIAN-CVE-2022-48522", @@ -2633,31 +2597,31 @@ interactions: }, { "id": "DEBIAN-CVE-2023-31484", - "modified": "2025-11-19T01:01:55.072028Z" + "modified": "2025-11-20T10:17:35.627220Z" }, { "id": "DEBIAN-CVE-2023-31486", - "modified": "2025-11-19T01:06:23.122275Z" + "modified": "2025-11-20T10:17:36.081192Z" }, { "id": "DEBIAN-CVE-2023-47038", - "modified": "2025-11-19T02:02:47.808046Z" + "modified": "2025-11-20T10:16:46.343364Z" }, { "id": "DEBIAN-CVE-2024-56406", - "modified": "2025-11-19T02:04:37.240014Z" + "modified": "2025-11-20T10:17:48.686371Z" }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-19T01:12:36.316842Z" + "modified": "2025-11-20T10:18:21.143971Z" }, { "id": "DLA-3926-1", - "modified": "2026-03-09T01:20:46.118633Z" + "modified": "2025-05-26T07:21:42.385892Z" }, { "id": "DSA-5902-1", - "modified": "2026-03-09T02:09:19.793163Z" + "modified": "2025-05-26T07:24:14.898997Z" } ] }, @@ -2669,35 +2633,35 @@ interactions: "vulns": [ { "id": "DLA-3072-1", - "modified": "2026-03-09T01:22:24.680239Z" + "modified": "2025-05-26T07:22:56.848703Z" }, { "id": "DLA-3189-1", - "modified": "2022-11-15T00:00:00Z" + "modified": "2025-05-26T07:01:07.887113Z" }, { "id": "DLA-3316-1", - "modified": "2023-02-10T00:00:00Z" + "modified": "2025-05-26T07:01:13.127412Z" }, { "id": "DLA-3422-1", - "modified": "2026-03-09T01:20:56.692752Z" + "modified": "2025-05-26T07:23:26.375715Z" }, { "id": "DLA-3600-1", - "modified": "2026-03-09T01:17:49.966197Z" + "modified": "2025-05-26T07:23:40.030714Z" }, { "id": "DLA-3651-1", - "modified": "2026-03-09T01:18:05.310519Z" + "modified": "2025-05-26T07:23:53.368012Z" }, { "id": "DLA-3764-1", - "modified": "2026-03-09T01:23:22.273526Z" + "modified": "2025-05-26T07:23:55.849014Z" }, { "id": "DSA-5135-1", - "modified": "2026-03-09T02:11:21.646978Z" + "modified": "2025-05-26T07:22:46.760638Z" } ] }, @@ -2720,7 +2684,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2005-2541", - "modified": "2025-11-19T02:02:39.239715Z" + "modified": "2025-11-20T10:09:01.923782Z" }, { "id": "DEBIAN-CVE-2018-20482", @@ -2736,15 +2700,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-48303", - "modified": "2025-11-19T01:01:59.298206Z" + "modified": "2025-11-20T10:16:07.552593Z" }, { "id": "DEBIAN-CVE-2023-39804", - "modified": "2025-11-19T02:02:53.596262Z" + "modified": "2025-11-20T10:16:41.587973Z" }, { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -2752,47 +2716,47 @@ interactions: "vulns": [ { "id": "DLA-3051-1", - "modified": "2022-06-15T00:00:00Z" + "modified": "2025-05-26T07:01:56.257796Z" }, { "id": "DLA-3134-1", - "modified": "2022-10-03T00:00:00Z" + "modified": "2025-05-26T07:01:01.500124Z" }, { "id": "DLA-3161-1", - "modified": "2022-10-26T00:00:00Z" + "modified": "2025-05-26T07:01:03.882213Z" }, { "id": "DLA-3366-1", - "modified": "2023-03-24T00:00:00Z" + "modified": "2025-05-26T07:01:17.027142Z" }, { "id": "DLA-3412-1", - "modified": "2023-05-02T00:00:00Z" + "modified": "2025-05-26T07:01:20.109212Z" }, { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" }, { "id": "DLA-3972-1", - "modified": "2024-11-28T00:00:00Z" + "modified": "2025-05-26T07:02:05.284676Z" }, { "id": "DLA-4085-1", - "modified": "2025-03-18T00:00:00Z" + "modified": "2025-05-26T07:02:10.958749Z" }, { "id": "DLA-4105-1", - "modified": "2025-04-01T00:00:00Z" + "modified": "2025-05-26T07:02:13.921097Z" }, { "id": "DLA-4403-1", - "modified": "2025-12-12T00:00:00Z" + "modified": "2025-12-12T10:13:37.154747Z" } ] }, @@ -2800,7 +2764,7 @@ interactions: "vulns": [ { "id": "DLA-4016-1", - "modified": "2025-01-16T00:00:00Z" + "modified": "2025-05-26T07:02:06.504254Z" } ] }, @@ -2812,7 +2776,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-7738", - "modified": "2025-11-19T02:04:41.803240Z" + "modified": "2025-11-20T10:13:54.493707Z" }, { "id": "DEBIAN-CVE-2021-37600", @@ -2820,39 +2784,35 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3995", - "modified": "2025-11-19T01:12:36.252792Z" + "modified": "2025-11-20T10:15:45.587792Z" }, { "id": "DEBIAN-CVE-2021-3996", - "modified": "2025-11-19T02:02:48.032233Z" + "modified": "2025-11-20T10:15:45.602424Z" }, { "id": "DEBIAN-CVE-2022-0563", - "modified": "2025-11-19T01:01:57.875266Z" + "modified": "2025-11-20T10:15:24.228408Z" }, { "id": "DEBIAN-CVE-2024-28085", - "modified": "2025-11-19T01:02:00.375077Z" + "modified": "2025-11-20T10:17:41.612682Z" }, { "id": "DEBIAN-CVE-2025-14104", - "modified": "2026-03-05T17:00:58.361610Z" - }, - { - "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2025-12-29T10:11:41.788817Z" }, { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" }, { "id": "DSA-5055-1", - "modified": "2026-03-09T02:10:40.826335Z" + "modified": "2025-05-26T07:22:33.646795Z" }, { "id": "DSA-5650-1", - "modified": "2026-03-09T02:08:30.371343Z" + "modified": "2025-05-26T07:24:03.887524Z" } ] }, @@ -2860,7 +2820,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DEBIAN-CVE-2024-3094", @@ -2868,15 +2828,15 @@ interactions: }, { "id": "DEBIAN-CVE-2025-31115", - "modified": "2025-11-19T02:02:42.561876Z" + "modified": "2025-11-20T10:18:07.484724Z" }, { "id": "DSA-5123-1", - "modified": "2026-03-09T02:10:46.054497Z" + "modified": "2025-05-26T07:22:45.643786Z" }, { "id": "DSA-5895-1", - "modified": "2026-03-09T02:08:52.515269Z" + "modified": "2025-05-26T07:24:22.556406Z" } ] }, @@ -2895,7 +2855,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -2906,19 +2866,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -2926,7 +2878,7 @@ interactions: } headers: Content-Length: - - "22183" + - "21592" Content-Type: - application/json status: 200 OK @@ -3997,7 +3949,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 21427 + content_length: 21124 body: | { "results": [ @@ -4014,7 +3966,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -4025,19 +3977,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -4046,7 +3990,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-3374", - "modified": "2025-11-19T02:02:53.209453Z" + "modified": "2025-11-20T10:07:04.572010Z" }, { "id": "DEBIAN-CVE-2018-0501", @@ -4066,11 +4010,11 @@ interactions: }, { "id": "DSA-4685-1", - "modified": "2026-03-09T02:09:03.263738Z" + "modified": "2025-05-26T07:21:59.359875Z" }, { "id": "DSA-4808-1", - "modified": "2026-03-09T02:11:17.119108Z" + "modified": "2025-05-26T07:21:52.187597Z" } ] }, @@ -4084,7 +4028,7 @@ interactions: }, { "id": "DEBIAN-CVE-2022-3715", - "modified": "2025-11-19T01:08:50.887794Z" + "modified": "2025-11-20T10:15:59.798571Z" } ] }, @@ -4093,11 +4037,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-2781", - "modified": "2025-11-19T01:01:52.991827Z" + "modified": "2025-11-20T10:12:10.315580Z" }, { "id": "DEBIAN-CVE-2017-18018", - "modified": "2025-11-19T02:04:37.225425Z" + "modified": "2025-11-20T10:13:03.410084Z" }, { "id": "DEBIAN-CVE-2024-0684", @@ -4105,7 +4049,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-5278", - "modified": "2025-11-19T02:02:46.085480Z" + "modified": "2025-11-20T10:18:24.026350Z" } ] }, @@ -4115,7 +4059,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -4126,23 +4070,19 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1664", - "modified": "2025-11-19T02:02:46.659008Z" + "modified": "2025-11-20T10:15:48.083782Z" }, { "id": "DEBIAN-CVE-2025-6297", - "modified": "2025-11-19T02:04:34.056218Z" - }, - { - "id": "DEBIAN-CVE-2026-2219", - "modified": "2026-03-14T15:06:12.109941Z" + "modified": "2025-11-20T10:18:27.456848Z" }, { "id": "DLA-3022-1", - "modified": "2026-03-09T01:23:37.553205Z" + "modified": "2025-05-26T07:22:47.007443Z" }, { "id": "DSA-5147-1", - "modified": "2026-03-09T02:10:11.335992Z" + "modified": "2025-05-26T07:22:47.069263Z" } ] }, @@ -4159,15 +4099,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-1304", - "modified": "2025-11-19T02:02:38.540864Z" + "modified": "2025-11-20T10:15:47.847878Z" }, { "id": "DLA-3910-1", - "modified": "2026-03-09T01:22:32.343795Z" + "modified": "2025-05-26T07:22:45.827447Z" }, { "id": "DSA-4535-1", - "modified": "2026-03-09T02:10:12.902574Z" + "modified": "2025-05-26T07:21:16.735871Z" } ] }, @@ -4205,7 +4145,7 @@ interactions: }, { "id": "GHSA-v95c-p5hm-xq8f", - "modified": "2026-03-13T22:16:11.684125Z" + "modified": "2026-02-04T04:14:39.014326Z" }, { "id": "GHSA-vpvm-3wq2-2wvm", @@ -4221,19 +4161,19 @@ interactions: }, { "id": "GO-2022-0452", - "modified": "2026-02-04T03:17:02.340230Z" + "modified": "2026-02-05T00:56:58.617380Z" }, { "id": "GO-2023-1627", - "modified": "2026-02-04T03:58:42.107712Z" + "modified": "2026-02-04T06:40:30.956132Z" }, { "id": "GO-2023-1682", - "modified": "2026-02-04T02:59:23.815900Z" + "modified": "2026-02-05T01:12:55.466513Z" }, { "id": "GO-2023-1683", - "modified": "2026-02-04T04:01:58.343687Z" + "modified": "2026-02-04T06:56:17.304906Z" }, { "id": "GO-2024-2491", @@ -4241,7 +4181,7 @@ interactions: }, { "id": "GO-2024-3110", - "modified": "2026-02-04T02:23:26.560077Z" + "modified": "2026-02-04T17:25:12.514853Z" }, { "id": "GO-2025-4096", @@ -4253,7 +4193,7 @@ interactions: }, { "id": "GO-2025-4098", - "modified": "2026-02-04T02:52:46.004719Z" + "modified": "2026-02-05T09:13:43.863740Z" } ] }, @@ -4278,11 +4218,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DSA-5122-1", - "modified": "2026-03-09T02:09:10.163691Z" + "modified": "2025-05-26T07:22:45.579215Z" } ] }, @@ -4324,7 +4264,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-6829", - "modified": "2026-03-10T05:05:47.263837Z" + "modified": "2025-11-20T10:13:52.315674Z" }, { "id": "DEBIAN-CVE-2019-13627", @@ -4332,7 +4272,7 @@ interactions: }, { "id": "DEBIAN-CVE-2021-33560", - "modified": "2026-03-10T05:07:08.938163Z" + "modified": "2025-11-20T10:15:42.132245Z" }, { "id": "DEBIAN-CVE-2021-40528", @@ -4340,7 +4280,7 @@ interactions: }, { "id": "DEBIAN-CVE-2024-2236", - "modified": "2026-03-10T05:09:58.705229Z" + "modified": "2025-11-20T10:17:03.685651Z" } ] }, @@ -4406,27 +4346,27 @@ interactions: }, { "id": "DEBIAN-CVE-2021-46848", - "modified": "2025-11-19T02:01:15.883722Z" + "modified": "2025-11-20T10:15:14.681077Z" }, { "id": "DEBIAN-CVE-2024-12133", - "modified": "2025-11-19T01:12:36.661080Z" + "modified": "2025-11-20T10:17:02.620233Z" }, { "id": "DEBIAN-CVE-2025-13151", - "modified": "2026-01-20T05:01:23.018954Z" + "modified": "2026-01-20T05:13:20.502324Z" }, { "id": "DLA-3263-1", - "modified": "2026-03-09T01:22:34.273046Z" + "modified": "2025-05-26T07:22:42.617563Z" }, { "id": "DLA-4061-1", - "modified": "2026-03-09T01:20:16.124977Z" + "modified": "2025-05-26T07:23:58.435350Z" }, { "id": "DSA-5863-1", - "modified": "2026-03-09T02:08:50.747280Z" + "modified": "2025-05-26T07:23:58.495667Z" } ] }, @@ -4438,7 +4378,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-3709", - "modified": "2025-11-19T02:04:33.864716Z" + "modified": "2025-11-20T10:12:11.931996Z" }, { "id": "DEBIAN-CVE-2016-9318", @@ -4546,139 +4486,139 @@ interactions: }, { "id": "DEBIAN-CVE-2022-2309", - "modified": "2025-11-19T01:19:06.888Z" + "modified": "2025-11-20T10:15:28.694644Z" }, { "id": "DEBIAN-CVE-2022-23308", - "modified": "2025-11-19T02:01:18.152974Z" + "modified": "2025-11-20T10:15:29.029152Z" }, { "id": "DEBIAN-CVE-2022-29824", - "modified": "2025-11-19T02:04:38.738903Z" + "modified": "2025-11-20T10:15:52.814213Z" }, { "id": "DEBIAN-CVE-2022-40303", - "modified": "2025-11-19T01:01:57.785896Z" + "modified": "2025-11-20T10:16:01.982632Z" }, { "id": "DEBIAN-CVE-2022-40304", - "modified": "2025-11-19T01:06:26.094431Z" + "modified": "2025-11-20T10:16:01.918054Z" }, { "id": "DEBIAN-CVE-2022-49043", - "modified": "2025-11-19T02:02:50.782379Z" + "modified": "2025-11-20T10:16:12.358770Z" }, { "id": "DEBIAN-CVE-2023-28484", - "modified": "2025-11-19T01:19:08.743303Z" + "modified": "2025-11-20T10:16:35.199991Z" }, { "id": "DEBIAN-CVE-2023-29469", - "modified": "2025-11-19T01:19:08.724068Z" + "modified": "2025-11-20T10:17:34.943682Z" }, { "id": "DEBIAN-CVE-2023-39615", - "modified": "2025-11-19T02:02:52.012148Z" + "modified": "2025-11-20T10:16:41.593841Z" }, { "id": "DEBIAN-CVE-2023-45322", - "modified": "2025-11-19T01:06:25.116541Z" + "modified": "2025-11-20T10:16:44.891362Z" }, { "id": "DEBIAN-CVE-2024-25062", - "modified": "2025-11-19T01:08:46.580742Z" + "modified": "2025-11-20T10:17:04.986212Z" }, { "id": "DEBIAN-CVE-2024-34459", - "modified": "2025-11-19T02:02:47.091764Z" + "modified": "2025-11-20T10:17:41.570595Z" }, { "id": "DEBIAN-CVE-2024-56171", - "modified": "2025-11-19T02:02:52.483954Z" + "modified": "2025-11-20T10:17:48.605695Z" }, { "id": "DEBIAN-CVE-2025-24928", - "modified": "2025-11-19T02:02:46.051341Z" + "modified": "2025-11-20T10:18:05.778161Z" }, { "id": "DEBIAN-CVE-2025-27113", - "modified": "2025-11-19T01:03:10.967990Z" + "modified": "2025-11-20T10:18:06.358243Z" }, { "id": "DEBIAN-CVE-2025-32414", - "modified": "2025-11-19T01:03:12.180021Z" + "modified": "2025-11-20T10:18:08.076077Z" }, { "id": "DEBIAN-CVE-2025-32415", - "modified": "2025-11-19T01:19:04.543204Z" + "modified": "2025-11-20T10:18:08.251077Z" }, { "id": "DEBIAN-CVE-2025-49794", - "modified": "2025-11-19T02:02:44.020678Z" + "modified": "2025-11-20T10:18:23.322205Z" }, { "id": "DEBIAN-CVE-2025-49796", - "modified": "2025-11-19T01:04:38.934970Z" + "modified": "2025-11-20T10:18:23.585429Z" }, { "id": "DEBIAN-CVE-2025-6021", - "modified": "2025-11-19T01:19:06.898251Z" + "modified": "2025-11-20T10:18:26.314947Z" }, { "id": "DEBIAN-CVE-2025-6170", - "modified": "2025-11-19T02:02:49.894877Z" + "modified": "2025-11-20T10:18:26.670728Z" }, { "id": "DEBIAN-CVE-2025-8732", - "modified": "2025-12-14T10:01:32.599913Z" + "modified": "2025-12-14T10:13:26.467517Z" }, { "id": "DEBIAN-CVE-2025-9714", - "modified": "2026-01-10T14:00:56.039647Z" + "modified": "2026-01-10T14:08:12.148171Z" }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:01:10.004195Z" + "modified": "2026-01-16T11:05:07.928323Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:01:06.477646Z" + "modified": "2026-01-16T11:05:23.527352Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:01:12.961282Z" + "modified": "2026-01-16T11:05:10.515041Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:01:11.767706Z" + "modified": "2026-02-03T11:16:44.779248Z" }, { "id": "DLA-3012-1", - "modified": "2026-03-09T01:20:46.878115Z" + "modified": "2025-05-26T07:23:01.266561Z" }, { "id": "DLA-3172-1", - "modified": "2026-03-09T01:19:54.747665Z" + "modified": "2025-05-26T07:23:10.448009Z" }, { "id": "DLA-3405-1", - "modified": "2026-03-09T01:01:29.748040Z" + "modified": "2025-05-26T07:23:30.714665Z" }, { "id": "DLA-3878-1", - "modified": "2026-03-09T01:20:38.676387Z" + "modified": "2025-05-26T07:18:39.626843Z" }, { "id": "DLA-4064-1", - "modified": "2026-03-09T01:20:30.558703Z" + "modified": "2025-05-26T07:23:19.568188Z" }, { "id": "DLA-4146-1", - "modified": "2026-03-09T01:22:43.732573Z" + "modified": "2025-05-26T06:58:47.071983Z" }, { "id": "DLA-4251-1", - "modified": "2026-03-09T02:11:12.986866Z" + "modified": "2025-07-26T19:45:29.054316Z" }, { "id": "DLA-4319-1", @@ -4686,19 +4626,19 @@ interactions: }, { "id": "DSA-5142-1", - "modified": "2026-03-09T02:10:58.737631Z" + "modified": "2025-05-26T07:23:01.328825Z" }, { "id": "DSA-5271-1", - "modified": "2026-03-09T02:10:55.154283Z" + "modified": "2025-05-26T07:23:10.510965Z" }, { "id": "DSA-5391-1", - "modified": "2026-03-09T02:09:39.164621Z" + "modified": "2025-05-26T07:23:30.774960Z" }, { "id": "DSA-5949-1", - "modified": "2026-03-09T02:09:32.257423Z" + "modified": "2025-06-25T19:16:29.342484Z" }, { "id": "DSA-5990-1", @@ -4781,31 +4721,31 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3711", - "modified": "2025-11-19T01:03:12.176806Z" + "modified": "2025-11-20T10:15:44.121033Z" }, { "id": "DEBIAN-CVE-2021-3712", - "modified": "2025-11-19T01:06:25.943191Z" + "modified": "2025-11-20T10:15:44.130193Z" }, { "id": "DEBIAN-CVE-2021-4160", - "modified": "2025-11-19T02:02:49.031761Z" + "modified": "2025-11-20T10:15:10.185497Z" }, { "id": "DEBIAN-CVE-2022-0778", - "modified": "2025-11-19T01:19:03.832130Z" + "modified": "2025-11-20T10:15:47.332694Z" }, { "id": "DEBIAN-CVE-2022-1292", - "modified": "2025-11-19T02:02:51.844077Z" + "modified": "2025-11-20T10:15:25.471825Z" }, { "id": "DEBIAN-CVE-2022-2068", - "modified": "2025-11-19T02:02:42.085448Z" + "modified": "2025-11-20T10:15:27.022420Z" }, { "id": "DEBIAN-CVE-2022-2097", - "modified": "2025-11-19T01:02:00.163331Z" + "modified": "2025-11-20T10:15:27.065089Z" }, { "id": "DEBIAN-CVE-2022-2274", @@ -4833,15 +4773,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-4304", - "modified": "2025-11-19T01:12:34.364246Z" + "modified": "2025-11-20T10:16:04.313466Z" }, { "id": "DEBIAN-CVE-2022-4450", - "modified": "2025-11-19T01:03:13.857958Z" + "modified": "2025-11-20T10:16:05.367442Z" }, { "id": "DEBIAN-CVE-2023-0215", - "modified": "2025-11-19T02:01:14.351313Z" + "modified": "2025-11-20T10:16:27.838296Z" }, { "id": "DEBIAN-CVE-2023-0216", @@ -4853,7 +4793,7 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0286", - "modified": "2025-11-19T02:04:31.583209Z" + "modified": "2025-11-20T10:16:27.985311Z" }, { "id": "DEBIAN-CVE-2023-0401", @@ -4861,15 +4801,15 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0464", - "modified": "2025-11-19T02:02:47.611909Z" + "modified": "2025-11-20T10:16:28.057931Z" }, { "id": "DEBIAN-CVE-2023-0465", - "modified": "2025-11-19T01:19:04.585309Z" + "modified": "2025-11-20T10:16:28.143046Z" }, { "id": "DEBIAN-CVE-2023-0466", - "modified": "2025-11-19T02:02:51.634240Z" + "modified": "2025-11-20T10:16:28.053837Z" }, { "id": "DEBIAN-CVE-2023-1255", @@ -4877,39 +4817,39 @@ interactions: }, { "id": "DEBIAN-CVE-2023-2650", - "modified": "2025-11-19T01:06:23.059084Z" + "modified": "2025-11-20T10:17:34.439123Z" }, { "id": "DEBIAN-CVE-2023-2975", - "modified": "2025-11-19T01:12:34.218584Z" + "modified": "2025-11-20T10:16:36.112183Z" }, { "id": "DEBIAN-CVE-2023-3446", - "modified": "2025-11-19T02:02:48.905632Z" + "modified": "2025-11-20T10:16:38.860251Z" }, { "id": "DEBIAN-CVE-2023-3817", - "modified": "2025-11-19T01:08:51.044831Z" + "modified": "2025-11-20T10:17:35.737266Z" }, { "id": "DEBIAN-CVE-2023-5363", - "modified": "2025-11-19T02:04:32.554455Z" + "modified": "2025-11-20T10:16:59.430619Z" }, { "id": "DEBIAN-CVE-2023-5678", - "modified": "2025-11-19T01:04:41.738503Z" + "modified": "2025-11-20T10:17:38.719690Z" }, { "id": "DEBIAN-CVE-2023-6129", - "modified": "2025-11-19T01:01:55.283596Z" + "modified": "2025-11-20T10:17:39.029757Z" }, { "id": "DEBIAN-CVE-2023-6237", - "modified": "2025-11-19T02:02:39.792151Z" + "modified": "2025-11-20T10:17:39.218097Z" }, { "id": "DEBIAN-CVE-2024-0727", - "modified": "2025-11-19T01:04:40.537945Z" + "modified": "2025-11-20T10:17:01.258658Z" }, { "id": "DEBIAN-CVE-2024-12797", @@ -4917,51 +4857,51 @@ interactions: }, { "id": "DEBIAN-CVE-2024-13176", - "modified": "2026-01-10T14:00:51.432887Z" + "modified": "2026-01-10T14:06:53.941794Z" }, { "id": "DEBIAN-CVE-2024-2511", - "modified": "2025-11-19T02:04:38.588479Z" + "modified": "2025-11-20T10:17:05.139581Z" }, { "id": "DEBIAN-CVE-2024-4603", - "modified": "2025-11-19T02:04:28.636018Z" + "modified": "2025-11-20T10:17:43.955114Z" }, { "id": "DEBIAN-CVE-2024-4741", - "modified": "2025-11-19T01:01:56.969337Z" + "modified": "2025-11-20T10:17:26.990307Z" }, { "id": "DEBIAN-CVE-2024-5535", - "modified": "2025-11-19T02:02:53.246805Z" + "modified": "2025-11-20T10:17:48.194687Z" }, { "id": "DEBIAN-CVE-2024-6119", - "modified": "2025-11-19T02:04:35.555400Z" + "modified": "2025-11-20T10:17:53.824117Z" }, { "id": "DEBIAN-CVE-2024-9143", - "modified": "2025-11-19T01:01:56.791165Z" + "modified": "2025-11-20T10:17:55.864918Z" }, { "id": "DEBIAN-CVE-2025-11187", - "modified": "2026-02-01T20:01:22.848980Z" + "modified": "2026-02-01T20:15:44.382340Z" }, { "id": "DEBIAN-CVE-2025-15467", - "modified": "2026-02-26T08:01:15.079280Z" + "modified": "2026-02-01T20:16:03.195403Z" }, { "id": "DEBIAN-CVE-2025-15468", - "modified": "2026-02-01T20:01:21.279895Z" + "modified": "2026-02-01T20:15:50.413366Z" }, { "id": "DEBIAN-CVE-2025-15469", - "modified": "2026-02-01T20:01:16.747717Z" + "modified": "2026-02-01T20:15:56.347911Z" }, { "id": "DEBIAN-CVE-2025-27587", - "modified": "2025-11-19T01:03:13.852343Z" + "modified": "2025-11-20T10:18:06.745292Z" }, { "id": "DEBIAN-CVE-2025-4575", @@ -4969,143 +4909,135 @@ interactions: }, { "id": "DEBIAN-CVE-2025-66199", - "modified": "2026-02-01T20:01:23.308969Z" + "modified": "2026-02-01T20:15:59.468539Z" }, { "id": "DEBIAN-CVE-2025-68160", - "modified": "2026-02-23T15:01:30.829710Z" + "modified": "2026-02-01T20:15:53.558839Z" }, { "id": "DEBIAN-CVE-2025-69418", - "modified": "2026-02-23T15:01:34.534567Z" + "modified": "2026-02-01T20:16:10.273490Z" }, { "id": "DEBIAN-CVE-2025-69419", - "modified": "2026-02-23T15:01:26.866129Z" + "modified": "2026-02-01T20:16:13.803909Z" }, { "id": "DEBIAN-CVE-2025-69420", - "modified": "2026-02-23T15:01:24.396408Z" + "modified": "2026-02-01T20:15:47.671017Z" }, { "id": "DEBIAN-CVE-2025-69421", - "modified": "2026-02-23T15:01:33.767596Z" + "modified": "2026-02-03T11:16:34.961716Z" }, { "id": "DEBIAN-CVE-2025-9230", - "modified": "2025-11-19T02:02:49.060854Z" + "modified": "2025-11-20T10:18:28.690398Z" }, { "id": "DEBIAN-CVE-2025-9231", - "modified": "2025-11-19T02:04:23.949464Z" + "modified": "2025-11-20T10:18:28.713979Z" }, { "id": "DEBIAN-CVE-2025-9232", - "modified": "2025-11-19T02:02:53.725801Z" + "modified": "2025-11-20T10:18:28.748819Z" }, { "id": "DEBIAN-CVE-2026-22795", - "modified": "2026-02-23T15:01:35.146488Z" + "modified": "2026-02-01T20:15:40.679029Z" }, { "id": "DEBIAN-CVE-2026-22796", - "modified": "2026-02-23T15:01:28.414591Z" - }, - { - "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-14T16:48:13.279039Z" + "modified": "2026-02-01T20:16:16.928963Z" }, { "id": "DLA-3008-1", - "modified": "2026-03-09T01:23:33.375630Z" + "modified": "2025-05-26T07:22:45.706031Z" }, { "id": "DLA-3325-1", - "modified": "2026-03-09T01:19:40.983935Z" + "modified": "2025-05-26T07:22:47.806974Z" }, { "id": "DLA-3449-1", - "modified": "2026-03-09T01:22:47.322805Z" + "modified": "2025-05-26T07:23:20.191820Z" }, { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" }, { "id": "DLA-3942-1", - "modified": "2026-03-09T01:22:40.686044Z" + "modified": "2025-05-26T07:23:52.994725Z" }, { "id": "DLA-3942-2", - "modified": "2026-03-09T01:21:01.728730Z" + "modified": "2025-05-26T07:23:53.056205Z" }, { "id": "DLA-4176-1", - "modified": "2026-03-09T01:20:23.459313Z" + "modified": "2025-05-26T07:02:17.127596Z" }, { "id": "DLA-4321-1", "modified": "2025-10-03T16:33:24.717173Z" }, - { - "id": "DLA-4490-1", - "modified": "2026-02-23T10:30:28.927832Z" - }, { "id": "DSA-4539-1", - "modified": "2026-03-09T02:09:20.276054Z" + "modified": "2025-05-26T07:20:57.698150Z" }, { "id": "DSA-4539-3", - "modified": "2019-10-13T00:00:00Z" + "modified": "2025-05-26T07:05:14.261652Z" }, { "id": "DSA-4661-1", - "modified": "2026-03-09T02:08:53.792348Z" + "modified": "2025-05-26T07:21:44.983880Z" }, { "id": "DSA-4807-1", - "modified": "2026-03-09T02:10:20.442914Z" + "modified": "2025-05-26T07:21:45.227381Z" }, { "id": "DSA-4855-1", - "modified": "2026-03-09T02:11:29.405206Z" + "modified": "2025-05-26T07:20:57.944135Z" }, { "id": "DSA-4875-1", - "modified": "2026-03-09T02:10:05.387501Z" + "modified": "2025-05-26T07:22:25.295971Z" }, { "id": "DSA-4963-1", - "modified": "2026-03-09T02:10:15.488747Z" + "modified": "2025-05-26T07:22:29.610492Z" }, { "id": "DSA-5103-1", - "modified": "2026-03-09T02:09:42.407559Z" + "modified": "2025-05-26T07:22:36.298650Z" }, { "id": "DSA-5139-1", - "modified": "2026-03-09T02:09:17.334653Z" + "modified": "2025-05-26T07:22:45.765450Z" }, { "id": "DSA-5169-1", - "modified": "2026-03-09T02:09:37.692763Z" + "modified": "2025-05-26T07:22:47.687377Z" }, { "id": "DSA-5343-1", - "modified": "2026-03-09T02:09:47.149297Z" + "modified": "2025-05-26T07:22:47.870882Z" }, { "id": "DSA-5417-1", - "modified": "2026-03-09T02:09:39.950679Z" + "modified": "2025-05-26T07:23:20.254324Z" }, { "id": "DSA-5532-1", - "modified": "2026-03-09T02:08:31.395482Z" + "modified": "2025-05-26T07:23:52.176093Z" }, { "id": "DSA-5764-1", - "modified": "2026-03-09T02:09:02.723874Z" + "modified": "2025-05-26T07:24:15.576601Z" }, { "id": "DSA-6015-1", @@ -5113,7 +5045,7 @@ interactions: }, { "id": "DSA-6113-1", - "modified": "2026-01-27T20:30:04.397078Z" + "modified": "2026-01-27T20:15:37.634049Z" } ] }, @@ -5122,7 +5054,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-4116", - "modified": "2025-11-19T01:08:48.534508Z" + "modified": "2025-11-20T10:10:50.058601Z" }, { "id": "DEBIAN-CVE-2017-12837", @@ -5178,11 +5110,11 @@ interactions: }, { "id": "DEBIAN-CVE-2020-16156", - "modified": "2025-11-19T02:04:25.146090Z" + "modified": "2025-11-20T10:14:36.701112Z" }, { "id": "DEBIAN-CVE-2021-36770", - "modified": "2025-11-19T01:08:50.244924Z" + "modified": "2025-11-20T10:15:44.080114Z" }, { "id": "DEBIAN-CVE-2022-48522", @@ -5190,31 +5122,31 @@ interactions: }, { "id": "DEBIAN-CVE-2023-31484", - "modified": "2025-11-19T01:01:55.072028Z" + "modified": "2025-11-20T10:17:35.627220Z" }, { "id": "DEBIAN-CVE-2023-31486", - "modified": "2025-11-19T01:06:23.122275Z" + "modified": "2025-11-20T10:17:36.081192Z" }, { "id": "DEBIAN-CVE-2023-47038", - "modified": "2025-11-19T02:02:47.808046Z" + "modified": "2025-11-20T10:16:46.343364Z" }, { "id": "DEBIAN-CVE-2024-56406", - "modified": "2025-11-19T02:04:37.240014Z" + "modified": "2025-11-20T10:17:48.686371Z" }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-19T01:12:36.316842Z" + "modified": "2025-11-20T10:18:21.143971Z" }, { "id": "DLA-3926-1", - "modified": "2026-03-09T01:20:46.118633Z" + "modified": "2025-05-26T07:21:42.385892Z" }, { "id": "DSA-5902-1", - "modified": "2026-03-09T02:09:19.793163Z" + "modified": "2025-05-26T07:24:14.898997Z" } ] }, @@ -5226,35 +5158,35 @@ interactions: "vulns": [ { "id": "DLA-3072-1", - "modified": "2026-03-09T01:22:24.680239Z" + "modified": "2025-05-26T07:22:56.848703Z" }, { "id": "DLA-3189-1", - "modified": "2022-11-15T00:00:00Z" + "modified": "2025-05-26T07:01:07.887113Z" }, { "id": "DLA-3316-1", - "modified": "2023-02-10T00:00:00Z" + "modified": "2025-05-26T07:01:13.127412Z" }, { "id": "DLA-3422-1", - "modified": "2026-03-09T01:20:56.692752Z" + "modified": "2025-05-26T07:23:26.375715Z" }, { "id": "DLA-3600-1", - "modified": "2026-03-09T01:17:49.966197Z" + "modified": "2025-05-26T07:23:40.030714Z" }, { "id": "DLA-3651-1", - "modified": "2026-03-09T01:18:05.310519Z" + "modified": "2025-05-26T07:23:53.368012Z" }, { "id": "DLA-3764-1", - "modified": "2026-03-09T01:23:22.273526Z" + "modified": "2025-05-26T07:23:55.849014Z" }, { "id": "DSA-5135-1", - "modified": "2026-03-09T02:11:21.646978Z" + "modified": "2025-05-26T07:22:46.760638Z" } ] }, @@ -5277,7 +5209,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2005-2541", - "modified": "2025-11-19T02:02:39.239715Z" + "modified": "2025-11-20T10:09:01.923782Z" }, { "id": "DEBIAN-CVE-2018-20482", @@ -5293,15 +5225,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-48303", - "modified": "2025-11-19T01:01:59.298206Z" + "modified": "2025-11-20T10:16:07.552593Z" }, { "id": "DEBIAN-CVE-2023-39804", - "modified": "2025-11-19T02:02:53.596262Z" + "modified": "2025-11-20T10:16:41.587973Z" }, { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -5309,47 +5241,47 @@ interactions: "vulns": [ { "id": "DLA-3051-1", - "modified": "2022-06-15T00:00:00Z" + "modified": "2025-05-26T07:01:56.257796Z" }, { "id": "DLA-3134-1", - "modified": "2022-10-03T00:00:00Z" + "modified": "2025-05-26T07:01:01.500124Z" }, { "id": "DLA-3161-1", - "modified": "2022-10-26T00:00:00Z" + "modified": "2025-05-26T07:01:03.882213Z" }, { "id": "DLA-3366-1", - "modified": "2023-03-24T00:00:00Z" + "modified": "2025-05-26T07:01:17.027142Z" }, { "id": "DLA-3412-1", - "modified": "2023-05-02T00:00:00Z" + "modified": "2025-05-26T07:01:20.109212Z" }, { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" }, { "id": "DLA-3972-1", - "modified": "2024-11-28T00:00:00Z" + "modified": "2025-05-26T07:02:05.284676Z" }, { "id": "DLA-4085-1", - "modified": "2025-03-18T00:00:00Z" + "modified": "2025-05-26T07:02:10.958749Z" }, { "id": "DLA-4105-1", - "modified": "2025-04-01T00:00:00Z" + "modified": "2025-05-26T07:02:13.921097Z" }, { "id": "DLA-4403-1", - "modified": "2025-12-12T00:00:00Z" + "modified": "2025-12-12T10:13:37.154747Z" } ] }, @@ -5357,7 +5289,7 @@ interactions: "vulns": [ { "id": "DLA-4016-1", - "modified": "2025-01-16T00:00:00Z" + "modified": "2025-05-26T07:02:06.504254Z" } ] }, @@ -5369,7 +5301,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-7738", - "modified": "2025-11-19T02:04:41.803240Z" + "modified": "2025-11-20T10:13:54.493707Z" }, { "id": "DEBIAN-CVE-2021-37600", @@ -5377,39 +5309,35 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3995", - "modified": "2025-11-19T01:12:36.252792Z" + "modified": "2025-11-20T10:15:45.587792Z" }, { "id": "DEBIAN-CVE-2021-3996", - "modified": "2025-11-19T02:02:48.032233Z" + "modified": "2025-11-20T10:15:45.602424Z" }, { "id": "DEBIAN-CVE-2022-0563", - "modified": "2025-11-19T01:01:57.875266Z" + "modified": "2025-11-20T10:15:24.228408Z" }, { "id": "DEBIAN-CVE-2024-28085", - "modified": "2025-11-19T01:02:00.375077Z" + "modified": "2025-11-20T10:17:41.612682Z" }, { "id": "DEBIAN-CVE-2025-14104", - "modified": "2026-03-05T17:00:58.361610Z" - }, - { - "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2025-12-29T10:11:41.788817Z" }, { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" }, { "id": "DSA-5055-1", - "modified": "2026-03-09T02:10:40.826335Z" + "modified": "2025-05-26T07:22:33.646795Z" }, { "id": "DSA-5650-1", - "modified": "2026-03-09T02:08:30.371343Z" + "modified": "2025-05-26T07:24:03.887524Z" } ] }, @@ -5417,7 +5345,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DEBIAN-CVE-2024-3094", @@ -5425,15 +5353,15 @@ interactions: }, { "id": "DEBIAN-CVE-2025-31115", - "modified": "2025-11-19T02:02:42.561876Z" + "modified": "2025-11-20T10:18:07.484724Z" }, { "id": "DSA-5123-1", - "modified": "2026-03-09T02:10:46.054497Z" + "modified": "2025-05-26T07:22:45.643786Z" }, { "id": "DSA-5895-1", - "modified": "2026-03-09T02:08:52.515269Z" + "modified": "2025-05-26T07:24:22.556406Z" } ] }, @@ -5443,7 +5371,7 @@ interactions: } headers: Content-Length: - - "21427" + - "21124" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml index 05edf39f6bf..8e5e718b1e7 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml @@ -41,11 +41,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2025-11-20T12:19:03.518975Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2025-11-20T12:19:06.047365Z" } ] }, @@ -100,11 +100,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2025-11-20T12:19:03.518975Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2025-11-20T12:19:06.047365Z" } ] }, @@ -148,7 +148,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2593 + content_length: 2914 body: | { "results": [ @@ -156,163 +156,183 @@ interactions: "vulns": [ { "id": "CVE-2016-2177", - "modified": "2026-03-15T14:17:21.434685Z" + "modified": "2026-02-04T17:07:20.830265Z" }, { "id": "CVE-2016-2182", - "modified": "2026-03-15T13:53:28.133239Z" + "modified": "2026-02-11T00:23:46.507687Z" + }, + { + "id": "CVE-2021-3449", + "modified": "2026-02-11T01:28:51.287057Z" }, { "id": "CVE-2022-2274", - "modified": "2026-03-14T00:45:56.901948Z" + "modified": "2026-02-04T08:39:06.636392Z" }, { "id": "CVE-2022-3358", - "modified": "2026-03-15T14:47:31.604761Z" + "modified": "2026-02-04T02:48:23.725190Z" + }, + { + "id": "CVE-2022-3602", + "modified": "2026-02-09T05:16:32.600597Z" + }, + { + "id": "CVE-2022-3786", + "modified": "2026-02-09T05:16:35.075756Z" }, { "id": "CVE-2022-3996", - "modified": "2026-03-14T11:52:58.776255Z" + "modified": "2026-02-10T04:36:10.071493Z" }, { "id": "CVE-2022-4203", - "modified": "2026-03-14T11:56:48.298901Z" + "modified": "2026-02-05T10:28:51.668112Z" }, { "id": "CVE-2022-4304", - "modified": "2026-03-14T11:57:20.473258Z" + "modified": "2026-02-05T10:28:49.470536Z" }, { "id": "CVE-2022-4450", - "modified": "2026-03-15T14:48:08.469047Z" + "modified": "2026-02-05T10:28:50.484996Z" }, { "id": "CVE-2023-0215", - "modified": "2026-03-15T14:49:23.597965Z" - }, - { - "id": "CVE-2023-0216", - "modified": "2026-03-14T14:54:02.977746Z" + "modified": "2026-02-05T10:28:51.134913Z" }, { "id": "CVE-2023-0217", - "modified": "2026-03-14T15:00:51.319767Z" + "modified": "2026-02-05T10:28:50.543834Z" }, { "id": "CVE-2023-0286", - "modified": "2026-03-14T11:56:55.751641Z" - }, - { - "id": "CVE-2023-0401", - "modified": "2026-03-14T12:00:52.936954Z" + "modified": "2026-02-09T05:16:33.253789Z" }, { "id": "CVE-2023-0464", - "modified": "2026-03-15T14:49:30.035544Z" + "modified": "2026-02-09T22:18:10.293356Z" }, { "id": "CVE-2023-0465", - "modified": "2026-03-15T14:49:30.574986Z" + "modified": "2026-02-09T22:18:17.592831Z" }, { "id": "CVE-2023-0466", - "modified": "2026-03-15T14:11:19.362636Z" + "modified": "2026-02-09T22:18:11.967923Z" }, { "id": "CVE-2023-1255", - "modified": "2026-03-14T12:01:08.330785Z" + "modified": "2026-02-09T22:18:18.267878Z" }, { "id": "CVE-2023-2650", - "modified": "2026-03-15T14:49:52.213092Z" + "modified": "2026-02-09T22:18:26.080181Z" }, { "id": "CVE-2023-2975", - "modified": "2026-03-15T14:49:55.221034Z" + "modified": "2026-02-10T04:37:18.998512Z" + }, + { + "id": "CVE-2023-3446", + "modified": "2026-02-09T22:19:12.057679Z" }, { "id": "CVE-2023-3817", - "modified": "2026-03-15T13:45:23.042540Z" + "modified": "2026-02-09T22:19:25.885150Z" }, { "id": "CVE-2023-4807", - "modified": "2026-03-14T12:23:37.361743Z" + "modified": "2026-02-09T22:19:43.155188Z" }, { "id": "CVE-2023-5363", - "modified": "2026-03-15T14:48:38.264647Z" + "modified": "2026-02-09T22:20:03.990636Z" }, { "id": "CVE-2023-5678", - "modified": "2026-03-15T14:48:52.838608Z" + "modified": "2026-02-09T22:20:08.013474Z" }, { "id": "CVE-2023-6129", - "modified": "2026-03-15T14:48:42.862404Z" + "modified": "2026-02-09T22:20:10.369349Z" }, { "id": "CVE-2023-6237", - "modified": "2026-03-15T14:49:12.869757Z" + "modified": "2026-02-04T16:58:48.362437Z" + }, + { + "id": "CVE-2024-0727", + "modified": "2026-02-11T01:56:44.818513Z" }, { "id": "CVE-2024-13176", - "modified": "2026-03-15T14:51:45.713332Z" + "modified": "2026-02-10T04:39:15.938128Z" }, { "id": "CVE-2024-2511", - "modified": "2026-03-15T14:51:57.642942Z" + "modified": "2026-02-04T13:58:53.696486Z" }, { "id": "CVE-2024-4603", - "modified": "2026-03-15T13:45:23.443979Z" + "modified": "2026-02-05T21:45:27.541955Z" }, { "id": "CVE-2024-4741", - "modified": "2026-03-15T14:52:19.943734Z" + "modified": "2026-02-06T05:13:28.501835Z" }, { "id": "CVE-2024-5535", - "modified": "2026-03-15T14:13:49.948991Z" + "modified": "2026-02-05T09:13:53.570915Z" + }, + { + "id": "CVE-2024-6119", + "modified": "2026-02-09T05:19:55.844811Z" }, { "id": "CVE-2024-9143", - "modified": "2026-03-15T14:52:43.827010Z" + "modified": "2026-02-09T05:19:22.729717Z" }, { "id": "CVE-2025-15467", - "modified": "2026-03-15T14:53:03.311608Z" + "modified": "2026-02-11T02:52:15.745075Z" }, { "id": "CVE-2025-68160", - "modified": "2026-03-15T14:54:12.653472Z" + "modified": "2026-02-11T01:38:55.882307Z" }, { "id": "CVE-2025-69418", - "modified": "2026-03-14T12:45:25.725090Z" + "modified": "2026-02-11T01:49:18.912304Z" }, { "id": "CVE-2025-69419", - "modified": "2026-03-15T14:54:15.145493Z" + "modified": "2026-02-11T01:49:18.331310Z" }, { "id": "CVE-2025-69420", - "modified": "2026-03-15T14:54:02.448397Z" + "modified": "2026-02-11T01:50:20.280417Z" + }, + { + "id": "CVE-2025-69421", + "modified": "2026-02-11T01:50:20.995301Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-15T14:54:18.484012Z" + "modified": "2026-02-04T03:20:05.701563Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-15T14:54:15.246161Z" + "modified": "2026-02-04T03:11:15.966181Z" }, { "id": "CVE-2026-22795", - "modified": "2026-03-15T14:55:17.107605Z" + "modified": "2026-02-04T21:35:16.876104Z" }, { "id": "CVE-2026-22796", - "modified": "2026-03-14T15:07:15.748012Z" + "modified": "2026-02-04T21:35:18.187133Z" } ] } @@ -320,7 +340,7 @@ interactions: } headers: Content-Length: - - "2593" + - "2914" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml index 8137a140483..92a91d5c979 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml @@ -170,7 +170,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4278 body: | { "results": [ @@ -189,10 +189,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" - }, { "id": "GHSA-h46c-h94j-95f3", "modified": "2026-02-04T03:44:39.385253Z" @@ -375,7 +371,7 @@ interactions: }, { "id": "GHSA-rpr3-cw39-3pxh", - "modified": "2026-03-13T22:01:03.241551Z" + "modified": "2026-02-04T04:07:52.719878Z" }, { "id": "GHSA-v585-23hc-c647", @@ -421,7 +417,7 @@ interactions: "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", - "modified": "2026-03-13T22:01:09.359414Z" + "modified": "2026-02-04T02:37:14.415320Z" }, { "id": "GHSA-hmr7-m48g-48f6", @@ -430,10 +426,6 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" - }, - { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" } ] }, @@ -446,7 +438,7 @@ interactions: }, { "id": "GHSA-gwcr-j4wh-j3cq", - "modified": "2026-03-13T21:59:32.515061Z" + "modified": "2026-02-04T04:36:55.164608Z" }, { "id": "GHSA-j26w-f9rq-mr2q", @@ -467,7 +459,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4278" Content-Type: - application/json status: 200 OK @@ -642,7 +634,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4348 body: | { "results": [ @@ -847,7 +839,7 @@ interactions: }, { "id": "GHSA-rpr3-cw39-3pxh", - "modified": "2026-03-13T22:01:03.241551Z" + "modified": "2026-02-04T04:07:52.719878Z" }, { "id": "GHSA-v585-23hc-c647", @@ -893,7 +885,7 @@ interactions: "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", - "modified": "2026-03-13T22:01:09.359414Z" + "modified": "2026-02-04T02:37:14.415320Z" }, { "id": "GHSA-hmr7-m48g-48f6", @@ -902,10 +894,6 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" - }, - { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" } ] }, @@ -918,7 +906,7 @@ interactions: }, { "id": "GHSA-gwcr-j4wh-j3cq", - "modified": "2026-03-13T21:59:32.515061Z" + "modified": "2026-02-04T04:36:55.164608Z" }, { "id": "GHSA-j26w-f9rq-mr2q", @@ -939,7 +927,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4348" Content-Type: - application/json status: 200 OK @@ -1107,14 +1095,14 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis + - TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis_disabled url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4348 body: | { "results": [ @@ -1319,7 +1307,7 @@ interactions: }, { "id": "GHSA-rpr3-cw39-3pxh", - "modified": "2026-03-13T22:01:03.241551Z" + "modified": "2026-02-04T04:07:52.719878Z" }, { "id": "GHSA-v585-23hc-c647", @@ -1365,7 +1353,7 @@ interactions: "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", - "modified": "2026-03-13T22:01:09.359414Z" + "modified": "2026-02-04T02:37:14.415320Z" }, { "id": "GHSA-hmr7-m48g-48f6", @@ -1374,10 +1362,470 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-3gh6-v5v9-6v9j", + "modified": "2026-02-04T03:12:16.534413Z" + }, + { + "id": "GHSA-gwcr-j4wh-j3cq", + "modified": "2026-02-04T04:36:55.164608Z" + }, + { + "id": "GHSA-j26w-f9rq-mr2q", + "modified": "2026-02-04T03:32:43.162423Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-264p-99wq-f4j6", + "modified": "2026-02-04T03:21:48.913313Z" + } + ] + } + ] + } + headers: + Content-Length: + - "4348" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3196 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:aws-java-sdk-core" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:aws-java-sdk-kms" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:aws-java-sdk-s3" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:jmespath-java" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.example:hello-tester" + }, + "version": "1.0-SNAPSHOT" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.core:jackson-annotations" + }, + "version": "2.6.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.core:jackson-core" + }, + "version": "2.14.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.core:jackson-databind" + }, + "version": "2.6.7.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor" + }, + "version": "2.6.7" + }, + { + "package": { + "ecosystem": "Maven", + "name": "commons-codec:commons-codec" + }, + "version": "1.10" + }, + { + "package": { + "ecosystem": "Maven", + "name": "commons-logging:commons-logging" + }, + "version": "1.1.3" + }, + { + "package": { + "ecosystem": "Maven", + "name": "joda-time:joda-time" + }, + "version": "2.8.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.commons:commons-lang3" + }, + "version": "3.12.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.httpcomponents:httpclient" + }, + "version": "4.5.5" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.httpcomponents:httpcore" + }, + "version": "4.4.9" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-continuation" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-http" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-io" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-servlets" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-util" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "software.amazon.ion:ion-java" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 4278 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-c28r-hw5m-5gv3", + "modified": "2023-11-08T04:09:28.159861Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-h46c-h94j-95f3", + "modified": "2026-02-04T03:44:39.385253Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-288c-cq4h-88gq", + "modified": "2026-02-04T04:33:29.159339Z" + }, + { + "id": "GHSA-4gq5-ch57-c2mg", + "modified": "2024-03-15T05:20:21.411726Z" + }, + { + "id": "GHSA-4w82-r329-3q67", + "modified": "2024-03-16T05:18:54.922179Z" + }, + { + "id": "GHSA-57j2-w4cx-62h2", + "modified": "2026-02-04T04:26:14.546092Z" + }, + { + "id": "GHSA-5949-rw7g-wx7w", + "modified": "2025-09-15T07:42:14.888352Z" + }, + { + "id": "GHSA-5r5r-6hpj-8gg9", + "modified": "2024-02-18T05:42:28.539166Z" + }, + { + "id": "GHSA-5ww9-j83m-q7qx", + "modified": "2024-03-15T01:17:50.016820Z" + }, + { + "id": "GHSA-645p-88qh-w398", + "modified": "2024-03-16T05:19:17.936174Z" + }, + { + "id": "GHSA-6fpp-rgj9-8rwc", + "modified": "2024-03-15T05:18:54.134884Z" + }, + { + "id": "GHSA-85cw-hj65-qqv9", + "modified": "2024-03-15T05:20:15.574552Z" + }, + { + "id": "GHSA-89qr-369f-5m5x", + "modified": "2024-02-18T05:37:27.581808Z" + }, + { + "id": "GHSA-8c4j-34r4-xr8g", + "modified": "2024-02-18T05:31:52.762759Z" + }, + { + "id": "GHSA-8w26-6f25-cm9x", + "modified": "2024-02-18T05:30:48.085017Z" }, { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" + "id": "GHSA-9gph-22xh-8x98", + "modified": "2024-02-18T05:33:27.617261Z" + }, + { + "id": "GHSA-9m6f-7xcq-8vf8", + "modified": "2024-02-18T05:32:25.400029Z" + }, + { + "id": "GHSA-c8hm-7hpq-7jhg", + "modified": "2024-03-15T01:17:19.251183Z" + }, + { + "id": "GHSA-cf6r-3wgc-h863", + "modified": "2024-02-18T05:32:56.325249Z" + }, + { + "id": "GHSA-cggj-fvv3-cqwv", + "modified": "2024-03-15T01:18:46.938616Z" + }, + { + "id": "GHSA-cjjf-94ff-43w7", + "modified": "2024-03-11T05:19:23.395848Z" + }, + { + "id": "GHSA-cmfg-87vq-g5g4", + "modified": "2024-03-15T01:18:17.903231Z" + }, + { + "id": "GHSA-cvm9-fjm9-3572", + "modified": "2024-02-18T05:25:36.165759Z" + }, + { + "id": "GHSA-f3j5-rmmp-3fc5", + "modified": "2024-03-15T05:20:35.120151Z" + }, + { + "id": "GHSA-f9xh-2qgp-cq57", + "modified": "2024-02-18T05:32:05.421673Z" + }, + { + "id": "GHSA-fmmc-742q-jg75", + "modified": "2024-03-16T05:19:55.172981Z" + }, + { + "id": "GHSA-fqwf-pjwf-7vqv", + "modified": "2024-07-03T21:22:37.578162Z" + }, + { + "id": "GHSA-gjmw-vf9h-g25v", + "modified": "2024-03-16T05:19:37.211801Z" + }, + { + "id": "GHSA-gwp4-hfv6-p7hw", + "modified": "2024-03-13T05:27:58.436849Z" + }, + { + "id": "GHSA-gww7-p5w4-wrfv", + "modified": "2024-03-15T01:05:18.790961Z" + }, + { + "id": "GHSA-h3cw-g4mq-c5x2", + "modified": "2024-02-18T05:30:45.329621Z" + }, + { + "id": "GHSA-h592-38cm-4ggp", + "modified": "2024-03-15T01:16:50.905794Z" + }, + { + "id": "GHSA-h822-r4r5-v8jg", + "modified": "2026-02-04T02:19:17.186100Z" + }, + { + "id": "GHSA-jjjh-jjxp-wpff", + "modified": "2026-02-04T02:23:59.070528Z" + }, + { + "id": "GHSA-m6x4-97wx-4q27", + "modified": "2024-02-18T05:21:54.725837Z" + }, + { + "id": "GHSA-mph4-vhrx-mv67", + "modified": "2024-03-15T01:16:21.467932Z" + }, + { + "id": "GHSA-mx7p-6679-8g3q", + "modified": "2024-03-15T01:01:46.432481Z" + }, + { + "id": "GHSA-p43x-xfjf-5jhr", + "modified": "2024-03-15T00:33:14.700288Z" + }, + { + "id": "GHSA-q93h-jc49-78gg", + "modified": "2024-03-16T05:19:47.711015Z" + }, + { + "id": "GHSA-qjw2-hr98-qgfh", + "modified": "2024-02-18T05:20:56.894470Z" + }, + { + "id": "GHSA-qr7j-h6gg-jmgc", + "modified": "2024-03-11T05:21:14.313980Z" + }, + { + "id": "GHSA-r3gr-cxrf-hg25", + "modified": "2024-06-25T14:20:21.323050Z" + }, + { + "id": "GHSA-r695-7vr9-jgc2", + "modified": "2024-02-18T05:30:45.856594Z" + }, + { + "id": "GHSA-rfx6-vp9g-rh7v", + "modified": "2024-03-11T05:17:47.425595Z" + }, + { + "id": "GHSA-rgv9-q543-rqg4", + "modified": "2026-02-04T02:40:22.352009Z" + }, + { + "id": "GHSA-rpr3-cw39-3pxh", + "modified": "2026-02-04T04:07:52.719878Z" + }, + { + "id": "GHSA-v585-23hc-c647", + "modified": "2024-02-18T05:22:38.024460Z" + }, + { + "id": "GHSA-vfqx-33qm-g869", + "modified": "2024-02-18T05:24:26.785781Z" + }, + { + "id": "GHSA-w3f4-3q6j-rh82", + "modified": "2024-03-11T05:18:22.727055Z" + }, + { + "id": "GHSA-wh8g-3j2c-rqj5", + "modified": "2024-03-15T00:31:15.123603Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-j288-q9x7-2f5v", + "modified": "2026-02-04T03:18:02.851501Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-7r82-7xv7-xcpj", + "modified": "2026-02-04T02:20:49.137443Z" + } + ] + }, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cj7v-27pg-wf7q", + "modified": "2026-02-04T02:37:14.415320Z" + }, + { + "id": "GHSA-hmr7-m48g-48f6", + "modified": "2026-02-04T03:59:52.327364Z" + }, + { + "id": "GHSA-qh8g-58pp-2wxh", + "modified": "2026-02-04T05:13:21.910792Z" } ] }, @@ -1390,7 +1838,7 @@ interactions: }, { "id": "GHSA-gwcr-j4wh-j3cq", - "modified": "2026-03-13T21:59:32.515061Z" + "modified": "2026-02-04T04:36:55.164608Z" }, { "id": "GHSA-j26w-f9rq-mr2q", @@ -1411,7 +1859,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4278" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml index ac1b483d3fd..051fdf7e018 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml @@ -586,7 +586,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml index 67959ea1664..6934f81eddf 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml @@ -214,7 +214,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -432,7 +432,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -673,7 +673,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml index f516414b0fc..6ac6f8708bb 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml @@ -364,7 +364,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 526 + content_length: 456 body: | { "results": [ @@ -406,10 +406,6 @@ interactions: { "id": "GHSA-vvfq-8hwr-qm4m", "modified": "2026-02-04T03:58:31.466756Z" - }, - { - "id": "GHSA-wx95-c6cv-8532", - "modified": "2026-02-25T10:44:01.279701Z" } ] }, @@ -427,7 +423,7 @@ interactions: } headers: Content-Length: - - "526" + - "456" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml index 0df654bb784..e63f4907e1a 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml @@ -5,7 +5,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 9305 + content_length: 172 host: api.osv.dev body: | { @@ -13,329 +13,768 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "com.android.support:animated-vector-drawable" - }, - "version": "24.0.0" - }, - { - "package": { - "ecosystem": "Maven", - "name": "com.android.support:appcompat-v7" + "name": "org.apache.logging.log4j:log4j-web" }, - "version": "24.0.0" - }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/does_not_scan_transitive_dependencies_for_pom.xml_with_no-resolve + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 16 + body: | + { + "results": [ + {} + ] + } + headers: + Content-Length: + - "16" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 386 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.android.support:mediarouter-v7" + "ecosystem": "PyPI", + "name": "django" }, - "version": "24.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "com.android.support:palette-v7" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "24.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.android.support:support-annotations" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "24.0.0" - }, + "version": "2.20.0" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/does_not_scan_transitive_dependencies_for_requirements.txt_with_no-resolve + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1011 + body: | + { + "results": [ { - "package": { - "ecosystem": "Maven", - "name": "com.android.support:support-v4" - }, - "version": "24.0.0" + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.android.support:support-vector-drawable" - }, - "version": "24.0.0" + "vulns": [ + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" - }, - "version": "10.0.0" - }, + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } + ] + } + headers: + Content-Length: + - "1011" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 997 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads" + "ecosystem": "PyPI", + "name": "click" }, - "version": "10.0.0" + "version": "8.3.1" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads-lite" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics" + "ecosystem": "PyPI", + "name": "flask-cors" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics-impl" + "ecosystem": "PyPI", + "name": "itsdangerous" }, - "version": "10.0.0" + "version": "2.2.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-appinvite" + "ecosystem": "PyPI", + "name": "jinja2" }, - "version": "10.0.0" + "version": "3.1.6" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth" + "ecosystem": "PyPI", + "name": "markupsafe" }, - "version": "10.0.0" + "version": "3.0.3" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth-base" + "ecosystem": "PyPI", + "name": "pandas" }, - "version": "10.0.0" + "version": "0.23.4" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-awareness" + "ecosystem": "PyPI", + "name": "werkzeug" }, - "version": "10.0.0" - }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/fall_back_to_the_offline_extractor_if_resolution_failed + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 880 + body: | + { + "results": [ + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-base" - }, - "version": "10.0.0" - }, + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "880" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 386 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-basement" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast" + "ecosystem": "PyPI", + "name": "flask-cors" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast-framework" + "ecosystem": "PyPI", + "name": "pandas" }, - "version": "10.0.0" + "version": "0.23.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/fall_back_to_the_offline_extractor_if_resolution_failed + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 795 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] }, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + } + ] + } + headers: + Content-Length: + - "795" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 9305 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-clearcut" + "name": "com.android.support:animated-vector-drawable" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-drive" + "name": "com.android.support:appcompat-v7" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-fitness" + "name": "com.android.support:mediarouter-v7" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-games" + "name": "com.android.support:palette-v7" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gass" + "name": "com.android.support:support-annotations" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gcm" + "name": "com.android.support:support-v4" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-identity" + "name": "com.android.support:support-vector-drawable" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-iid" + "name": "com.google.android.gms:play-services" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-instantapps" + "name": "com.google.android.gms:play-services-ads" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-location" + "name": "com.google.android.gms:play-services-ads-lite" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-maps" + "name": "com.google.android.gms:play-services-analytics" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-nearby" + "name": "com.google.android.gms:play-services-analytics-impl" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-panorama" + "name": "com.google.android.gms:play-services-appinvite" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-places" + "name": "com.google.android.gms:play-services-auth" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-plus" + "name": "com.google.android.gms:play-services-auth-base" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-safetynet" + "name": "com.google.android.gms:play-services-awareness" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager" + "name": "com.google.android.gms:play-services-base" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-api" + "name": "com.google.android.gms:play-services-basement" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + "name": "com.google.android.gms:play-services-cast" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tasks" + "name": "com.google.android.gms:play-services-cast-framework" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-vision" + "name": "com.google.android.gms:play-services-clearcut" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wallet" + "name": "com.google.android.gms:play-services-drive" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wearable" + "name": "com.google.android.gms:play-services-fitness" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics" + "name": "com.google.android.gms:play-services-games" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics-impl" + "name": "com.google.android.gms:play-services-gass" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-appindexing" + "name": "com.google.android.gms:play-services-gcm" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-auth" + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-places" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-plus" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-safetynet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-api" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tasks" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-vision" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wallet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wearable" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-appindexing" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-auth" }, "version": "10.0.0" }, @@ -539,58 +978,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 324 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" - }, - "version": "10.0.0" - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" - }, - "version": "2.14.1" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/pom.xml_multiple_registries - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 19 - body: | - { - "results": [ - {}, - {} - ] - } - headers: - Content-Length: - - "19" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -639,7 +1026,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 147 + content_length: 286 host: api.osv.dev body: | { @@ -650,6 +1037,13 @@ interactions: "name": "junit:junit" }, "version": "4.12" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.hamcrest:hamcrest-core" + }, + "version": "1.3" } ] } @@ -664,7 +1058,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 95 + content_length: 98 body: | { "results": [ @@ -672,15 +1066,16 @@ interactions: "vulns": [ { "id": "GHSA-269g-pwp5-87pp", - "modified": "2026-03-13T22:15:22.410895Z" + "modified": "2026-02-04T02:50:44.928230Z" } ] - } + }, + {} ] } headers: Content-Length: - - "95" + - "98" Content-Type: - application/json status: 200 OK @@ -690,7 +1085,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 286 + content_length: 473 host: api.osv.dev body: | { @@ -698,16 +1093,23 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "junit:junit" + "name": "org.apache.logging.log4j:log4j-api" }, - "version": "4.12" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "org.hamcrest:hamcrest-core" + "name": "org.apache.logging.log4j:log4j-core" }, - "version": "1.3" + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" } ] } @@ -715,22 +1117,39 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_non_utf8_encoding + - TestCommand_Transitive/pom.xml_transitive_default url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 98 + content_length: 381 body: | { "results": [ + {}, { "vulns": [ { - "id": "GHSA-269g-pwp5-87pp", - "modified": "2026-03-13T22:15:22.410895Z" + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" } ] }, @@ -739,7 +1158,7 @@ interactions: } headers: Content-Length: - - "98" + - "381" Content-Type: - application/json status: 200 OK @@ -781,7 +1200,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_default + - TestCommand_Transitive/pom.xml_transitive_explicit_lockfile url: https://api.osv.dev/v1/querybatch method: POST response: @@ -832,7 +1251,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 172 + content_length: 9305 host: api.osv.dev body: | { @@ -840,33 +1259,2164 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "name": "com.android.support:animated-vector-drawable" }, - "version": "2.14.1" - } - ] - } + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:appcompat-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:mediarouter-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:palette-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-annotations" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-v4" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads-lite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-appinvite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-awareness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-basement" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast-framework" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-clearcut" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-drive" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-fitness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-games" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gass" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gcm" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-places" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-plus" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-safetynet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-api" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tasks" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-vision" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wallet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wearable" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-appindexing" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-config" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-crash" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database-connection" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-messaging" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-api" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-core" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/pom.xml_transitive_native_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 628 + body: | + { + "results": [ + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cm6r-892j-jv2g", + "modified": "2023-11-08T04:08:28.014834Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "628" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 386 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_no_resolve_no_transitive + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1081 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } + ] + } + headers: + Content-Length: + - "1081" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 997 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask-cors" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pandas" + }, + "version": "0.23.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_resolution_fallback + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 880 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "880" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.0.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1604 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_native_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 9305 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:animated-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:appcompat-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:mediarouter-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:palette-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-annotations" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-v4" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads-lite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-appinvite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-awareness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-basement" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast-framework" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-clearcut" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-drive" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-fitness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-games" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gass" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gcm" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-places" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-plus" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-safetynet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-api" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tasks" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-vision" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wallet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wearable" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-appindexing" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-config" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-crash" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database-connection" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-messaging" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-api" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-core" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/resolves_transitive_dependencies_with_native_data_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 628 + body: | + { + "results": [ + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cm6r-892j-jv2g", + "modified": "2023-11-08T04:08:28.014834Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "628" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1598 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2025.2" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } headers: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_default + - TestCommand_Transitive/resolves_transitive_dependencies_with_native_data_source_for_Python_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 16 + content_length: 2083 body: | { "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, {} ] } headers: Content-Length: - - "16" + - "2083" Content-Type: - application/json status: 200 OK @@ -876,31 +3426,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 473 + content_length: 505 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-api" + "ecosystem": "PyPI", + "name": "django" }, - "version": "2.14.1" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-core" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "2.14.1" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "2.14.1" + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "numpy" + }, + "version": "2.3.1" } ] } @@ -908,39 +3465,82 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_explicit_lockfile + - TestCommand_Transitive/scan_local_disk_transitive_dependencies url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 381 + content_length: 1014 body: | { "results": [ - {}, { "vulns": [ { - "id": "GHSA-7rjr-3q55-vv33", - "modified": "2025-10-22T19:37:53.742023Z" + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" }, { - "id": "GHSA-8489-44mv-ggj8", - "modified": "2025-05-09T13:12:38.923602Z" + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" }, { - "id": "GHSA-jfh8-c2jp-5v3q", - "modified": "2025-10-22T19:37:02.616807Z" + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" }, { - "id": "GHSA-p6xc-xr62-6r2g", - "modified": "2025-05-09T13:12:54.089856Z" + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" }, { - "id": "GHSA-vc5p-v9hr-52mj", - "modified": "2026-02-04T03:10:00.616806Z" + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" } ] }, @@ -949,7 +3549,7 @@ interactions: } headers: Content-Length: - - "381" + - "1014" Content-Type: - application/json status: 200 OK @@ -959,7 +3559,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 172 + content_length: 9305 host: api.osv.dev body: | { @@ -967,459 +3567,1201 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "name": "com.android.support:animated-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:appcompat-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:mediarouter-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:palette-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-annotations" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-v4" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads-lite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-appinvite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-awareness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-basement" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast-framework" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-clearcut" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-drive" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-fitness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-games" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gass" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gcm" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" }, - "version": "2.14.1" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 16 - body: | - { - "results": [ - {} - ] - } - headers: - Content-Length: - - "16" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 9305 - host: api.osv.dev - body: | - { - "queries": [ + "version": "10.0.0" + }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:animated-vector-drawable" + "name": "com.google.android.gms:play-services-places" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:appcompat-v7" + "name": "com.google.android.gms:play-services-plus" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:mediarouter-v7" + "name": "com.google.android.gms:play-services-safetynet" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:palette-v7" + "name": "com.google.android.gms:play-services-tagmanager" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:support-annotations" + "name": "com.google.android.gms:play-services-tagmanager-api" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:support-v4" + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:support-vector-drawable" + "name": "com.google.android.gms:play-services-tasks" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" + "name": "com.google.android.gms:play-services-vision" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads" + "name": "com.google.android.gms:play-services-wallet" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads-lite" + "name": "com.google.android.gms:play-services-wearable" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics" + "name": "com.google.firebase:firebase-analytics" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics-impl" + "name": "com.google.firebase:firebase-analytics-impl" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-appinvite" + "name": "com.google.firebase:firebase-appindexing" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth" + "name": "com.google.firebase:firebase-auth" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth-base" + "name": "com.google.firebase:firebase-common" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-awareness" + "name": "com.google.firebase:firebase-config" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-base" + "name": "com.google.firebase:firebase-crash" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-basement" + "name": "com.google.firebase:firebase-database" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast" + "name": "com.google.firebase:firebase-database-connection" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast-framework" + "name": "com.google.firebase:firebase-iid" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-clearcut" + "name": "com.google.firebase:firebase-messaging" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-drive" + "name": "com.google.firebase:firebase-storage" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage-common" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-fitness" + "name": "org.apache.logging.log4j:log4j-api" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-core" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_dependencies_from_multiple_registries + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 628 + body: | + { + "results": [ + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cm6r-892j-jv2g", + "modified": "2023-11-08T04:08:28.014834Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "628" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 286 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Maven", + "name": "junit:junit" }, - "version": "10.0.0" + "version": "4.12" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-games" + "name": "org.hamcrest:hamcrest-core" }, - "version": "10.0.0" - }, + "version": "1.3" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_pom.xml_with_non_UTF-8_encoding + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 98 + body: | + { + "results": [ { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gass" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-269g-pwp5-87pp", + "modified": "2026-02-04T02:50:44.928230Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "98" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 473 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gcm" + "name": "org.apache.logging.log4j:log4j-api" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-identity" + "name": "org.apache.logging.log4j:log4j-core" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-iid" + "name": "org.apache.logging.log4j:log4j-web" }, - "version": "10.0.0" + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_by_specifying_pom.xml + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 381 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "381" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 473 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-instantapps" + "name": "org.apache.logging.log4j:log4j-api" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-location" + "name": "org.apache.logging.log4j:log4j-core" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-maps" + "name": "org.apache.logging.log4j:log4j-web" }, - "version": "10.0.0" + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_for_pom.xml_by_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 381 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "381" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 507 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-nearby" + "ecosystem": "PyPI", + "name": "django" }, - "version": "10.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-panorama" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-places" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "10.0.0" + "version": "2025.2.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-plus" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "10.0.0" + "version": "2.20.0" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_by_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1084 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-safetynet" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] }, + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager" - }, - "version": "10.0.0" - }, + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } + ] + } + headers: + Content-Length: + - "1084" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-api" + "ecosystem": "PyPI", + "name": "certifi" }, - "version": "10.0.0" + "version": "2026.2.25" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + "ecosystem": "PyPI", + "name": "chardet" }, - "version": "10.0.0" + "version": "3.0.4" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tasks" + "ecosystem": "PyPI", + "name": "click" }, - "version": "10.0.0" + "version": "8.3.1" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-vision" + "ecosystem": "PyPI", + "name": "django" }, - "version": "10.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wallet" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wearable" + "ecosystem": "PyPI", + "name": "idna" }, - "version": "10.0.0" + "version": "2.7.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics" + "ecosystem": "PyPI", + "name": "itsdangerous" }, - "version": "10.0.0" + "version": "2.2.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics-impl" + "ecosystem": "PyPI", + "name": "jinja2" }, - "version": "10.0.0" + "version": "3.1.6" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-appindexing" + "ecosystem": "PyPI", + "name": "markupsafe" }, - "version": "10.0.0" + "version": "3.0.3" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-auth" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "10.0.0" + "version": "2026.1.0.post1" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-common" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "10.0.0" + "version": "2.20.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-config" + "ecosystem": "PyPI", + "name": "urllib3" }, - "version": "10.0.0" + "version": "1.24.3" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-crash" + "ecosystem": "PyPI", + "name": "werkzeug" }, - "version": "10.0.0" - }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_with_deps.dev_API_by_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-database" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-database-connection" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-iid" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] }, + {}, + {}, + {}, + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-messaging" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-storage" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 513 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-storage-common" + "ecosystem": "PyPI", + "name": "django" }, - "version": "10.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-api" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "2.14.1" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-core" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "2.14.1" + "version": "2026.1.0.post1" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "2.14.1" + "version": "2.20.0" } ] } @@ -1427,111 +4769,95 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_native_source + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_with_deps.dev_API_by_default url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 628 + content_length: 1084 body: | { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { "vulns": [ { - "id": "GHSA-cm6r-892j-jv2g", - "modified": "2023-11-08T04:08:28.014834Z" + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { "vulns": [ { - "id": "GHSA-7rjr-3q55-vv33", - "modified": "2025-10-22T19:37:53.742023Z" + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" }, { - "id": "GHSA-8489-44mv-ggj8", - "modified": "2025-05-09T13:12:38.923602Z" + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" }, { - "id": "GHSA-jfh8-c2jp-5v3q", - "modified": "2025-10-22T19:37:02.616807Z" + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" }, { - "id": "GHSA-p6xc-xr62-6r2g", - "modified": "2025-05-09T13:12:54.089856Z" + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" }, { - "id": "GHSA-vc5p-v9hr-52mj", - "modified": "2026-02-04T03:10:00.616806Z" + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" } ] - }, - {} + } ] } headers: Content-Length: - - "628" + - "1084" Content-Type: - application/json status: 200 OK @@ -1541,24 +4867,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 324 + content_length: 507 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "2.14.1" + "version": "2025.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" } ] } @@ -1566,24 +4906,95 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_native_source + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_with_deps.dev_API_by_default url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 19 + content_length: 1084 body: | { "results": [ + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, {}, - {} + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } ] } headers: Content-Length: - - "19" + - "1084" Content-Type: - application/json status: 200 OK @@ -1593,11 +5004,32 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 386 + content_length: 1604 host: api.osv.dev body: | { "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, { "package": { "ecosystem": "PyPI", @@ -1610,7 +5042,42 @@ interactions: "ecosystem": "PyPI", "name": "flask" }, - "version": "1.0.0" + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.post1" }, { "package": { @@ -1618,6 +5085,20 @@ interactions: "name": "requests" }, "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" } ] } @@ -1625,17 +5106,20 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_no_resolve_no_transitive + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1081 + content_length: 2083 body: | { "results": [ + {}, + {}, + {}, { "vulns": [ { @@ -1659,60 +5143,129 @@ interactions: "modified": "2025-11-27T09:10:30.649595Z" }, { - "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" }, { - "id": "GHSA-rrqc-c2jx-6jgv", - "modified": "2024-10-30T19:23:59.139649Z" + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" }, { - "id": "PYSEC-2021-98", - "modified": "2023-12-06T01:01:16.755410Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" }, { - "id": "GHSA-m2qf-hxjv-5gpq", - "modified": "2025-02-21T05:42:17.337040Z" + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" }, { - "id": "PYSEC-2023-62", - "modified": "2023-11-08T04:12:28.231927Z" - } - ] - }, - { - "vulns": [ + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, { - "id": "GHSA-9hjg-9r4m-mvj7", - "modified": "2026-02-04T03:44:00.676479Z" + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" }, { - "id": "GHSA-9wx4-h78v-vm56", - "modified": "2026-02-04T02:43:42.271895Z" + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" }, { - "id": "GHSA-j8r2-6x86-q33q", - "modified": "2026-02-04T03:34:13.807518Z" + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" }, { - "id": "PYSEC-2023-74", - "modified": "2023-11-08T04:12:35.436175Z" + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" } ] - } + }, + {} ] } headers: Content-Length: - - "1081" + - "2083" Content-Type: - application/json status: 200 OK @@ -1722,11 +5275,25 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 997 + content_length: 1598 host: api.osv.dev body: | { "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, { "package": { "ecosystem": "PyPI", @@ -1734,19 +5301,26 @@ interactions: }, "version": "8.3.1" }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, { "package": { "ecosystem": "PyPI", "name": "flask" }, - "version": "1.0.0" + "version": "1.0" }, { "package": { "ecosystem": "PyPI", - "name": "flask-cors" + "name": "idna" }, - "version": "1.0.0" + "version": "2.7" }, { "package": { @@ -1772,9 +5346,23 @@ interactions: { "package": { "ecosystem": "PyPI", - "name": "pandas" + "name": "pytz" }, - "version": "0.23.4" + "version": "2025.2" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" }, { "package": { @@ -1789,18 +5377,56 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_resolution_fallback + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 880 + content_length: 2083 body: | { "results": [ {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, { "vulns": [ { @@ -1820,47 +5446,88 @@ interactions: { "vulns": [ { - "id": "GHSA-43qf-4rqw-9q2g", - "modified": "2026-02-04T02:30:19.251090Z" - }, - { - "id": "GHSA-7rxf-gvfg-47g4", - "modified": "2026-02-04T04:27:15.173118Z" - }, - { - "id": "GHSA-84pr-m4jr-85g5", - "modified": "2026-02-04T02:57:32.875272Z" + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" }, { - "id": "GHSA-8vgw-p6qm-5gr7", - "modified": "2026-02-04T02:42:09.564281Z" - }, + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ { - "id": "GHSA-hxwh-jpp2-84pm", - "modified": "2026-02-04T02:15:39.891834Z" + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" }, { - "id": "GHSA-xc3p-ff3m-f46v", - "modified": "2024-09-20T20:01:25.449661Z" + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" }, { - "id": "PYSEC-2020-43", - "modified": "2025-10-09T07:22:50.566622Z" + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" }, { - "id": "PYSEC-2024-71", - "modified": "2025-10-09T08:27:44.186589Z" + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" } ] }, - {}, - {}, - {}, { "vulns": [ { - "id": "PYSEC-2020-73", - "modified": "2023-11-08T04:02:12.263851Z" + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" } ] }, @@ -1869,7 +5536,7 @@ interactions: } headers: Content-Length: - - "880" + - "2083" Content-Type: - application/json status: 200 OK @@ -1879,7 +5546,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 1610 + content_length: 1597 host: api.osv.dev body: | { @@ -1889,7 +5556,7 @@ interactions: "ecosystem": "PyPI", "name": "certifi" }, - "version": "2026.2.25" + "version": "2026.1.4" }, { "package": { @@ -1917,14 +5584,14 @@ interactions: "ecosystem": "PyPI", "name": "flask" }, - "version": "1.0.0" + "version": "1.0" }, { "package": { "ecosystem": "PyPI", "name": "idna" }, - "version": "2.7.0" + "version": "2.7" }, { "package": { @@ -1952,7 +5619,7 @@ interactions: "ecosystem": "PyPI", "name": "pytz" }, - "version": "2026.1.0.post1" + "version": "2025.2" }, { "package": { @@ -1981,7 +5648,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_default + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: @@ -2035,7 +5702,7 @@ interactions: "vulns": [ { "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" + "modified": "2026-02-22T23:32:08.859488Z" }, { "id": "GHSA-m2qf-hxjv-5gpq", @@ -2150,7 +5817,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 1604 + content_length: 1597 host: api.osv.dev body: | { @@ -2160,7 +5827,7 @@ interactions: "ecosystem": "PyPI", "name": "certifi" }, - "version": "2026.2.25" + "version": "2026.1.4" }, { "package": { @@ -2223,7 +5890,7 @@ interactions: "ecosystem": "PyPI", "name": "pytz" }, - "version": "2026.1.post1" + "version": "2025.2" }, { "package": { @@ -2244,7 +5911,7 @@ interactions: "ecosystem": "PyPI", "name": "werkzeug" }, - "version": "3.1.6" + "version": "3.1.5" } ] } @@ -2252,14 +5919,14 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_native_source + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2083 + content_length: 2013 body: | { "results": [ @@ -2304,10 +5971,6 @@ interactions: }, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -2411,7 +6074,7 @@ interactions: } headers: Content-Length: - - "2083" + - "2013" Content-Type: - application/json status: 200 OK diff --git a/docs/github-action.md b/docs/github-action.md index c59f8ca8060..e97b4f69307 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -54,7 +54,7 @@ permissions: jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.3" ``` ### View results @@ -97,7 +97,7 @@ permissions: jobs: scan-scheduled: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" ``` As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule). @@ -184,7 +184,7 @@ Examples ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: scan-args: |- --lockfile=./path/to/lockfile1 @@ -196,7 +196,7 @@ jobs: ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: scan-args: |- --recursive @@ -222,7 +222,7 @@ jobs: name: Vulnerability scanning # makes sure the extraction step is completed before running the scanner needs: extract-deps - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: # Download the artifact uploaded in extract-deps step download-artifact: converted-OSV-Scanner-deps @@ -272,7 +272,7 @@ jobs: {target_arch: armhf}, {target_arch: aarch64} ] - uses: "extract/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "extract/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: download-artifact: "${{ matrix.platform.target_arch }}-OSV-Scanner-deps" matrix-property: "${{ matrix.platform.target_arch }}-" diff --git a/go.mod b/go.mod index f4a03b5cb5b..94defa83025 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/goccy/go-yaml v1.19.2 github.com/google/go-cmp v0.7.0 - github.com/google/osv-scalibr v0.4.6-0.20260312044221-295f3a8e913a + github.com/google/osv-scalibr v0.4.5-0.20260306165454-c7f2e9b7def6 github.com/ianlancetaylor/demangle v0.0.0-20251118225945-96ee0021ea0f github.com/jedib0t/go-pretty/v6 v6.7.8 github.com/modelcontextprotocol/go-sdk v1.4.0 diff --git a/go.sum b/go.sum index f34b2369109..04b3d85fedf 100644 --- a/go.sum +++ b/go.sum @@ -266,8 +266,8 @@ github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932 h1:5/4TSDzpDnHQ8rKEE github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932/go.mod h1:cC6EdPbj/17GFCPDK39NRarlMI+kt+O60S12cNB5J9Y= github.com/google/jsonschema-go v0.4.2 h1:tmrUohrwoLZZS/P3x7ex0WAVknEkBZM46iALbcqoRA8= github.com/google/jsonschema-go v0.4.2/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE= -github.com/google/osv-scalibr v0.4.6-0.20260312044221-295f3a8e913a h1:+gXGa5PHWGU94MoQBgS6MjHrVSuYFtkqHhc59BuMk8k= -github.com/google/osv-scalibr v0.4.6-0.20260312044221-295f3a8e913a/go.mod h1:cNGl//rZ1OcOiFkLXY5DNrhFN7JKMGf4ieQrENUfEZw= +github.com/google/osv-scalibr v0.4.5-0.20260306165454-c7f2e9b7def6 h1:RTPwT3tKKskNVRexMULZw/pHEtW+qMnb40FYRKlQWew= +github.com/google/osv-scalibr v0.4.5-0.20260306165454-c7f2e9b7def6/go.mod h1:cNGl//rZ1OcOiFkLXY5DNrhFN7JKMGf4ieQrENUfEZw= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= diff --git a/internal/imodels/imodels.go b/internal/imodels/imodels.go index 839c12a99bb..ca023bef4ad 100644 --- a/internal/imodels/imodels.go +++ b/internal/imodels/imodels.go @@ -4,7 +4,6 @@ package imodels import ( "fmt" "strings" - "sync" "github.com/google/osv-scalibr/converter" "github.com/google/osv-scalibr/extractor" @@ -30,52 +29,20 @@ var gitExtractors = map[string]struct{}{ gitrepo.Name: {}, } -// todo: SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete -var cache = sync.Map{} // map[*extractor.Package]*models.PackageInfo - -func setCache(pkg *extractor.Package) { - pi := PackageInfo{Package: pkg} - if SourceType(pi) != models.SourceTypeSBOM { - return - } - - purlStruct := converter.ToPURL(pi.Package) - - if purlStruct == nil { - return - } - - if _, ok := cache.Load(pkg); !ok { - purlCache, _ := purl.ToPackage(purlStruct.String()) - cache.Store(pkg, &purlCache) - } -} - -func getCache(pkg *extractor.Package) *models.PackageInfo { - pi := PackageInfo{Package: pkg} - if SourceType(pi) != models.SourceTypeSBOM { - return nil - } - - v, ok := cache.Load(pkg) - - if !ok || v == nil { - return nil - } - - return v.(*models.PackageInfo) -} - // PackageInfo provides getter functions for commonly used fields of inventory // and applies transformations when required for use in osv-scanner type PackageInfo struct { *extractor.Package + + // purlCache is used to cache the special case for SBOMs where we convert Name, Version, and Ecosystem from purls + // extracted from the SBOM + purlCache *models.PackageInfo } func Name(pkg PackageInfo) string { // TODO(v2): SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete - if purlCache := getCache(pkg.Package); purlCache != nil { - return purlCache.Name + if pkg.purlCache != nil { + return pkg.purlCache.Name } // --- Make specific patches to names as necessary --- @@ -134,8 +101,8 @@ func Ecosystem(pkg PackageInfo) osvecosystem.Parsed { } // TODO(v2): SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete - if purlCache := getCache(pkg.Package); purlCache != nil { - newEco, err := osvecosystem.Parse(purlCache.Ecosystem) + if pkg.purlCache != nil { + newEco, err := osvecosystem.Parse(pkg.purlCache.Ecosystem) if err != nil { cmdlogger.Warnf("Warning: error parsing osvscanner.json ecosystem: %s", err.Error()) return eco @@ -149,8 +116,8 @@ func Ecosystem(pkg PackageInfo) osvecosystem.Parsed { func Version(pkg PackageInfo) string { // TODO(v2): SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete - if purlCache := getCache(pkg.Package); purlCache != nil { - return purlCache.Version + if pkg.purlCache != nil { + return pkg.purlCache.Version } // Assume Go stdlib patch version as the latest version @@ -235,8 +202,13 @@ func OSPackageName(pkg PackageInfo) string { // FromPackage converts an extractor.Package into a PackageInfo. func FromPackage(pkg *extractor.Package) PackageInfo { pi := PackageInfo{Package: pkg} - - setCache(pkg) + if SourceType(pi) == models.SourceTypeSBOM { + purlStruct := converter.ToPURL(pi.Package) + if purlStruct != nil { + purlCache, _ := purl.ToPackage(purlStruct.String()) + pi.purlCache = &purlCache + } + } return pi } diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap index 1f7c79c5f5c..01a90f591b1 100755 --- a/internal/output/__snapshots__/sarif_test.snap +++ b/internal/output/__snapshots__/sarif_test.snap @@ -212,7 +212,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -262,7 +262,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -312,7 +312,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -362,7 +362,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -412,7 +412,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -462,7 +462,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -512,7 +512,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -562,7 +562,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -612,7 +612,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -662,7 +662,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -712,7 +712,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -762,7 +762,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -812,7 +812,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -862,7 +862,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -912,7 +912,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -962,7 +962,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1012,7 +1012,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1062,7 +1062,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1291,7 +1291,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1520,7 +1520,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1749,7 +1749,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1868,7 +1868,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1918,7 +1918,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2037,7 +2037,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2156,7 +2156,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2275,7 +2275,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2394,7 +2394,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2762,7 +2762,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3130,7 +3130,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3180,7 +3180,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3409,7 +3409,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3777,7 +3777,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4145,7 +4145,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4513,7 +4513,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4563,7 +4563,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4613,7 +4613,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4663,7 +4663,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4713,7 +4713,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4888,7 +4888,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5007,7 +5007,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5126,7 +5126,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5245,7 +5245,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5364,7 +5364,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5483,7 +5483,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5639,7 +5639,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5795,7 +5795,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5951,7 +5951,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6070,7 +6070,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6189,7 +6189,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6364,7 +6364,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6483,7 +6483,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6647,7 +6647,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, diff --git a/internal/spdx/licenses.go b/internal/spdx/licenses.go index b57ef8788c1..94ffc3dbef0 100644 --- a/internal/spdx/licenses.go +++ b/internal/spdx/licenses.go @@ -69,7 +69,6 @@ var IDs = map[string]bool{ "blueoak-1.0.0": true, "boehm-gc": true, "boehm-gc-without-fee": true, - "bola-1.1": true, "borceux": true, "brian-gladman-2-clause": true, "brian-gladman-3-clause": true, @@ -564,7 +563,6 @@ var IDs = map[string]bool{ "opl-1.0": true, "opl-uk-3.0": true, "opubl-1.0": true, - "osc-1.0": true, "oset-pl-2.1": true, "osl-1.0": true, "osl-1.1": true, diff --git a/internal/version/version.go b/internal/version/version.go index 4556d26ba14..d407dac6f28 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -2,4 +2,4 @@ package version // OSVVersion is the current release version, you should update this variable when doing a release -const OSVVersion = "2.3.4" +const OSVVersion = "2.3.3" diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 6cbb691b20f..1c2786ef2a2 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -306,11 +306,10 @@ func DoContainerScan(actions ScannerActions) (models.VulnerabilityResults, error }() capabilities := &plugin.Capabilities{ - DirectFS: true, - RunningSystem: false, - Network: plugin.NetworkOnline, - OS: plugin.OSLinux, - AllowUnsafePlugins: true, + DirectFS: true, + RunningSystem: false, + Network: plugin.NetworkOnline, + OS: plugin.OSLinux, } if actions.CompareOffline { @@ -318,7 +317,6 @@ func DoContainerScan(actions ScannerActions) (models.VulnerabilityResults, error } plugins = plugin.FilterByCapabilities(plugins, capabilities) - logUnsafePlugins(plugins) // --- Do Scalibr Scan --- scanner := scalibr.New() diff --git a/pkg/osvscanner/scan.go b/pkg/osvscanner/scan.go index bb311623049..cfa947ee25f 100644 --- a/pkg/osvscanner/scan.go +++ b/pkg/osvscanner/scan.go @@ -32,14 +32,6 @@ import ( var ErrExtractorNotFound = errors.New("could not determine extractor suitable to this file") -func logUnsafePlugins(plugins []plugin.Plugin) { - for _, plug := range plugins { - if plug.Requirements() != nil && plug.Requirements().AllowUnsafePlugins { - cmdlogger.Warnf("Warning: plugin %s can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.", plug.Name()) - } - } -} - func configurePlugins(plugins []plugin.Plugin, accessors ExternalAccessors, actions ScannerActions) { for _, plug := range plugins { vendored.Configure(plug, vendored.Config{ @@ -220,25 +212,21 @@ SBOMLoop: return nil, fmt.Errorf("failed to parse exclude patterns: %w", err) } - capabilities := plugin.Capabilities{ - DirectFS: true, - RunningSystem: true, - Network: plugin.NetworkOnline, - OS: osCapability, - AllowUnsafePlugins: true, - } - - if actions.CompareOffline { - capabilities.Network = plugin.NetworkOffline - } - - filteredPlugins := append(plugin.FilterByCapabilities(plugins, &capabilities), gitDirectPlugin) - logUnsafePlugins(filteredPlugins) - // For each root, run scalibr's scan() once. for root, paths := range rootMap { + capabilities := plugin.Capabilities{ + DirectFS: true, + RunningSystem: true, + Network: plugin.NetworkOnline, + OS: osCapability, + } + + if actions.CompareOffline { + capabilities.Network = plugin.NetworkOffline + } + sr := scanner.Scan(context.Background(), &scalibr.ScanConfig{ - Plugins: filteredPlugins, + Plugins: append(plugin.FilterByCapabilities(plugins, &capabilities), gitDirectPlugin), Capabilities: &capabilities, ScanRoots: fs.RealFSScanRoots(root), PathsToExtract: paths, From f85de74b22bae13905e94e8db68bac1361e6a195 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 06:22:31 +0000 Subject: [PATCH 7/8] test: update CI snapshot failures Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../image/__snapshots__/command_test.snap | 4458 ++++++++++++++++- .../__snapshots__/osvscanner_test.snap | 14 +- 2 files changed, 4454 insertions(+), 18 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 0a8d50cda19..93cf16aa947 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -113,50 +113,134 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 2 packages affected by 2 known vulnerabilities (2 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. +1 vulnerability can be fixed. + + +Alpine ++------------------------------------------------------------------------------------------------+ +| Source:sbom:/data/alpine-zlib-16.cdx.json:lib/apk/db/installed | ++---------+-------------------+------------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+------------------+------------+------------------+---------------+ +| zlib | 1.2.12-r1 | No fix available | 1 | # 2 Layer | -- | ++---------+-------------------+------------------+------------+------------------+---------------+ +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + --- [TestCommand_ExplicitExtractors_WithDefaults/add_extractors - 2] -failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out - 2] -failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out#01 - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out#01 - 2] -failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 2] -failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +0 vulnerabilities can be fixed. + ++---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | ++---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ +| https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | ++---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ + --- [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 2] -failed to load image from tarball with path "testdata/test-alpine-sbom.tar": open testdata/test-alpine-sbom.tar: no such file or directory --- @@ -189,7 +273,265 @@ at least one extractor must be enabled [TestCommand_HtmlFile - 1] Scanning local image tarball "./testdata/test-alpine.tar" -failed to load image from tarball with path "./testdata/test-alpine.tar": open ./testdata/test-alpine.tar: no such file or directory +HTML output available at: /report.html + +--- + +[TestCommand_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 1] +Scanning local image tarball "./testdata/test-alpine.tar" + + +Container Scanning Result (Alpine Linux v3.18) (Based on "alpine" image): +Total 5 packages affected by 65 known vulnerabilities (6 Critical, 33 High, 26 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +65 vulnerabilities can be fixed. + + +Alpine:v3.18 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 2 | apk-tools | # 3 Layer | -- | +| busybox | 1.30.1-r5 | Fix Available | 19 | busybox, ssl_client | # 3 Layer | -- | +| musl | 1.1.22-r4 | Fix Available | 3 | musl, musl-utils | # 3 Layer | -- | +| openssl | 1.1.1k-r0 | Fix Available | 39 | libcrypto1.1... (2) | # 3 Layer | -- | +| zlib | 1.2.11-r1 | Fix Available | 2 | zlib | # 3 Layer | -- | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 2] + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_no_vulns_shown - 1] +Scanning local image tarball "./testdata/test-ubuntu-20-04.tar" +Package Ubuntu:20.04/util-linux/1:2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/coreutils/8.30-3ubuntu2 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/dpkg/1.19.7ubuntu3.2 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gnupg2/2.2.19-3ubuntu2.4 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pcre2/10.34-7ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/libtasn1-6/4.16.0-2ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns +Filtered 38 ignored package/s from the scan. + + +Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): +Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +0 vulnerabilities can be fixed. + + + +Hiding 1 number of vulnerabilities deemed unimportant, use --all-vulns to show them. +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_no_vulns_shown - 2] + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_only_unimportant_vulns_shown - 1] +Scanning local image tarball "./testdata/test-ubuntu-20-04.tar" +Package Ubuntu:20.04/util-linux/1:2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/coreutils/8.30-3ubuntu2 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/dpkg/1.19.7ubuntu3.2 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gnupg2/2.2.19-3ubuntu2.4 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/glibc/2.31-0ubuntu9.17 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pam/1.3.1-5ubuntu4.7 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/pcre2/10.34-7ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/libtasn1-6/4.16.0-2ubuntu0.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/systemd/245.4-4ubuntu3.24 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns +Filtered 38 ignored package/s from the scan. + + +Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): +Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +0 vulnerabilities can be fixed. + + + +Filtered Vulnerabilities: ++---------+--------------+--------------------+---------------------+----------------+ +| PACKAGE | ECOSYSTEM | INSTALLED VERSION | FILTERED VULN COUNT | FILTER REASONS | ++---------+--------------+--------------------+---------------------+----------------+ +| pcre3 | Ubuntu:20.04 | 2:8.39-12ubuntu0.1 | 1 | Unimportant | ++---------+--------------+--------------------+---------------------+----------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_20.04_image_tar_with_only_unimportant_vulns_shown - 2] + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar - 1] +Scanning local image tarball "./testdata/test-ubuntu.tar" + + +Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): +Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. +24 vulnerabilities can be fixed. + + +Ubuntu:22.04 ++---------------------------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/var/lib/dpkg/status | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ +| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | +| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | +| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | +| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | +| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | +| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | +| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | +| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | +| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | +| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | +| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | +| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | +| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | +| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ + +Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar - 2] + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar_with_unimportant_vulns - 1] +Scanning local image tarball "./testdata/test-ubuntu.tar" + + +Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): +Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. +24 vulnerabilities can be fixed. + + +Ubuntu:22.04 ++---------------------------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/var/lib/dpkg/status | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ +| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | +| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | +| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | +| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | +| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | +| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | +| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | +| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | +| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | +| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | +| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | +| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | +| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | +| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ + +Filtered Vulnerabilities: ++---------+--------------+--------------------------+---------------------+----------------+ +| PACKAGE | ECOSYSTEM | INSTALLED VERSION | FILTERED VULN COUNT | FILTER REASONS | ++---------+--------------+--------------------------+---------------------+----------------+ +| glibc | Ubuntu:22.04 | 2.35-0ubuntu3.8 | 1 | Unimportant | +| krb5 | Ubuntu:22.04 | 1.19.2-2ubuntu0.4 | 2 | Unimportant | +| pcre3 | Ubuntu:22.04 | 2:8.39-13ubuntu0.22.04.1 | 1 | Unimportant | +| perl | Ubuntu:22.04 | 5.34.0-3ubuntu1.3 | 1 | Unimportant | ++---------+--------------+--------------------------+---------------------+----------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Empty_Ubuntu_22.04_image_tar_with_unimportant_vulns - 2] --- @@ -202,3 +544,4107 @@ Scanning local image tarball "../../testdata/locks-manyoci-image/no-file-here.ta failed to load image from tarball with path "../../testdata/locks-manyoci-image/no-file-here.tar": open ../../testdata/locks-manyoci-image/no-file-here.tar: no such file or directory --- + +[TestCommand_OCIImage/Scanning_Ubuntu_image_with_go_OS_packages_json - 1] +Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" + + +Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): +Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. +24 vulnerabilities can be fixed. + + +Ubuntu:22.04 ++---------------------------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/var/lib/dpkg/status | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ +| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | +| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | +| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | +| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | +| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | +| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | +| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | +| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | +| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | +| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | +| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | +| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | +| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | +| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | ++----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ + +Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Scanning_Ubuntu_image_with_go_OS_packages_json - 2] + +--- + +[TestCommand_OCIImage/Scanning_java_image_with_some_packages - 1] +Scanning local image tarball "./testdata/test-java-full.tar" + + +Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): +Total 24 packages affected by 61 known vulnerabilities (4 Critical, 24 High, 29 Medium, 3 Low, 1 Unknown) from 2 ecosystems. +61 vulnerabilities can be fixed. + + +Maven ++-------------------------------------------------------------------------------------------------------------------------------+ +| Source:artifact:/app/target.jar | ++-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ +| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 2 | # 12 Layer | -- | +| com.google.protobuf:protobuf-java | 3.21.12 | Fix Available | 1 | # 12 Layer | -- | +| com.nimbusds:nimbus-jose-jwt | 9.31 | Fix Available | 2 | # 12 Layer | -- | +| commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | +| dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- | +| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | +| io.netty:netty-handler | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| org.apache.avro:avro | 1.9.2 | Fix Available | 2 | # 12 Layer | -- | +| org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | +| org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 2 | # 12 Layer | -- | +| org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | +| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 1 | # 12 Layer | -- | ++-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ +Alpine:v3.21 ++-----------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ +| busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | +| expat | 2.6.4-r0 | Fix Available | 4 | libexpat | # 5 Layer | eclipse-temurin | +| gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | +| libpng | 1.6.44-r0 | Fix Available | 7 | libpng | # 5 Layer | eclipse-temurin | +| libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | +| musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | +| openssl | 3.3.2-r4 | Fix Available | 15 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | +| sqlite | 3.47.1-r0 | Fix Available | 4 | sqlite-libs | # 5 Layer | eclipse-temurin | ++----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Scanning_java_image_with_some_packages - 2] + +--- + +[TestCommand_OCIImage/Scanning_python_image_with_no_packages - 1] +Scanning local image tarball "./testdata/test-python-empty.tar" + + +Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): +Total 15 packages affected by 27 known vulnerabilities (0 Critical, 7 High, 4 Medium, 2 Low, 14 Unknown) from 2 ecosystems. +27 vulnerabilities can be fixed. + + +PyPI ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| pip | 23.0.1 | Fix Available | 3 | # 7 Layer | python | ++---------+-------------------+---------------+------------+------------------+---------------+ ++------------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl | ++------------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++------------+-------------------+---------------+------------+------------------+---------------+ +| setuptools | 58.1.0 | Fix Available | 3 | # 7 Layer | python | ++------------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| pip | 23.0.1 | Fix Available | 3 | # 13 Layer | python | ++---------+-------------------+---------------+------------+------------------+---------------+ ++------------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | ++------------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++------------+-------------------+---------------+------------+------------------+---------------+ +| setuptools | 58.1.0 | Fix Available | 3 | # 13 Layer | python | ++------------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| wheel | 0.40.0 | Fix Available | 1 | # 13 Layer | python | ++---------+-------------------+---------------+------------+------------------+---------------+ +Debian:10 ++-----------------------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/var/lib/dpkg/status | ++------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ +| debian-archive-keyring | 2019.1+deb10u1 | Fix Available | 1 | debian-archive-keyri... (1) | # 0 Layer | debian | +| expat | 2.2.6-2+deb10u6 | Fix Available | 1 | libexpat1 | # 7 Layer | python | +| glibc | 2.28-10+deb10u2 | Fix Available | 2 | libc-bin, libc6 | # 0 Layer | debian | +| gnutls28 | 3.6.7-4+deb10u10 | Fix Available | 2 | libgnutls30 | # 0 Layer | debian | +| ncurses | 6.1+20181013-2+deb10u3 | Fix Available | 2 | libncursesw6... (4) | # 0 Layer | debian | +| openssl | 1.1.1n-0+deb10u5 | Fix Available | 1 | libssl1.1, openssl | # 4 Layer | python | +| systemd | 241-7~deb10u9 | Fix Available | 1 | libsystemd0... (2) | # 0 Layer | debian | +| tar | 1.30+dfsg-6 | Fix Available | 1 | tar | # 0 Layer | debian | +| tzdata | 2021a-0+deb10u11 | Fix Available | 2 | tzdata | # 0 Layer | debian | +| util-linux | 2.33.1-0.1 | Fix Available | 1 | fdisk, libblkid1... (8) | # 0 Layer | debian | ++------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Scanning_python_image_with_no_packages - 2] + +--- + +[TestCommand_OCIImage/Scanning_python_image_with_some_packages - 1] +Scanning local image tarball "./testdata/test-python-full.tar" + + +Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): +Total 21 packages affected by 51 known vulnerabilities (1 Critical, 18 High, 15 Medium, 2 Low, 15 Unknown) from 2 ecosystems. +51 vulnerabilities can be fixed. + + +PyPI ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| pip | 23.0.1 | Fix Available | 3 | # 7 Layer | python | ++---------+-------------------+---------------+------------+------------------+---------------+ ++------------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl | ++------------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++------------+-------------------+---------------+------------+------------------+---------------+ +| setuptools | 58.1.0 | Fix Available | 3 | # 7 Layer | python | ++------------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/Django-1.11.29.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| django | 1.11.29 | Fix Available | 7 | # 17 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/Flask-0.12.2.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| flask | 0.12.2 | Fix Available | 3 | # 17 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| idna | 2.7 | Fix Available | 1 | # 17 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| pip | 23.0.1 | Fix Available | 3 | # 13 Layer | python | ++---------+-------------------+---------------+------------+------------------+---------------+ ++----------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/requests-2.20.0.dist-info/METADATA | ++----------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++----------+-------------------+---------------+------------+------------------+---------------+ +| requests | 2.20.0 | Fix Available | 3 | # 17 Layer | -- | ++----------+-------------------+---------------+------------+------------------+---------------+ ++------------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | ++------------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++------------+-------------------+---------------+------------+------------------+---------------+ +| setuptools | 58.1.0 | Fix Available | 3 | # 13 Layer | python | ++------------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/urllib3-1.24.3.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| urllib3 | 1.24.3 | Fix Available | 9 | # 17 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++----------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA | ++----------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++----------+-------------------+---------------+------------+------------------+---------------+ +| werkzeug | 3.1.4 | Fix Available | 1 | # 17 Layer | -- | ++----------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| wheel | 0.40.0 | Fix Available | 1 | # 13 Layer | python | ++---------+-------------------+---------------+------------+------------------+---------------+ +Debian:10 ++-----------------------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/var/lib/dpkg/status | ++------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ +| debian-archive-keyring | 2019.1+deb10u1 | Fix Available | 1 | debian-archive-keyri... (1) | # 0 Layer | debian | +| expat | 2.2.6-2+deb10u6 | Fix Available | 1 | libexpat1 | # 7 Layer | python | +| glibc | 2.28-10+deb10u2 | Fix Available | 2 | libc-bin, libc6 | # 0 Layer | debian | +| gnutls28 | 3.6.7-4+deb10u10 | Fix Available | 2 | libgnutls30 | # 0 Layer | debian | +| ncurses | 6.1+20181013-2+deb10u3 | Fix Available | 2 | libncursesw6... (4) | # 0 Layer | debian | +| openssl | 1.1.1n-0+deb10u5 | Fix Available | 1 | libssl1.1, openssl | # 4 Layer | python | +| systemd | 241-7~deb10u9 | Fix Available | 1 | libsystemd0... (2) | # 0 Layer | debian | +| tar | 1.30+dfsg-6 | Fix Available | 1 | tar | # 0 Layer | debian | +| tzdata | 2021a-0+deb10u11 | Fix Available | 2 | tzdata | # 0 Layer | debian | +| util-linux | 2.33.1-0.1 | Fix Available | 1 | fdisk, libblkid1... (8) | # 0 Layer | debian | ++------------------------+------------------------+---------------+------------+-----------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/Scanning_python_image_with_some_packages - 2] + +--- + +[TestCommand_OCIImage/scanning_image_with_go_binary - 1] +Scanning local image tarball "./testdata/test-package-tracing.tar" + + +Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image): +Total 9 packages affected by 195 known vulnerabilities (2 Critical, 6 High, 11 Medium, 2 Low, 174 Unknown) from 2 ecosystems. +195 vulnerabilities can be fixed. + + +Go ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/go/bin/more-vuln-overwrite-less-vuln | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| stdlib | 1.22.4 | Fix Available | 29 | # 9 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/go/bin/ptf-1.2.0 | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| stdlib | 1.22.4 | Fix Available | 29 | # 2 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/go/bin/ptf-1.3.0 | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| stdlib | 1.22.4 | Fix Available | 29 | # 4 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/go/bin/ptf-1.3.0-moved | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| stdlib | 1.22.4 | Fix Available | 29 | # 3 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/go/bin/ptf-1.4.0 | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| stdlib | 1.22.4 | Fix Available | 29 | # 2 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------+ +| Source:artifact:/go/bin/ptf-vulnerable | ++---------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------+-------------------+---------------+------------+------------------+---------------+ +| stdlib | 1.22.4 | Fix Available | 29 | # 7 Layer | -- | ++---------+-------------------+---------------+------------+------------------+---------------+ +Alpine:v3.20 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r29 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | +| musl | 1.2.5-r0 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | +| openssl | 3.3.1-r0 | Fix Available | 18 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_image_with_go_binary - 2] + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_with_detector_preset - 1] +Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" + + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_with_detector_preset - 2] + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_disabled - 1] +Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" + + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_disabled - 2] + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_enabled - 1] +Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" + + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_with_specific_detector_enabled - 2] + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_without_detectors - 1] +Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" + + +Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +1 vulnerability can be fixed. + + +Alpine:v3.10 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| apk-tools | 2.10.6-r0 | Fix Available | 1 | apk-tools | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_insecure_alpine_image_without_detectors - 2] + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_npm_with_no_packages - 1] +Scanning local image tarball "./testdata/test-node_modules-npm-empty.tar" + + +Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): +Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +15 vulnerabilities can be fixed. + + +Alpine:v3.19 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | +| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_npm_with_no_packages - 2] + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_npm_with_some_packages - 1] +Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" + + +Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): +Total 4 packages affected by 17 known vulnerabilities (3 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 2 ecosystems. +16 vulnerabilities can be fixed. + + +npm ++-------------------------------------------------------------------------------------------------+ +| Source:artifact:/prod/app/node_modules/.package-lock.json | ++----------+-------------------+------------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++----------+-------------------+------------------+------------+------------------+---------------+ +| cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | +| minimist | 0.0.8 | Fix Available | 1 | # 13 Layer | -- | ++----------+-------------------+------------------+------------+------------------+---------------+ +Alpine:v3.19 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | +| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_npm_with_some_packages - 2] + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 1] +Scanning local image tarball "./testdata/test-node_modules-pnpm-empty.tar" + + +Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): +Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +15 vulnerabilities can be fixed. + + +Alpine:v3.19 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | +| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 2] + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 1] +Scanning local image tarball "./testdata/test-node_modules-pnpm-full.tar" + + +Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): +Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +15 vulnerabilities can be fixed. + + +Alpine:v3.19 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | +| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 2] + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 1] +Scanning local image tarball "./testdata/test-node_modules-yarn-empty.tar" + + +Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): +Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +15 vulnerabilities can be fixed. + + +Alpine:v3.19 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | +| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 2] + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 1] +Scanning local image tarball "./testdata/test-node_modules-yarn-full.tar" + + +Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): +Total 2 packages affected by 15 known vulnerabilities (1 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +15 vulnerabilities can be fixed. + + +Alpine:v3.19 ++------------------------------------------------------------------------------------------------------------------------------+ +| Source:os:/lib/apk/db/installed | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ +| busybox | 1.36.1-r15 | Fix Available | 6 | busybox... (3) | # 0 Layer | alpine | +| openssl | 3.1.4-r5 | Fix Available | 9 | libcrypto3, libssl3 | # 0 Layer | alpine | ++----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ + +For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. +You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical `. + +--- + +[TestCommand_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 2] + +--- + +[TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 1] +{ + "results": [ + { + "source": { + "path": "/usr/local/lib/python3.9/ensurepip/_bundled/pip-23.0.1-py3-none-any.whl", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "pip", + "version": "23.0.1", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 7 + } + }, + "groups": 3, + "vulnerabilities": [ + "PYSEC-2023-228", + "GHSA-4xh5-x5gv-qwph", + "GHSA-6vgw-5pg2-w6jp", + "GHSA-mq26-g339-26xf" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/ensurepip/_bundled/setuptools-58.1.0-py3-none-any.whl", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "setuptools", + "version": "58.1.0", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 7 + } + }, + "groups": 3, + "vulnerabilities": [ + "PYSEC-2022-43012", + "PYSEC-2025-49", + "GHSA-5rjg-fvgr-3xxf", + "GHSA-cx63-2mw6-8hw5", + "GHSA-r9hx-vwmv-q579" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/Django-1.11.29.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "django", + "version": "1.11.29", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 17 + } + }, + "groups": 7, + "vulnerabilities": [ + "PYSEC-2021-98", + "GHSA-68w8-qjq3-2gfm", + "GHSA-6w2r-r2m5-xq5w", + "GHSA-7xr5-9hcq-chf9", + "GHSA-8x94-hmjh-97hq", + "GHSA-frmv-pr5f-9mcr", + "GHSA-qw25-v68c-qjf3", + "GHSA-rrqc-c2jx-6jgv" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/Flask-0.12.2.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "flask", + "version": "0.12.2", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 17 + } + }, + "groups": 3, + "vulnerabilities": [ + "PYSEC-2018-66", + "PYSEC-2019-179", + "PYSEC-2023-62", + "GHSA-562c-5r94-xh97", + "GHSA-5wv5-4vpf-pj6m", + "GHSA-m2qf-hxjv-5gpq" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "idna", + "version": "2.7", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 17 + } + }, + "groups": 1, + "vulnerabilities": [ + "PYSEC-2024-60", + "GHSA-jjg7-2v4v-x38h" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/pip-23.0.1.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "pip", + "version": "23.0.1", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 13 + } + }, + "groups": 3, + "vulnerabilities": [ + "PYSEC-2023-228", + "GHSA-4xh5-x5gv-qwph", + "GHSA-6vgw-5pg2-w6jp", + "GHSA-mq26-g339-26xf" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/requests-2.20.0.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "requests", + "version": "2.20.0", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 17 + } + }, + "groups": 3, + "vulnerabilities": [ + "PYSEC-2023-74", + "GHSA-9hjg-9r4m-mvj7", + "GHSA-9wx4-h78v-vm56", + "GHSA-j8r2-6x86-q33q" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "setuptools", + "version": "58.1.0", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 13 + } + }, + "groups": 3, + "vulnerabilities": [ + "PYSEC-2022-43012", + "PYSEC-2025-49", + "GHSA-5rjg-fvgr-3xxf", + "GHSA-cx63-2mw6-8hw5", + "GHSA-r9hx-vwmv-q579" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/urllib3-1.24.3.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "urllib3", + "version": "1.24.3", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 17 + } + }, + "groups": 9, + "vulnerabilities": [ + "PYSEC-2020-148", + "PYSEC-2021-108", + "PYSEC-2023-192", + "PYSEC-2023-212", + "GHSA-2xpw-w6gg-jr37", + "GHSA-34jh-p97f-mpxf", + "GHSA-38jv-5279-wg99", + "GHSA-g4mx-q9vg-27p4", + "GHSA-gm62-xv2j-4w53", + "GHSA-pq67-6m6q-mj2v", + "GHSA-v845-jxx5-vc9f", + "GHSA-wqvq-5m8c-6g24" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "werkzeug", + "version": "3.1.4", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 17 + } + }, + "groups": 1, + "vulnerabilities": [ + "GHSA-87hc-h4r5-73f7" + ] + } + ] + }, + { + "source": { + "path": "/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "wheel", + "version": "0.40.0", + "ecosystem": "PyPI", + "image_origin_details": { + "index": 13 + } + }, + "groups": 1, + "vulnerabilities": [ + "GHSA-8rrh-rw8j-w5fx" + ] + } + ] + }, + { + "source": { + "path": "/var/lib/dpkg/status", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "debian-archive-keyring", + "os_package_name": "debian-archive-keyring", + "version": "2019.1+deb10u1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3482-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "fdisk", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "libblkid1", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "glibc", + "os_package_name": "libc-bin", + "version": "2.28-10+deb10u2", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3850-1", + "DLA-3807-1" + ] + }, + { + "package": { + "name": "glibc", + "os_package_name": "libc6", + "version": "2.28-10+deb10u2", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3850-1", + "DLA-3807-1" + ] + }, + { + "package": { + "name": "expat", + "os_package_name": "libexpat1", + "version": "2.2.6-2+deb10u6", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 7 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3783-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "libfdisk1", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "gnutls28", + "os_package_name": "libgnutls30", + "version": "3.6.7-4+deb10u10", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3660-1", + "DLA-3740-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "libmount1", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libncursesw6", + "version": "6.1+20181013-2+deb10u3", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3682-1", + "DLA-3586-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "libsmartcols1", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libssl1.1", + "version": "1.1.1n-0+deb10u5", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3530-1" + ] + }, + { + "package": { + "name": "systemd", + "os_package_name": "libsystemd0", + "version": "241-7~deb10u9", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3474-1" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libtinfo6", + "version": "6.1+20181013-2+deb10u3", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3682-1", + "DLA-3586-1" + ] + }, + { + "package": { + "name": "systemd", + "os_package_name": "libudev1", + "version": "241-7~deb10u9", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3474-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "libuuid1", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "mount", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "ncurses-base", + "version": "6.1+20181013-2+deb10u3", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3682-1", + "DLA-3586-1" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "ncurses-bin", + "version": "6.1+20181013-2+deb10u3", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3682-1", + "DLA-3586-1" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "openssl", + "version": "1.1.1n-0+deb10u5", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3530-1" + ] + }, + { + "package": { + "name": "tar", + "os_package_name": "tar", + "version": "1.30+dfsg-6", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3755-1" + ] + }, + { + "package": { + "name": "tzdata", + "os_package_name": "tzdata", + "version": "2021a-0+deb10u11", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "DLA-3684-1", + "DLA-3788-1" + ] + }, + { + "package": { + "name": "util-linux", + "os_package_name": "util-linux", + "version": "2.33.1-0.1", + "ecosystem": "Debian:10", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "DLA-3782-1" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "image_metadata": { + "os": "Debian GNU/Linux 10 (buster)", + "layer_metadata": [ + { + "diff_id": "sha256:...", + "command": "ADD file:2818e508d01da218...", + "is_empty": false, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "CMD [/"bash/"]", + "is_empty": true, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "ENV PATH=/usr/local/bin:/...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV LANG=C.UTF-8", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c set -eux; ...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV GPG_KEY=E3FF2839C048B...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV PYTHON_VERSION=3.9.17", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c set -eux; ...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c set -eux; ...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV PYTHON_PIP_VERSION=23...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV PYTHON_SETUPTOOLS_VER...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV PYTHON_GET_PIP_URL=ht...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV PYTHON_GET_PIP_SHA256...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c set -eux; ...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "CMD [/"python3/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "WORKDIR /app", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "COPY ./python-fixture/req...", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c pip instal...", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "COPY python-fixture/main....", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "", + "command": "CMD [/"python/" /"main.py/"]", + "is_empty": true, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "python", + "tags": null + }, + { + "name": "debian", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 2] +Scanning local image tarball "./testdata/test-python-full.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_image_with_deprecated_packages - 1] +{ + "results": [ + { + "source": { + "path": "/app/rust_novuln_deprecated", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "url", + "version": "2.5.3", + "ecosystem": "crates.io", + "deprecated": true, + "image_origin_details": { + "index": 2 + } + } + } + ] + }, + { + "source": { + "path": "/lib/apk/db/installed", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "busybox", + "os_package_name": "busybox", + "version": "1.37.0-r19", + "ecosystem": "Alpine:v3.22", + "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "busybox", + "os_package_name": "busybox-binsh", + "version": "1.37.0-r19", + "ecosystem": "Alpine:v3.22", + "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libcrypto3", + "version": "3.5.4-r0", + "ecosystem": "Alpine:v3.22", + "commit": "8f330e62bd41c2ac23dbd866fea36fb8e22f8422", + "image_origin_details": { + "index": 0 + } + }, + "groups": 12, + "vulnerabilities": [ + "ALPINE-CVE-2025-11187", + "ALPINE-CVE-2025-15467", + "ALPINE-CVE-2025-15468", + "ALPINE-CVE-2025-15469", + "ALPINE-CVE-2025-66199", + "ALPINE-CVE-2025-68160", + "ALPINE-CVE-2025-69418", + "ALPINE-CVE-2025-69419", + "ALPINE-CVE-2025-69420", + "ALPINE-CVE-2025-69421", + "ALPINE-CVE-2026-22795", + "ALPINE-CVE-2026-22796" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libssl3", + "version": "3.5.4-r0", + "ecosystem": "Alpine:v3.22", + "commit": "8f330e62bd41c2ac23dbd866fea36fb8e22f8422", + "image_origin_details": { + "index": 0 + } + }, + "groups": 12, + "vulnerabilities": [ + "ALPINE-CVE-2025-11187", + "ALPINE-CVE-2025-15467", + "ALPINE-CVE-2025-15468", + "ALPINE-CVE-2025-15469", + "ALPINE-CVE-2025-66199", + "ALPINE-CVE-2025-68160", + "ALPINE-CVE-2025-69418", + "ALPINE-CVE-2025-69419", + "ALPINE-CVE-2025-69420", + "ALPINE-CVE-2025-69421", + "ALPINE-CVE-2026-22795", + "ALPINE-CVE-2026-22796" + ] + }, + { + "package": { + "name": "busybox", + "os_package_name": "ssl_client", + "version": "1.37.0-r19", + "ecosystem": "Alpine:v3.22", + "commit": "bd8ab811155a6087ba7480103d89e2500e3cb0eb", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "image_metadata": { + "os": "Alpine Linux v3.22", + "layer_metadata": [ + { + "diff_id": "sha256:...", + "command": "ADD alpine-minirootfs-3.22.2-x86_64.tar.gz / # buildkit", + "is_empty": false, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "CMD [/"/bin/sh/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "COPY /app/target/release/rust_novuln_deprecated /app/rust_novuln_deprecated # buildkit", + "is_empty": false, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "alpine", + "tags": null + }, + { + "name": "alpine", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_image_with_deprecated_packages - 2] +Scanning local image tarball "./testdata/test-image-with-deprecated.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_image_with_go_binary - 1] +{ + "results": [ + { + "source": { + "path": "/go/bin/ptf-1.4.0", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "github.com/BurntSushi/toml", + "version": "1.4.0", + "ecosystem": "Go", + "image_origin_details": { + "index": 2 + } + } + }, + { + "package": { + "name": "stdlib", + "version": "1.22.4", + "ecosystem": "Go", + "image_origin_details": { + "index": 2 + } + }, + "groups": 29, + "vulnerabilities": [ + "GO-2024-2963", + "GO-2024-3105", + "GO-2024-3106", + "GO-2024-3107", + "GO-2025-3373", + "GO-2025-3420", + "GO-2025-3447", + "GO-2025-3563", + "GO-2025-3750", + "GO-2025-3751", + "GO-2025-3849", + "GO-2025-3956", + "GO-2025-4006", + "GO-2025-4007", + "GO-2025-4008", + "GO-2025-4009", + "GO-2025-4010", + "GO-2025-4011", + "GO-2025-4012", + "GO-2025-4013", + "GO-2025-4014", + "GO-2025-4015", + "GO-2025-4155", + "GO-2025-4175", + "GO-2026-4337", + "GO-2026-4340", + "GO-2026-4341", + "GO-2026-4342", + "GO-2026-4403" + ] + }, + { + "package": { + "name": "ptf", + "version": "(devel)", + "ecosystem": "Go", + "image_origin_details": { + "index": 2 + } + } + } + ] + }, + { + "source": { + "path": "/lib/apk/db/installed", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "alpine-baselayout", + "os_package_name": "alpine-baselayout", + "version": "3.6.5-r0", + "ecosystem": "Alpine:v3.20", + "commit": "66187892e05b03a41d08e9acabd19b7576a1c875", + "image_origin_details": { + "index": 0 + } + } + }, + { + "package": { + "name": "alpine-baselayout", + "os_package_name": "alpine-baselayout-data", + "version": "3.6.5-r0", + "ecosystem": "Alpine:v3.20", + "commit": "66187892e05b03a41d08e9acabd19b7576a1c875", + "image_origin_details": { + "index": 0 + } + } + }, + { + "package": { + "name": "alpine-keys", + "os_package_name": "alpine-keys", + "version": "2.4-r1", + "ecosystem": "Alpine:v3.20", + "commit": "aab68f8c9ab434a46710de8e12fb3206e2930a59", + "image_origin_details": { + "index": 0 + } + } + }, + { + "package": { + "name": "apk-tools", + "os_package_name": "apk-tools", + "version": "2.14.4-r0", + "ecosystem": "Alpine:v3.20", + "commit": "d435c805af8af4171438da3ec3429c094aac4c6e", + "image_origin_details": { + "index": 0 + } + } + }, + { + "package": { + "name": "busybox", + "os_package_name": "busybox", + "version": "1.36.1-r29", + "ecosystem": "Alpine:v3.20", + "commit": "1747c01fb96905f101c25609011589d28e01cbb8", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "busybox", + "os_package_name": "busybox-binsh", + "version": "1.36.1-r29", + "ecosystem": "Alpine:v3.20", + "commit": "1747c01fb96905f101c25609011589d28e01cbb8", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "ca-certificates", + "os_package_name": "ca-certificates-bundle", + "version": "20240226-r0", + "ecosystem": "Alpine:v3.20", + "commit": "56fb003da0adcea3b59373ef6a633d0c5bfef3ac", + "image_origin_details": { + "index": 0 + } + } + }, + { + "package": { + "name": "openssl", + "os_package_name": "libcrypto3", + "version": "3.3.1-r0", + "ecosystem": "Alpine:v3.20", + "commit": "15cc530882e1e6f3dc8a77200ee8bd01cb98f53c", + "image_origin_details": { + "index": 0 + } + }, + "groups": 18, + "vulnerabilities": [ + "ALPINE-CVE-2024-12797", + "ALPINE-CVE-2024-13176", + "ALPINE-CVE-2024-5535", + "ALPINE-CVE-2024-6119", + "ALPINE-CVE-2024-9143", + "ALPINE-CVE-2025-15467", + "ALPINE-CVE-2025-15468", + "ALPINE-CVE-2025-66199", + "ALPINE-CVE-2025-68160", + "ALPINE-CVE-2025-69418", + "ALPINE-CVE-2025-69419", + "ALPINE-CVE-2025-69420", + "ALPINE-CVE-2025-69421", + "ALPINE-CVE-2025-9230", + "ALPINE-CVE-2025-9231", + "ALPINE-CVE-2025-9232", + "ALPINE-CVE-2026-22795", + "ALPINE-CVE-2026-22796" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libssl3", + "version": "3.3.1-r0", + "ecosystem": "Alpine:v3.20", + "commit": "15cc530882e1e6f3dc8a77200ee8bd01cb98f53c", + "image_origin_details": { + "index": 0 + } + }, + "groups": 18, + "vulnerabilities": [ + "ALPINE-CVE-2024-12797", + "ALPINE-CVE-2024-13176", + "ALPINE-CVE-2024-5535", + "ALPINE-CVE-2024-6119", + "ALPINE-CVE-2024-9143", + "ALPINE-CVE-2025-15467", + "ALPINE-CVE-2025-15468", + "ALPINE-CVE-2025-66199", + "ALPINE-CVE-2025-68160", + "ALPINE-CVE-2025-69418", + "ALPINE-CVE-2025-69419", + "ALPINE-CVE-2025-69420", + "ALPINE-CVE-2025-69421", + "ALPINE-CVE-2025-9230", + "ALPINE-CVE-2025-9231", + "ALPINE-CVE-2025-9232", + "ALPINE-CVE-2026-22795", + "ALPINE-CVE-2026-22796" + ] + }, + { + "package": { + "name": "musl", + "os_package_name": "musl", + "version": "1.2.5-r0", + "ecosystem": "Alpine:v3.20", + "commit": "4fe5bdbe47b100daa6380f81c4c8ea3f99b61362", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "ALPINE-CVE-2025-26519" + ] + }, + { + "package": { + "name": "musl", + "os_package_name": "musl-utils", + "version": "1.2.5-r0", + "ecosystem": "Alpine:v3.20", + "commit": "4fe5bdbe47b100daa6380f81c4c8ea3f99b61362", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "ALPINE-CVE-2025-26519" + ] + }, + { + "package": { + "name": "pax-utils", + "os_package_name": "scanelf", + "version": "1.3.7-r2", + "ecosystem": "Alpine:v3.20", + "commit": "e65a4f2d0470e70d862ef2b5c412ecf2cb9ad0a6", + "image_origin_details": { + "index": 0 + } + } + }, + { + "package": { + "name": "busybox", + "os_package_name": "ssl_client", + "version": "1.36.1-r29", + "ecosystem": "Alpine:v3.20", + "commit": "1747c01fb96905f101c25609011589d28e01cbb8", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "zlib", + "os_package_name": "zlib", + "version": "1.3.1-r1", + "ecosystem": "Alpine:v3.20", + "commit": "fad2d175bd85eb4c5566765375392a7394dfbcf2", + "image_origin_details": { + "index": 0 + } + } + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "image_metadata": { + "os": "Alpine Linux v3.20", + "layer_metadata": [ + { + "diff_id": "sha256:...", + "command": "ADD file:33ebe56b967747a97dcec01bc2559962bee8823686c9739d26be060381bbb3ca in / ", + "is_empty": false, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "CMD [/"/bin/sh/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "COPY /work/ptf-1.4.0 /go/bin/ # buildkit", + "is_empty": false, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "alpine", + "tags": null + }, + { + "name": "alpine", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_image_with_go_binary - 2] +Scanning local image tarball "./testdata/test-go-binary.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_detector_preset - 1] +{ + "results": [ + { + "source": { + "path": "/lib/apk/db/installed", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "apk-tools", + "os_package_name": "apk-tools", + "version": "2.10.6-r0", + "ecosystem": "Alpine:v3.10", + "commit": "ee458ccae264321745e9622c759baf110130eb2f", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "ALPINE-CVE-2021-36159" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "experimental_generic_findings": [ + { + "Adv": { + "ID": { + "Publisher": "SCALIBR", + "Reference": "etc-shadow-weakcredentials" + }, + "Title": "Ensure all users have strong passwords configured", + "Description": "The /etc/shadow file contains user account password hashes. These passwords must be strong and not easily guessable.", + "Recommendation": "Run the following command to reset password for the reported users:/n# change password for USER: sudo passwd USER", + "Sev": 5 + }, + "Target": { + "Extra": "/etc/shadow: The following users have weak passwords:/nuser-bcrypt/n" + }, + "Plugins": [ + "weakcredentials/etcshadow" + ], + "ExploitabilitySignals": null + } + ], + "image_metadata": { + "os": "Alpine Linux v3.10", + "layer_metadata": [ + { + "diff_id": "sha256:...", + "command": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / ", + "is_empty": false, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) CMD [/"/bin/sh/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c echo 'user-bcrypt:$2b$05$IYDlXvHmeORyyiUwu8KKuek2LE8VrxIYZ2skPvRDDNngpXJHRq7sG' /u003e/u003e /etc/shadow # buildkit", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c echo 'user-descrypt:chERDiI95PGCQ' /u003e/u003e /etc/shadow # buildkit", + "is_empty": false, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "alpine", + "tags": null + }, + { + "name": "alpine", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_detector_preset - 2] +Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_specific_detector_enabled - 1] +{ + "results": [ + { + "source": { + "path": "/lib/apk/db/installed", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "apk-tools", + "os_package_name": "apk-tools", + "version": "2.10.6-r0", + "ecosystem": "Alpine:v3.10", + "commit": "ee458ccae264321745e9622c759baf110130eb2f", + "image_origin_details": { + "index": 0 + } + }, + "groups": 1, + "vulnerabilities": [ + "ALPINE-CVE-2021-36159" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "experimental_generic_findings": [ + { + "Adv": { + "ID": { + "Publisher": "SCALIBR", + "Reference": "etc-shadow-weakcredentials" + }, + "Title": "Ensure all users have strong passwords configured", + "Description": "The /etc/shadow file contains user account password hashes. These passwords must be strong and not easily guessable.", + "Recommendation": "Run the following command to reset password for the reported users:/n# change password for USER: sudo passwd USER", + "Sev": 5 + }, + "Target": { + "Extra": "/etc/shadow: The following users have weak passwords:/nuser-bcrypt/n" + }, + "Plugins": [ + "weakcredentials/etcshadow" + ], + "ExploitabilitySignals": null + } + ], + "image_metadata": { + "os": "Alpine Linux v3.10", + "layer_metadata": [ + { + "diff_id": "sha256:...", + "command": "/bin/sh -c #(nop) ADD file:c5377eaa926bf412dd8d4a08b0a1f2399cfd708743533b0aa03b53d14cb4bb4e in / ", + "is_empty": false, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) CMD [/"/bin/sh/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c echo 'user-bcrypt:$2b$05$IYDlXvHmeORyyiUwu8KKuek2LE8VrxIYZ2skPvRDDNngpXJHRq7sG' /u003e/u003e /etc/shadow # buildkit", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c echo 'user-descrypt:chERDiI95PGCQ' /u003e/u003e /etc/shadow # buildkit", + "is_empty": false, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "alpine", + "tags": null + }, + { + "name": "alpine", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_insecure_alpine_image_with_specific_detector_enabled - 2] +Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_node_modules_using_npm_with_some_packages - 1] +{ + "results": [ + { + "source": { + "path": "/lib/apk/db/installed", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "busybox", + "os_package_name": "busybox", + "version": "1.36.1-r15", + "ecosystem": "Alpine:v3.19", + "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", + "image_origin_details": { + "index": 0 + } + }, + "groups": 6, + "vulnerabilities": [ + "ALPINE-CVE-2023-42363", + "ALPINE-CVE-2023-42364", + "ALPINE-CVE-2023-42365", + "ALPINE-CVE-2023-42366", + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "busybox", + "os_package_name": "busybox-binsh", + "version": "1.36.1-r15", + "ecosystem": "Alpine:v3.19", + "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", + "image_origin_details": { + "index": 0 + } + }, + "groups": 6, + "vulnerabilities": [ + "ALPINE-CVE-2023-42363", + "ALPINE-CVE-2023-42364", + "ALPINE-CVE-2023-42365", + "ALPINE-CVE-2023-42366", + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libcrypto3", + "version": "3.1.4-r5", + "ecosystem": "Alpine:v3.19", + "commit": "b784a22cad0c452586b438cb7a597d846fc09ff4", + "image_origin_details": { + "index": 0 + } + }, + "groups": 9, + "vulnerabilities": [ + "ALPINE-CVE-2024-13176", + "ALPINE-CVE-2024-2511", + "ALPINE-CVE-2024-4603", + "ALPINE-CVE-2024-4741", + "ALPINE-CVE-2024-5535", + "ALPINE-CVE-2024-6119", + "ALPINE-CVE-2024-9143", + "ALPINE-CVE-2025-9230", + "ALPINE-CVE-2025-9232" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libssl3", + "version": "3.1.4-r5", + "ecosystem": "Alpine:v3.19", + "commit": "b784a22cad0c452586b438cb7a597d846fc09ff4", + "image_origin_details": { + "index": 0 + } + }, + "groups": 9, + "vulnerabilities": [ + "ALPINE-CVE-2024-13176", + "ALPINE-CVE-2024-2511", + "ALPINE-CVE-2024-4603", + "ALPINE-CVE-2024-4741", + "ALPINE-CVE-2024-5535", + "ALPINE-CVE-2024-6119", + "ALPINE-CVE-2024-9143", + "ALPINE-CVE-2025-9230", + "ALPINE-CVE-2025-9232" + ] + }, + { + "package": { + "name": "busybox", + "os_package_name": "ssl_client", + "version": "1.36.1-r15", + "ecosystem": "Alpine:v3.19", + "commit": "d1b6f274f29076967826e0ecf6ebcaa5d360272f", + "image_origin_details": { + "index": 0 + } + }, + "groups": 6, + "vulnerabilities": [ + "ALPINE-CVE-2023-42363", + "ALPINE-CVE-2023-42364", + "ALPINE-CVE-2023-42365", + "ALPINE-CVE-2023-42366", + "ALPINE-CVE-2024-58251", + "ALPINE-CVE-2025-46394" + ] + } + ] + }, + { + "source": { + "path": "/prod/app/node_modules/.package-lock.json", + "type": "artifact" + }, + "packages": [ + { + "package": { + "name": "cryo", + "version": "0.0.6", + "ecosystem": "npm", + "image_origin_details": { + "index": 14 + } + }, + "groups": 1, + "vulnerabilities": [ + "GHSA-38f5-ghc2-fcmv" + ] + }, + { + "package": { + "name": "minimist", + "version": "0.0.8", + "ecosystem": "npm", + "image_origin_details": { + "index": 13 + } + }, + "groups": 1, + "vulnerabilities": [ + "GHSA-vh95-rmgr-6w4m", + "GHSA-xvch-5gv4-984h" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "image_metadata": { + "os": "Alpine Linux v3.19", + "layer_metadata": [ + { + "diff_id": "sha256:...", + "command": "ADD file:37a76ec18f988775...", + "is_empty": false, + "base_image_index": 4 + }, + { + "diff_id": "", + "command": "CMD [/"/bin/sh/"]", + "is_empty": true, + "base_image_index": 3 + }, + { + "diff_id": "", + "command": "ENV NODE_VERSION=20.11.1", + "is_empty": true, + "base_image_index": 2 + }, + { + "diff_id": "sha256:...", + "command": "RUN /0addgroup -g 1000 no...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENV YARN_VERSION=1.22.19", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "RUN /0apk add --no-cache ...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "COPY file:4d192565a7220e1...", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ENTRYPOINT [/"docker-entry...", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "CMD [/"node/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "ARG MANAGER_VERSION=10.2.4", + "is_empty": true, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "WORKDIR /prod/app", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN |1 MANAGER_VERSION=10...", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN |1 MANAGER_VERSION=10...", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN |1 MANAGER_VERSION=10...", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN |1 MANAGER_VERSION=10...", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN |1 MANAGER_VERSION=10...", + "is_empty": false, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "library/node", + "tags": null + }, + { + "name": "ayan4m1/maven-node", + "tags": null + }, + { + "name": "alpine", + "tags": null + }, + { + "name": "alpine", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_node_modules_using_npm_with_some_packages - 2] +Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_ubuntu_image - 1] +{ + "results": [ + { + "source": { + "path": "/var/lib/dpkg/status", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "coreutils", + "os_package_name": "coreutils", + "version": "8.32-4.1ubuntu1.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2016-2781", + "UBUNTU-CVE-2025-5278" + ] + }, + { + "package": { + "name": "dpkg", + "os_package_name": "dpkg", + "version": "1.21.1ubuntu2.3", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "USN-7768-1", + "UBUNTU-CVE-2025-6297" + ] + }, + { + "package": { + "name": "gcc-12", + "os_package_name": "gcc-12-base", + "version": "12.3.0-1ubuntu1~22.04", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7700-1", + "UBUNTU-CVE-2022-27943", + "UBUNTU-CVE-2023-4039" + ] + }, + { + "package": { + "name": "gnupg2", + "os_package_name": "gpgv", + "version": "2.2.27-3ubuntu2.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 5, + "vulnerabilities": [ + "USN-7412-1", + "USN-7946-1", + "UBUNTU-CVE-2022-3219", + "UBUNTU-CVE-2025-30258", + "UBUNTU-CVE-2025-68972", + "UBUNTU-CVE-2025-68973", + "USN-7412-2" + ] + }, + { + "package": { + "name": "glibc", + "os_package_name": "libc-bin", + "version": "2.35-0ubuntu3.8", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-8005-1", + "USN-7259-1", + "USN-7541-1", + "USN-7760-1", + "UBUNTU-CVE-2016-20013", + "UBUNTU-CVE-2025-0395", + "UBUNTU-CVE-2025-15281", + "UBUNTU-CVE-2025-4802", + "UBUNTU-CVE-2025-8058", + "UBUNTU-CVE-2026-0861", + "UBUNTU-CVE-2026-0915" + ] + }, + { + "package": { + "name": "glibc", + "os_package_name": "libc6", + "version": "2.35-0ubuntu3.8", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-8005-1", + "USN-7259-1", + "USN-7541-1", + "USN-7760-1", + "UBUNTU-CVE-2016-20013", + "UBUNTU-CVE-2025-0395", + "UBUNTU-CVE-2025-15281", + "UBUNTU-CVE-2025-4802", + "UBUNTU-CVE-2025-8058", + "UBUNTU-CVE-2026-0861", + "UBUNTU-CVE-2026-0915" + ] + }, + { + "package": { + "name": "libcap2", + "os_package_name": "libcap2", + "version": "1:2.44-1ubuntu0.22.04.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "USN-7287-1", + "UBUNTU-CVE-2025-1390" + ] + }, + { + "package": { + "name": "gcc-12", + "os_package_name": "libgcc-s1", + "version": "12.3.0-1ubuntu1~22.04", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7700-1", + "UBUNTU-CVE-2022-27943", + "UBUNTU-CVE-2023-4039" + ] + }, + { + "package": { + "name": "libgcrypt20", + "os_package_name": "libgcrypt20", + "version": "1.9.4-3ubuntu3", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2024-2236" + ] + }, + { + "package": { + "name": "gnutls28", + "os_package_name": "libgnutls30", + "version": "3.7.3-4ubuntu1.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 5, + "vulnerabilities": [ + "USN-7635-1", + "USN-7281-1", + "UBUNTU-CVE-2024-12243", + "UBUNTU-CVE-2025-14831", + "UBUNTU-CVE-2025-32988", + "UBUNTU-CVE-2025-32989", + "UBUNTU-CVE-2025-32990", + "UBUNTU-CVE-2025-6395", + "UBUNTU-CVE-2025-9820", + "UBUNTU-CVE-2026-1584" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libgssapi-krb5-2", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libk5crypto3", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libkrb5-3", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libkrb5support0", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "lz4", + "os_package_name": "liblz4-1", + "version": "1.9.3-2build2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2025-62813" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libncurses6", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libncursesw6", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam-modules", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam-modules-bin", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam-runtime", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam0g", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pcre2", + "os_package_name": "libpcre2-8-0", + "version": "10.39-3ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2022-41409" + ] + }, + { + "package": { + "name": "pcre3", + "os_package_name": "libpcre3", + "version": "2:8.39-13ubuntu0.22.04.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2017-11164" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libssl3", + "version": "3.0.2-0ubuntu1.18", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 5, + "vulnerabilities": [ + "USN-7980-1", + "USN-7786-1", + "USN-7278-1", + "UBUNTU-CVE-2024-13176", + "UBUNTU-CVE-2024-41996", + "UBUNTU-CVE-2024-9143", + "UBUNTU-CVE-2025-15467", + "UBUNTU-CVE-2025-27587", + "UBUNTU-CVE-2025-68160", + "UBUNTU-CVE-2025-69418", + "UBUNTU-CVE-2025-69419", + "UBUNTU-CVE-2025-69420", + "UBUNTU-CVE-2025-69421", + "UBUNTU-CVE-2025-9230", + "UBUNTU-CVE-2026-22795", + "UBUNTU-CVE-2026-22796" + ] + }, + { + "package": { + "name": "gcc-12", + "os_package_name": "libstdc++6", + "version": "12.3.0-1ubuntu1~22.04", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7700-1", + "UBUNTU-CVE-2022-27943", + "UBUNTU-CVE-2023-4039" + ] + }, + { + "package": { + "name": "systemd", + "os_package_name": "libsystemd0", + "version": "249.11-0ubuntu3.12", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7559-1", + "UBUNTU-CVE-2023-7008", + "UBUNTU-CVE-2025-4598" + ] + }, + { + "package": { + "name": "libtasn1-6", + "os_package_name": "libtasn1-6", + "version": "4.18.0-4build1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7954-1", + "USN-7275-1", + "UBUNTU-CVE-2021-46848", + "UBUNTU-CVE-2024-12133", + "UBUNTU-CVE-2025-13151" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libtinfo6", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "systemd", + "os_package_name": "libudev1", + "version": "249.11-0ubuntu3.12", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7559-1", + "UBUNTU-CVE-2023-7008", + "UBUNTU-CVE-2025-4598" + ] + }, + { + "package": { + "name": "libzstd", + "os_package_name": "libzstd1", + "version": "1.4.8+dfsg-3build1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2022-4899" + ] + }, + { + "package": { + "name": "shadow", + "os_package_name": "login", + "version": "1:4.8.1-2ubuntu2.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-29383", + "UBUNTU-CVE-2024-56433" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "ncurses-base", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "ncurses-bin", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "shadow", + "os_package_name": "passwd", + "version": "1:4.8.1-2ubuntu2.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-29383", + "UBUNTU-CVE-2024-56433" + ] + }, + { + "package": { + "name": "perl", + "os_package_name": "perl-base", + "version": "5.34.0-3ubuntu1.3", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7434-1", + "USN-7678-1", + "UBUNTU-CVE-2023-31486", + "UBUNTU-CVE-2023-47039", + "UBUNTU-CVE-2024-56406", + "UBUNTU-CVE-2025-40909" + ] + }, + { + "package": { + "name": "tar", + "os_package_name": "tar", + "version": "1.34+dfsg-1ubuntu0.1.22.04.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2025-45582" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "image_metadata": { + "os": "Ubuntu 22.04.5 LTS", + "layer_metadata": [ + { + "diff_id": "", + "command": "/bin/sh -c #(nop) ARG RELEASE", + "is_empty": true, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", + "is_empty": true, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "/bin/sh -c #(nop) ADD file:1b6c8c9518be42fa2afe5e241ca31677fce58d27cdfa88baa91a65a259be3637 in / ", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) CMD [/"/bin/bash/"]", + "is_empty": true, + "base_image_index": 1 + } + ], + "base_images": [ + {}, + { + "name": "ubuntu", + "tags": null + }, + { + "name": "laurentsogeti/pod_showname_formation_ckad", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/scanning_ubuntu_image - 2] +Scanning local image tarball "./testdata/test-ubuntu.tar" + +--- + +[TestCommand_OCIImage_JSONFormat/ubuntu_image_with_go_OS_packages_json - 1] +{ + "results": [ + { + "source": { + "path": "/usr/bin/fzf", + "type": "artifact" + }, + "experimental_pes": [ + { + "Plugin": "vex/os-duplicate/dpkg", + "Justification": 1, + "VulnIdentifiers": null, + "MatchesAllVulns": true + } + ], + "packages": [ + { + "package": { + "name": "stdlib", + "version": "1.18.1", + "ecosystem": "Go", + "image_origin_details": { + "index": 7 + } + }, + "groups": 81, + "vulnerabilities": [ + "GO-2022-0477", + "GO-2022-0493", + "GO-2022-0515", + "GO-2022-0520", + "GO-2022-0521", + "GO-2022-0522", + "GO-2022-0523", + "GO-2022-0524", + "GO-2022-0525", + "GO-2022-0526", + "GO-2022-0527", + "GO-2022-0531", + "GO-2022-0532", + "GO-2022-0533", + "GO-2022-0537", + "GO-2022-0969", + "GO-2022-1037", + "GO-2022-1038", + "GO-2022-1039", + "GO-2022-1095", + "GO-2022-1143", + "GO-2022-1144", + "GO-2023-1568", + "GO-2023-1569", + "GO-2023-1570", + "GO-2023-1571", + "GO-2023-1621", + "GO-2023-1702", + "GO-2023-1703", + "GO-2023-1704", + "GO-2023-1705", + "GO-2023-1751", + "GO-2023-1752", + "GO-2023-1753", + "GO-2023-1840", + "GO-2023-1878", + "GO-2023-1987", + "GO-2023-2041", + "GO-2023-2043", + "GO-2023-2102", + "GO-2023-2185", + "GO-2023-2186", + "GO-2023-2375", + "GO-2023-2382", + "GO-2024-2598", + "GO-2024-2599", + "GO-2024-2600", + "GO-2024-2609", + "GO-2024-2610", + "GO-2024-2687", + "GO-2024-2887", + "GO-2024-2888", + "GO-2024-2963", + "GO-2024-3105", + "GO-2024-3106", + "GO-2024-3107", + "GO-2025-3373", + "GO-2025-3420", + "GO-2025-3447", + "GO-2025-3563", + "GO-2025-3750", + "GO-2025-3751", + "GO-2025-3849", + "GO-2025-3956", + "GO-2025-4006", + "GO-2025-4007", + "GO-2025-4008", + "GO-2025-4009", + "GO-2025-4010", + "GO-2025-4011", + "GO-2025-4012", + "GO-2025-4013", + "GO-2025-4014", + "GO-2025-4015", + "GO-2025-4155", + "GO-2025-4175", + "GO-2026-4337", + "GO-2026-4340", + "GO-2026-4341", + "GO-2026-4342", + "GO-2026-4403" + ] + } + ] + }, + { + "source": { + "path": "/var/lib/dpkg/status", + "type": "os" + }, + "packages": [ + { + "package": { + "name": "coreutils", + "os_package_name": "coreutils", + "version": "8.32-4.1ubuntu1.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2016-2781", + "UBUNTU-CVE-2025-5278" + ] + }, + { + "package": { + "name": "dpkg", + "os_package_name": "dpkg", + "version": "1.21.1ubuntu2.3", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "USN-7768-1", + "UBUNTU-CVE-2025-6297" + ] + }, + { + "package": { + "name": "gcc-12", + "os_package_name": "gcc-12-base", + "version": "12.3.0-1ubuntu1~22.04", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7700-1", + "UBUNTU-CVE-2022-27943", + "UBUNTU-CVE-2023-4039" + ] + }, + { + "package": { + "name": "gnupg2", + "os_package_name": "gpgv", + "version": "2.2.27-3ubuntu2.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 5, + "vulnerabilities": [ + "USN-7412-1", + "USN-7946-1", + "UBUNTU-CVE-2022-3219", + "UBUNTU-CVE-2025-30258", + "UBUNTU-CVE-2025-68972", + "UBUNTU-CVE-2025-68973", + "USN-7412-2" + ] + }, + { + "package": { + "name": "glibc", + "os_package_name": "libc-bin", + "version": "2.35-0ubuntu3.8", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-8005-1", + "USN-7259-1", + "USN-7541-1", + "USN-7760-1", + "UBUNTU-CVE-2016-20013", + "UBUNTU-CVE-2025-0395", + "UBUNTU-CVE-2025-15281", + "UBUNTU-CVE-2025-4802", + "UBUNTU-CVE-2025-8058", + "UBUNTU-CVE-2026-0861", + "UBUNTU-CVE-2026-0915" + ] + }, + { + "package": { + "name": "glibc", + "os_package_name": "libc6", + "version": "2.35-0ubuntu3.8", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-8005-1", + "USN-7259-1", + "USN-7541-1", + "USN-7760-1", + "UBUNTU-CVE-2016-20013", + "UBUNTU-CVE-2025-0395", + "UBUNTU-CVE-2025-15281", + "UBUNTU-CVE-2025-4802", + "UBUNTU-CVE-2025-8058", + "UBUNTU-CVE-2026-0861", + "UBUNTU-CVE-2026-0915" + ] + }, + { + "package": { + "name": "libcap2", + "os_package_name": "libcap2", + "version": "1:2.44-1ubuntu0.22.04.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "USN-7287-1", + "UBUNTU-CVE-2025-1390" + ] + }, + { + "package": { + "name": "gcc-12", + "os_package_name": "libgcc-s1", + "version": "12.3.0-1ubuntu1~22.04", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7700-1", + "UBUNTU-CVE-2022-27943", + "UBUNTU-CVE-2023-4039" + ] + }, + { + "package": { + "name": "libgcrypt20", + "os_package_name": "libgcrypt20", + "version": "1.9.4-3ubuntu3", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2024-2236" + ] + }, + { + "package": { + "name": "gnutls28", + "os_package_name": "libgnutls30", + "version": "3.7.3-4ubuntu1.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 5, + "vulnerabilities": [ + "USN-7635-1", + "USN-7281-1", + "UBUNTU-CVE-2024-12243", + "UBUNTU-CVE-2025-14831", + "UBUNTU-CVE-2025-32988", + "UBUNTU-CVE-2025-32989", + "UBUNTU-CVE-2025-32990", + "UBUNTU-CVE-2025-6395", + "UBUNTU-CVE-2025-9820", + "UBUNTU-CVE-2026-1584" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libgssapi-krb5-2", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libk5crypto3", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libkrb5-3", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "krb5", + "os_package_name": "libkrb5support0", + "version": "1.19.2-2ubuntu0.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7314-1", + "USN-7257-1", + "USN-7542-1", + "UBUNTU-CVE-2018-5709", + "UBUNTU-CVE-2024-26458", + "UBUNTU-CVE-2024-26461", + "UBUNTU-CVE-2024-3596", + "UBUNTU-CVE-2025-24528", + "UBUNTU-CVE-2025-3576" + ] + }, + { + "package": { + "name": "lz4", + "os_package_name": "liblz4-1", + "version": "1.9.3-2build2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2025-62813" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libncurses6", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libncursesw6", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam-modules", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam-modules-bin", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam-runtime", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pam", + "os_package_name": "libpam0g", + "version": "1.4.0-11ubuntu2.5", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 3, + "vulnerabilities": [ + "USN-7580-1", + "UBUNTU-CVE-2024-10041", + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2025-8941" + ] + }, + { + "package": { + "name": "pcre2", + "os_package_name": "libpcre2-8-0", + "version": "10.39-3ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2022-41409" + ] + }, + { + "package": { + "name": "pcre3", + "os_package_name": "libpcre3", + "version": "2:8.39-13ubuntu0.22.04.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2017-11164" + ] + }, + { + "package": { + "name": "openssl", + "os_package_name": "libssl3", + "version": "3.0.2-0ubuntu1.18", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 5, + "vulnerabilities": [ + "USN-7980-1", + "USN-7786-1", + "USN-7278-1", + "UBUNTU-CVE-2024-13176", + "UBUNTU-CVE-2024-41996", + "UBUNTU-CVE-2024-9143", + "UBUNTU-CVE-2025-15467", + "UBUNTU-CVE-2025-27587", + "UBUNTU-CVE-2025-68160", + "UBUNTU-CVE-2025-69418", + "UBUNTU-CVE-2025-69419", + "UBUNTU-CVE-2025-69420", + "UBUNTU-CVE-2025-69421", + "UBUNTU-CVE-2025-9230", + "UBUNTU-CVE-2026-22795", + "UBUNTU-CVE-2026-22796" + ] + }, + { + "package": { + "name": "gcc-12", + "os_package_name": "libstdc++6", + "version": "12.3.0-1ubuntu1~22.04", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7700-1", + "UBUNTU-CVE-2022-27943", + "UBUNTU-CVE-2023-4039" + ] + }, + { + "package": { + "name": "systemd", + "os_package_name": "libsystemd0", + "version": "249.11-0ubuntu3.12", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7559-1", + "UBUNTU-CVE-2023-7008", + "UBUNTU-CVE-2025-4598" + ] + }, + { + "package": { + "name": "libtasn1-6", + "os_package_name": "libtasn1-6", + "version": "4.18.0-4build1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7954-1", + "USN-7275-1", + "UBUNTU-CVE-2021-46848", + "UBUNTU-CVE-2024-12133", + "UBUNTU-CVE-2025-13151" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "libtinfo6", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "systemd", + "os_package_name": "libudev1", + "version": "249.11-0ubuntu3.12", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "USN-7559-1", + "UBUNTU-CVE-2023-7008", + "UBUNTU-CVE-2025-4598" + ] + }, + { + "package": { + "name": "libzstd", + "os_package_name": "libzstd1", + "version": "1.4.8+dfsg-3build1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2022-4899" + ] + }, + { + "package": { + "name": "shadow", + "os_package_name": "login", + "version": "1:4.8.1-2ubuntu2.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-29383", + "UBUNTU-CVE-2024-56433" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "ncurses-base", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "ncurses", + "os_package_name": "ncurses-bin", + "version": "6.3-2ubuntu0.1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-50495", + "UBUNTU-CVE-2025-6141" + ] + }, + { + "package": { + "name": "shadow", + "os_package_name": "passwd", + "version": "1:4.8.1-2ubuntu2.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 2, + "vulnerabilities": [ + "UBUNTU-CVE-2023-29383", + "UBUNTU-CVE-2024-56433" + ] + }, + { + "package": { + "name": "perl", + "os_package_name": "perl-base", + "version": "5.34.0-3ubuntu1.3", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 4, + "vulnerabilities": [ + "USN-7434-1", + "USN-7678-1", + "UBUNTU-CVE-2023-31486", + "UBUNTU-CVE-2023-47039", + "UBUNTU-CVE-2024-56406", + "UBUNTU-CVE-2025-40909" + ] + }, + { + "package": { + "name": "tar", + "os_package_name": "tar", + "version": "1.34+dfsg-1ubuntu0.1.22.04.2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2025-45582" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + }, + "image_metadata": { + "os": "Ubuntu 22.04.5 LTS", + "layer_metadata": [ + { + "diff_id": "", + "command": "/bin/sh -c #(nop) ARG RELEASE", + "is_empty": true, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", + "is_empty": true, + "base_image_index": 2 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "/bin/sh -c #(nop) ADD file:1b6c8c9518be42fa2afe5e241ca31677fce58d27cdfa88baa91a65a259be3637 in / ", + "is_empty": false, + "base_image_index": 1 + }, + { + "diff_id": "", + "command": "/bin/sh -c #(nop) CMD [/"/bin/bash/"]", + "is_empty": true, + "base_image_index": 1 + }, + { + "diff_id": "sha256:...", + "command": "COPY ./sample-pkgs/fzf_0.29.0-1ubuntu0.1_amd64.deb /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb # buildkit", + "is_empty": false, + "base_image_index": 0 + }, + { + "diff_id": "sha256:...", + "command": "RUN /bin/sh -c dpkg -i /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb /u0026/u0026 rm /tmp/fzf_0.29.0-1ubuntu0.1_amd64.deb # buildkit", + "is_empty": false, + "base_image_index": 0 + } + ], + "base_images": [ + {}, + { + "name": "ubuntu", + "tags": null + }, + { + "name": "laurentsogeti/pod_showname_formation_ckad", + "tags": null + } + ] + } +} + +--- + +[TestCommand_OCIImage_JSONFormat/ubuntu_image_with_go_OS_packages_json - 2] +Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" + +--- diff --git a/pkg/osvscanner/__snapshots__/osvscanner_test.snap b/pkg/osvscanner/__snapshots__/osvscanner_test.snap index 8e3a00fd192..f72f805a989 100755 --- a/pkg/osvscanner/__snapshots__/osvscanner_test.snap +++ b/pkg/osvscanner/__snapshots__/osvscanner_test.snap @@ -36,16 +36,6 @@ }, "ranges": [ { - "database_specific": { - "versions": [ - { - "introduced": "0" - }, - { - "last_affected": "1.2.4" - } - ] - }, "events": [ { "introduced": "0" @@ -76,7 +66,7 @@ ], "details": "cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.", "id": "CVE-2025-63675", - "modified": "2026-03-14T12:45:39.021698Z", + "modified": "2025-12-11T11:54:27.991298Z", "published": "2025-10-31T07:15:38.283Z", "references": [ { @@ -88,7 +78,7 @@ "url": "https://github.com/javiermorales36/cryptidy-analysis" } ], - "schema_version": "1.7.5", + "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", From d1ecf20f69a4adf190f9f935a8321025d393c229 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 06:46:55 +0000 Subject: [PATCH 8/8] test: update git scan snapshot Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../scan/image/__snapshots__/command_test.snap | 8 ++++---- pkg/osvscanner/__snapshots__/osvscanner_test.snap | 14 ++++++++++++-- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 93cf16aa947..2797b654f92 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -1048,8 +1048,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 4 packages affected by 17 known vulnerabilities (3 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 2 ecosystems. -16 vulnerabilities can be fixed. +Total 4 packages affected by 18 known vulnerabilities (3 Critical, 3 High, 10 Medium, 2 Low, 0 Unknown) from 2 ecosystems. +17 vulnerabilities can be fixed. npm @@ -1059,7 +1059,7 @@ npm | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +----------+-------------------+------------------+------------+------------------+---------------+ | cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | -| minimist | 0.0.8 | Fix Available | 1 | # 13 Layer | -- | +| minimist | 0.0.8 | Fix Available | 2 | # 13 Layer | -- | +----------+-------------------+------------------+------------+------------------+---------------+ Alpine:v3.19 +------------------------------------------------------------------------------------------------------------------------------+ @@ -2899,7 +2899,7 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" "index": 13 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ "GHSA-vh95-rmgr-6w4m", "GHSA-xvch-5gv4-984h" diff --git a/pkg/osvscanner/__snapshots__/osvscanner_test.snap b/pkg/osvscanner/__snapshots__/osvscanner_test.snap index f72f805a989..8e3a00fd192 100755 --- a/pkg/osvscanner/__snapshots__/osvscanner_test.snap +++ b/pkg/osvscanner/__snapshots__/osvscanner_test.snap @@ -36,6 +36,16 @@ }, "ranges": [ { + "database_specific": { + "versions": [ + { + "introduced": "0" + }, + { + "last_affected": "1.2.4" + } + ] + }, "events": [ { "introduced": "0" @@ -66,7 +76,7 @@ ], "details": "cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.", "id": "CVE-2025-63675", - "modified": "2025-12-11T11:54:27.991298Z", + "modified": "2026-03-14T12:45:39.021698Z", "published": "2025-10-31T07:15:38.283Z", "references": [ { @@ -78,7 +88,7 @@ "url": "https://github.com/javiermorales36/cryptidy-analysis" } ], - "schema_version": "1.7.3", + "schema_version": "1.7.5", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",