Get Vulnerability Updates

Data for SBOM Document ID: 78389675-0358-46e5-81c7-04186dbfb8a8

Key Value
Timestamp 2023-09-06T12:49:53+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.45.0
Component bom-ref: 63d1f6b4-abd7-4a33-aaaa-8a9d3eb1c6f8
Type: application
Name: .
Properties:
  • aquasecurity:trivy:SchemaVersion: 2
Total Components

1209

7.69 / 10

Vulnerability Severity Distribution

Total Vulnerabilities

103

Critical

9

High

50

Medium

40

Low

4

None

0

CVE-2024-1597
Severity: Critical

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. N...

CVE-2024-53990
Severity: Critical

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async...

CVE-2022-26612
Severity: Critical

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar ut...

CVE-2023-7272
Severity: Critical

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow...

CVE-2019-10202
Severity: Critical

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EA...

CVE-2023-44981
Severity: Critical

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum P...

CVE-2024-45337
Severity: Critical

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptib...

CVE-2024-47561
Severity: Critical

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to exec...

CVE-2022-46337
Severity: Critical

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby in...

CVE-2023-32732
Severity: High

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2...

CVE-2023-43642
Severity: High

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Th...

CVE-2018-11798
Severity: High

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to...

CVE-2024-21634
Severity: High

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential d...

CVE-2020-13949
Severity: High

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result...

CVE-2024-24786
Severity: High

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 8.4

# Description Score Score Progress
1 0/1210 have supplier names 0.0
2 1210/1210 have names 10.0
3 1073/1210 have versions 8.9
4 1210/1210 have unique ID's 10.0
5 doc has 136 dependencies 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2023-09-06T12:49:53+00:00 10.0

Semantic

Average: 5.9

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 923/1210 have licenses 7.6
3 0/1210 have checksums 0.0

Quality

Average: 7.5

# Description Score Score Progress
1 191/1210 components with valid license 1.5
2 1210/1210 components have primary purpose specified 10.0
3 1/1210 components have deprecated licenses 10.0
4 0/1210 components have restricted licenses 10.0
5 1073/1210 components have any lookup id 8.9
6 0/1210 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0