-
Notifications
You must be signed in to change notification settings - Fork 61
Expand file tree
/
Copy path.trivyignore
More file actions
36 lines (32 loc) · 1.32 KB
/
.trivyignore
File metadata and controls
36 lines (32 loc) · 1.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Accept these; revisit as needed
# In bioformats_package.jar: this shouldn't be an issue because of how xml is
# used and because we don't pass urls to bioformats
# The python issue can only be reached if a developer installs an unsafe
# tarball via setuptools; it has not direct exposure
# The ubuntu issues cannot be reached
# HIGH: jar - okhttp: information disclosure via improperly used cryptographic
CVE-2021-0341
# HIGH: jar - apache-commons-io: Possible denial of service attack on untrusted
CVE-2024-47554
# HIGH: jar - com.fasterxml.jackson.core/jackson-core: jackson-core Potential S
CVE-2025-52999
# HIGH: jar - aircompressor Snappy and LZ4 Java-based decompressor implementati
CVE-2025-67721
# HIGH: jar - jackson-core: Number Length Constraint Bypass in Async Parser Lea
GHSA-72hv-8253-57qq
# HIGH: node-pkg - minimatch: minimatch: Denial of Service due to unbounded rec
CVE-2026-27903
# HIGH: node-pkg - minimatch: Minimatch: Denial of Service via catastrophic bac
CVE-2026-27904
# HIGH: ubuntu - kernel: Kernel: Privilege escalation or denial of service in n
CVE-2026-23111
# HIGH
CVE-2025-68121
# HIGH
CVE-2026-25679
# HIGH: ubuntu - kernel: kernel: Privilege escalation or denial of service via
CVE-2026-23231
# HIGH: node-pkg - picomatch: Picomatch: Regular Expression Denial of Service v
CVE-2026-33671
# HIGH
CVE-2026-23112