From ceced7129563ecddb07d926bb8b1a8fb11bc30ea Mon Sep 17 00:00:00 2001 From: osv-robot Date: Sat, 25 Apr 2026 19:16:48 +0000 Subject: [PATCH] test: update snapshots --- .../fix/__snapshots__/command_test.snap | 48 ++++----- .../image/__snapshots__/command_test.snap | 28 ++--- .../source/__snapshots__/command_test.snap | 102 +++++++++--------- 3 files changed, 90 insertions(+), 88 deletions(-) diff --git a/cmd/osv-scanner/fix/__snapshots__/command_test.snap b/cmd/osv-scanner/fix/__snapshots__/command_test.snap index 0276e8ad534..c3685face1f 100755 --- a/cmd/osv-scanner/fix/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/fix/__snapshots__/command_test.snap @@ -5297,14 +5297,14 @@ UNFIXABLE-VULNS: 8 "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" }, "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" + "url": "https://github.com/sponsors/epoberezkin", + "type": "github" } }, "node_modules/ansi-regex": { @@ -6233,10 +6233,10 @@ UNFIXABLE-VULNS: 8 "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" } }, "ansi-regex": { @@ -7323,14 +7323,14 @@ Guided remediation (the fix command) can be risky when run on untrusted projects "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" }, "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" + "url": "https://github.com/sponsors/epoberezkin", + "type": "github" } }, "node_modules/ansi-regex": { @@ -8259,10 +8259,10 @@ Guided remediation (the fix command) can be risky when run on untrusted projects "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" } }, "ansi-regex": { @@ -9665,14 +9665,14 @@ UNFIXABLE-VULNS: 8 "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" }, "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" + "url": "https://github.com/sponsors/epoberezkin", + "type": "github" } }, "node_modules/ansi-regex": { @@ -10601,10 +10601,10 @@ UNFIXABLE-VULNS: 8 "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" } }, "ansi-regex": { @@ -11484,14 +11484,14 @@ UNFIXABLE-VULNS: 8 "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" }, "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" + "url": "https://github.com/sponsors/epoberezkin", + "type": "github" } }, "node_modules/ansi-regex": { @@ -12420,10 +12420,10 @@ UNFIXABLE-VULNS: 8 "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { + "uri-js": "^4.2.2", "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-json-stable-stringify": "^2.0.0" } }, "ansi-regex": { diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 8a91e46a3cc..1d7d54ecd83 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -619,7 +619,7 @@ Scanning local image tarball "./testdata/test-java-full.tar" Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 26 packages affected by 91 known vulnerabilities (3 Critical, 41 High, 40 Medium, 4 Low, 3 Unknown) from 2 ecosystems. +Total 26 packages affected by 91 known vulnerabilities (4 Critical, 42 High, 40 Medium, 4 Low, 1 Unknown) from 2 ecosystems. 91 vulnerabilities can be fixed. @@ -864,7 +864,7 @@ Scanning local image tarball "./testdata/test-package-tracing.tar" Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image): -Total 10 packages affected by 265 known vulnerabilities (1 Critical, 13 High, 13 Medium, 2 Low, 236 Unknown) from 2 ecosystems. +Total 10 packages affected by 265 known vulnerabilities (2 Critical, 14 High, 13 Medium, 2 Low, 234 Unknown) from 2 ecosystems. 265 vulnerabilities can be fixed. @@ -3317,10 +3317,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 7, "vulnerabilities": [ - "USN-8005-1", "USN-7259-1", "USN-7541-1", "USN-7760-1", + "USN-8005-1", "UBUNTU-CVE-2016-20013", "UBUNTU-CVE-2025-0395", "UBUNTU-CVE-2025-15281", @@ -3345,10 +3345,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 7, "vulnerabilities": [ - "USN-8005-1", "USN-7259-1", "USN-7541-1", "USN-7760-1", + "USN-8005-1", "UBUNTU-CVE-2016-20013", "UBUNTU-CVE-2025-0395", "UBUNTU-CVE-2025-15281", @@ -3447,8 +3447,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -3470,8 +3470,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -3493,8 +3493,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -3516,8 +3516,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -4368,10 +4368,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 7, "vulnerabilities": [ - "USN-8005-1", "USN-7259-1", "USN-7541-1", "USN-7760-1", + "USN-8005-1", "UBUNTU-CVE-2016-20013", "UBUNTU-CVE-2025-0395", "UBUNTU-CVE-2025-15281", @@ -4396,10 +4396,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 7, "vulnerabilities": [ - "USN-8005-1", "USN-7259-1", "USN-7541-1", "USN-7760-1", + "USN-8005-1", "UBUNTU-CVE-2016-20013", "UBUNTU-CVE-2025-0395", "UBUNTU-CVE-2025-15281", @@ -4498,8 +4498,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -4521,8 +4521,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -4544,8 +4544,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", @@ -4567,8 +4567,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 4, "vulnerabilities": [ - "USN-7314-1", "USN-7257-1", + "USN-7314-1", "USN-7542-1", "UBUNTU-CVE-2018-5709", "UBUNTU-CVE-2024-26458", diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index c6fe16bf9ff..5a0157e1c9a 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -879,7 +879,7 @@ Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages Filtered 10 local/unscannable package/s from the scan. -Total 27 packages affected by 199 known vulnerabilities (21 Critical, 84 High, 60 Medium, 5 Low, 29 Unknown) from 4 ecosystems. +Total 27 packages affected by 199 known vulnerabilities (22 Critical, 86 High, 63 Medium, 5 Low, 23 Unknown) from 4 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -946,8 +946,8 @@ Total 27 packages affected by 199 known vulnerabilities (21 Critical, 84 High, 6 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | 6.7 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | 4.0 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1050,17 +1050,17 @@ Total 27 packages affected by 199 known vulnerabilities (21 Critical, 84 High, 6 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | 8.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | 9.8 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | 10.0 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1086,12 +1086,12 @@ Total 27 packages affected by 199 known vulnerabilities (21 Critical, 84 High, 6 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | 2.1 | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | -| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.5 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1112,7 +1112,7 @@ Total 27 packages affected by 199 known vulnerabilities (21 Critical, 84 High, 6 | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 5.3 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ --- @@ -2124,7 +2124,7 @@ Filtered 8 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 27 packages affected by 193 known vulnerabilities (21 Critical, 79 High, 59 Medium, 5 Low, 29 Unknown) from 4 ecosystems. +Total 27 packages affected by 193 known vulnerabilities (22 Critical, 81 High, 62 Medium, 5 Low, 23 Unknown) from 4 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -2183,8 +2183,8 @@ Total 27 packages affected by 193 known vulnerabilities (21 Critical, 79 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | 6.7 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | 4.0 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2287,17 +2287,17 @@ Total 27 packages affected by 193 known vulnerabilities (21 Critical, 79 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | 8.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | 9.8 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | 10.0 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2323,12 +2323,12 @@ Total 27 packages affected by 193 known vulnerabilities (21 Critical, 79 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | 2.1 | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | -| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.5 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2349,7 +2349,7 @@ Total 27 packages affected by 193 known vulnerabilities (21 Critical, 79 High, 5 | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 5.3 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ --- @@ -2372,7 +2372,7 @@ Filtered 6 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 56 Medium, 5 Low, 29 Unknown) from 3 ecosystems. +Total 24 packages affected by 185 known vulnerabilities (20 Critical, 78 High, 59 Medium, 5 Low, 23 Unknown) from 3 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -2423,8 +2423,8 @@ Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | 6.7 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | 4.0 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2527,17 +2527,17 @@ Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | 8.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | 9.8 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | 10.0 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2563,12 +2563,12 @@ Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | 2.1 | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | -| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.5 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2589,7 +2589,7 @@ Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 5 | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 5.3 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ --- @@ -4648,7 +4648,7 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 55 Medium, 5 Low, 29 Unknown) from 2 ecosystems. +Total 22 packages affected by 183 known vulnerabilities (19 Critical, 77 High, 59 Medium, 5 Low, 23 Unknown) from 2 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -4698,8 +4698,8 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | 6.7 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | 4.0 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4744,6 +4744,7 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6732 | 6.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4661-1 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4802,17 +4803,17 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | 8.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | 9.8 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | 10.0 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4838,12 +4839,12 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | 2.1 | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | -| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.5 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4864,7 +4865,7 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 5.3 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ --- @@ -4880,7 +4881,7 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 55 Medium, 5 Low, 29 Unknown) from 2 ecosystems. +Total 22 packages affected by 183 known vulnerabilities (19 Critical, 77 High, 59 Medium, 5 Low, 23 Unknown) from 2 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -4930,8 +4931,8 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | 6.7 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | 4.0 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4976,6 +4977,7 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6732 | 6.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4661-1 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5034,17 +5036,17 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | 8.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | 9.8 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | 10.0 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5070,12 +5072,12 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | 2.1 | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | -| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.5 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5096,7 +5098,7 @@ Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 5.3 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ ---