Get Vulnerability Updates

Data for SBOM Document ID: 37cbffcf-1bd3-4daf-86b7-77deb71575b7

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2023-10-19T14:56:41+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.46.0
Component bom-ref: 361cc827-7e02-4dd7-bafb-6bf8b06dc38f
Type: application
Name: https://github.com/codenotary/immudb
Properties:
  • aquasecurity:trivy:SchemaVersion: 2

OpenSSF Scorecard: 6.2 / 10
Total Components

183

SBOM Quality Score

5.86 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

8

Critical

1

High

3

Medium

4

Low

0

None

0

CVE-2023-37920
Severity: Critical

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certi...

CVE-2023-39325
Severity: High

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause exces...

CVE-2023-44487
Severity: High

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell...

CVE-2023-43804
Severity: High

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP h...

CVE-2022-39199
Severity: Medium

immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use serv...

CVE-2023-3978
Severity: Medium

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should b...

CVE-2022-36111
Severity: Medium

immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1,...

CVE-2023-45803
Severity: Medium

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HT...

Structural

Average: 7.5

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4 0.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 8.5

# Description Score Score Progress
1 0/184 have supplier names 0.0
2 184/184 have names 10.0
3 174/184 have versions 9.5
4 184/184 have unique ID's 10.0
5 doc has 410 relationships 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2023-10-19T14:56:41+00:00 10.0

Semantic

Average: 3.3

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 0/184 have licenses 0.0
3 0/184 have checksums 0.0

Quality

Average: 4.2

# Description Score Score Progress
1 0/184 components with valid license 0.0
2 184/184 components have primary purpose specified 10.0
3 no licenses found 0.0
4 no licenses found 0.0
5 174/184 components have any lookup id 9.5
6 0/184 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0