{"id":46,"vulnerabilities":[{"id":"CVE-2024-48958","package":"libarchive","score":"7.8","severity":"high","suppressed":null,"published":"2024-10-10T02:15:03.057000Z","modified":"2025-11-03T21:16:31.263000Z","commentary":null},{"id":"CVE-2024-48957","package":"libarchive","score":"7.8","severity":"high","suppressed":null,"published":"2024-10-10T02:15:02.990000Z","modified":"2025-09-29T21:35:07.130000Z","commentary":null},{"id":"CVE-2024-9143","package":"openssl","score":"4.3","severity":"medium","suppressed":null,"published":"2024-10-16T17:15:18.130000Z","modified":"2025-11-03T23:17:33.460000Z","commentary":null},{"id":"GHSA-vx24-x4mv-vwr5","package":"starship","score":"7.4","severity":"high","suppressed":null,"published":"2024-07-26T21:24:18Z","modified":null,"commentary":null},{"id":"CVE-2024-22121","package":"zabbix-agent2","score":"6.1","severity":"medium","suppressed":"Exception: This result is a false positive; the vulnerability is only present on the .msi installer package for Windows.","published":"2024-08-12T13:38:16.070000Z","modified":"2024-12-10T16:19:19.810000Z","commentary":null},{"id":"CVE-2024-7246","package":"grpc","score":"6.3","severity":"medium","suppressed":null,"published":"2024-08-06T11:16:07.587000Z","modified":"2025-07-22T19:29:58.023000Z","commentary":null},{"id":"CVE-2024-6119","package":"openssl","score":"7.5","severity":"high","suppressed":null,"published":"2024-09-03T16:15:07Z","modified":"2025-06-03T10:51:54.117000Z","commentary":"Reduced severity: Bowtie considers the risk for this vulnerability reduced and will address it alongside normal upstream release cadence."},{"id":"OSV-2024-919","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2024-08-16T00:09:34.461792Z","modified":"2025-03-06T14:20:56.754046Z","commentary":null},{"id":"OSV-2024-831","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2024-08-16T00:03:12.871175Z","modified":"2025-03-07T14:24:40.166702Z","commentary":null},{"id":"OSV-2024-440","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2024-05-07T00:06:11.033336Z","modified":"2026-03-23T14:25:50.543622Z","commentary":null},{"id":"OSV-2024-396","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2024-05-01T00:11:24.552935Z","modified":"2026-03-23T14:25:38.048801Z","commentary":null},{"id":"OSV-2024-395","package":"libpcap","score":null,"severity":"medium","suppressed":null,"published":"2024-05-01T00:04:54.392345Z","modified":"2026-03-23T14:26:07.845400Z","commentary":null},{"id":"OSV-2024-371","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2024-04-30T00:08:27.982063Z","modified":"2025-05-18T14:24:27.459047Z","commentary":null},{"id":"OSV-2024-330","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2024-04-30T00:00:31.577722Z","modified":"2024-05-27T14:01:02.168724Z","commentary":null},{"id":"CVE-2023-42366","package":"busybox","score":"5.5","severity":"medium","suppressed":null,"published":"2023-11-27T23:15:07.420000Z","modified":"2024-12-06T14:15:19.530000Z","commentary":null},{"id":"CVE-2023-42365","package":"busybox","score":"5.5","severity":"medium","suppressed":null,"published":"2023-11-27T23:15:07.373000Z","modified":"2025-11-03T21:16:01.393000Z","commentary":null},{"id":"CVE-2023-42364","package":"busybox","score":"5.5","severity":"medium","suppressed":null,"published":"2023-11-27T23:15:07.313000Z","modified":"2025-11-03T21:16:01.170000Z","commentary":null},{"id":"CVE-2023-42363","package":"busybox","score":"5.5","severity":"medium","suppressed":null,"published":"2023-11-27T22:15:07.940000Z","modified":"2024-11-21T08:22:28.403000Z","commentary":null},{"id":"CVE-2023-34111","package":"grafana","score":"9.8","severity":"critical","suppressed":"Exception: Controllers do not use the TaosData Grafana plugin.","published":"2023-06-06T17:15:15.210000Z","modified":"2024-11-21T08:06:34.313000Z","commentary":null},{"id":"CVE-2023-7216","package":"cpio","score":"5.3","severity":"medium","suppressed":null,"published":"2024-02-05T15:15:08.903000Z","modified":"2026-02-25T19:29:28.290000Z","commentary":null},{"id":"CVE-2023-6992","package":"zlib","score":"5.5","severity":"medium","suppressed":"Exception: This result is a false positive; the vulnerable version of zlib is a Cloudflare-specific package and not the upstream zlib package.","published":"2024-01-04T12:15:23.690000Z","modified":"2024-11-21T08:44:59.467000Z","commentary":null},{"id":"CVE-2023-4039","package":"gcc","score":"4.8","severity":"medium","suppressed":"Exception: This vulnerability applies to aarch64 systems only; Controllers currently only target x86-64 systems.","published":"2023-09-13T09:15:15.690000Z","modified":"2025-02-13T17:17:14.717000Z","commentary":null},{"id":"OSV-2023-1344","package":"jq","score":null,"severity":"medium","suppressed":null,"published":"2023-12-22T00:11:40.065456Z","modified":"2025-03-05T14:16:07.938645Z","commentary":null},{"id":"OSV-2023-1329","package":"jq","score":null,"severity":"high","suppressed":null,"published":"2023-12-18T00:13:42.545765Z","modified":"2025-02-17T14:14:20.492923Z","commentary":null},{"id":"OSV-2023-1307","package":"libbpf","score":null,"severity":"medium","suppressed":null,"published":"2023-12-15T00:12:51.528155Z","modified":"2026-03-23T14:21:09.052079Z","commentary":null},{"id":"OSV-2023-877","package":"libbpf","score":null,"severity":"medium","suppressed":null,"published":"2023-09-18T14:02:44.989260Z","modified":"2026-03-23T14:22:29.233253Z","commentary":null},{"id":"OSV-2023-505","package":"file","score":null,"severity":"high","suppressed":null,"published":"2023-06-22T14:02:20.855256Z","modified":"2023-08-01T14:06:27.325503Z","commentary":null},{"id":"OSV-2023-197","package":"p11-kit","score":null,"severity":null,"suppressed":null,"published":"2023-03-18T13:00:57.254906Z","modified":"2026-03-23T14:20:42.465411Z","commentary":null},{"id":"CVE-2022-48468","package":"protobuf-c","score":"5.5","severity":"medium","suppressed":"Exception: False positive; the version of protobuf-c used in Controller dependencies and compilation exceeds the patched revision for this vulnerability.","published":"2023-04-13T21:15:07.077000Z","modified":"2025-02-07T17:15:23.127000Z","commentary":null},{"id":"CVE-2022-42012","package":"dbus","score":"6.5","severity":"medium","suppressed":"Exception: False positive; Controllers run a version of dbus greater than 1.14.4.","published":"2022-10-10T00:15:09.627000Z","modified":"2025-06-09T15:15:28.623000Z","commentary":null},{"id":"CVE-2022-42011","package":"dbus","score":"6.5","severity":"medium","suppressed":"Exception: False positive; Controllers run a version of dbus greater than 1.14.4.","published":"2022-10-10T00:15:09.573000Z","modified":"2025-06-09T15:15:28.073000Z","commentary":null},{"id":"CVE-2022-42010","package":"dbus","score":"6.5","severity":"medium","suppressed":"Exception: False positive; Controllers run a version of dbus greater than 1.14.4.","published":"2022-10-10T00:15:09Z","modified":"2025-06-09T15:15:27.810000Z","commentary":null},{"id":"CVE-2022-38663","package":"git","score":"6.5","severity":"medium","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-08-23T17:15:15.257000Z","modified":"2024-11-21T07:16:53.420000Z","commentary":null},{"id":"CVE-2022-36884","package":"git","score":"5.3","severity":"medium","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-07-27T15:15:08.933000Z","modified":"2024-11-21T07:13:59.117000Z","commentary":null},{"id":"CVE-2022-36883","package":"git","score":"7.5","severity":"high","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-07-27T15:15:08.880000Z","modified":"2024-11-21T07:13:58.903000Z","commentary":null},{"id":"CVE-2022-36882","package":"git","score":"8.8","severity":"high","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-07-27T15:15:08.827000Z","modified":"2024-11-21T07:13:58.690000Z","commentary":null},{"id":"CVE-2022-30947","package":"git","score":"7.5","severity":"high","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-05-17T15:15:08.797000Z","modified":"2024-11-21T07:03:36.643000Z","commentary":null},{"id":"MAL-2022-4301","package":"libidn2","score":null,"severity":null,"suppressed":"Exception: This result is a false positive; the indicated package is an npm package and not the generic Linux library.","published":null,"modified":null,"commentary":null},{"id":"CVE-2022-3219","package":"gnupg","score":"3.3","severity":"low","suppressed":null,"published":"2023-02-23T20:15:12.393000Z","modified":"2025-03-12T21:15:38.207000Z","commentary":null},{"id":"GHSA-rjvj-673q-4hfw","package":"traceroute","score":null,"severity":"critical","suppressed":"Exception: This result is a false positive; the indicated vulnerability only applies to the npm package, not the generic Linux utility.","published":"2020-09-04T17:54:31Z","modified":null,"commentary":null},{"id":"CVE-2021-21684","package":"git","score":"6.1","severity":"medium","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2021-10-06T23:15:06.977000Z","modified":"2024-11-21T05:48:49.770000Z","commentary":null},{"id":"OSV-2021-777","package":"libxml2","score":null,"severity":"high","suppressed":null,"published":"2021-05-20T00:00:30.166614Z","modified":"2026-03-23T14:19:15.652514Z","commentary":null},{"id":"CVE-2020-2136","package":"git","score":"5.4","severity":"medium","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2020-03-09T16:15:12.797000Z","modified":"2024-11-21T05:24:45.417000Z","commentary":null},{"id":"CVE-2019-1003010","package":"git","score":"4.3","severity":"medium","suppressed":"Exception: This scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2019-02-06T16:29:00.563000Z","modified":"2024-11-21T04:17:44.057000Z","commentary":null},{"id":"CVE-2019-20633","package":"patch","score":"5.5","severity":"medium","suppressed":null,"published":"2020-03-25T17:15:14.013000Z","modified":"2024-11-21T04:38:55.590000Z","commentary":null},{"id":"CVE-2019-14900","package":"fuse","score":"6.5","severity":"medium","suppressed":"Exception: This result is a false positive; Controllers do not run Hibernate ORM.","published":"2020-07-06T19:15:12.230000Z","modified":"2024-11-21T04:27:38.783000Z","commentary":null},{"id":"CVE-2019-14860","package":"fuse","score":"6.5","severity":"medium","suppressed":"Exception: This result is a false positive; Controllers do not run Syndesis.","published":"2019-11-08T15:15:11.673000Z","modified":"2024-11-21T04:27:31.077000Z","commentary":null},{"id":"CVE-2019-12749","package":"dbus","score":"7.1","severity":"high","suppressed":"Exception: False positive; Controllers run a version of dbus not subject to this vulnerability.","published":"2019-06-11T17:29:00Z","modified":"2026-02-13T20:16:12.897000Z","commentary":null},{"id":"CVE-2019-6470","package":"bind","score":"7.5","severity":"high","suppressed":"Exception: Controller DHCP functionality is provided via systemd-networkd and so are not subject to vulnerabilities in dhcpcd.","published":"2019-11-01T23:15:10.510000Z","modified":"2025-04-11T14:55:14.483000Z","commentary":null},{"id":"CVE-2016-2781","package":"coreutils","score":"4.6","severity":"medium","suppressed":null,"published":"2017-02-07T15:59:00.333000Z","modified":"2025-06-09T16:15:25.013000Z","commentary":null},{"id":"CVE-2013-4577","package":"grub","score":"2.1","severity":null,"suppressed":"Exception: False positive; this is a Debian-specific vulnerability applicable only to Debian-based systems.","published":"2014-05-12T14:55:05.023000Z","modified":"2025-04-12T10:46:40.837000Z","commentary":null},{"id":"CVE-2010-4226","package":"cpio","score":"7.2","severity":"high","suppressed":"Exception: False positive; this vulnerability only applies to systems that use RPM packaging, which Controllers do not.","published":"2014-02-06T17:00:03.167000Z","modified":"2025-06-09T15:15:22.147000Z","commentary":null},{"id":"BIT-rclone-2024-52522","package":"rclone","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2024-41815","package":"starship","score":"7.0","severity":"high","suppressed":null,"published":"2024-07-26T21:15:14.370000Z","modified":"2024-11-21T09:33:07.663000Z","commentary":null},{"id":"CVE-2024-8006","package":"libpcap","score":"4.4","severity":"medium","suppressed":null,"published":"2024-08-31T00:15:05.743000Z","modified":"2024-09-19T17:46:03.447000Z","commentary":null},{"id":"CVE-2023-7256","package":"libpcap","score":"4.4","severity":"medium","suppressed":null,"published":"2024-08-31T00:15:05.240000Z","modified":"2024-09-19T17:53:15.207000Z","commentary":null},{"id":"CVE-2024-10041","package":"linux-pam","score":"4.7","severity":"medium","suppressed":null,"published":"2024-10-23T14:15:03.970000Z","modified":"2024-12-18T10:15:05.850000Z","commentary":null},{"id":"BIT-grafana-2024-8118","package":"grafana","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null}],"created":"2024-09-13T00:17:33.711366Z","next_scan":null,"scanned":"2024-11-27T00:24:46.865904Z","package":8672,"has_cdx":true,"has_spdx":true,"scanning":false,"queued":false}