Get Vulnerability Updates

Data for SBOM Document ID: ca757970-7319-42b0-8475-ea87a3ae7fe4

Key Value
Timestamp 2024-05-07T16:44:48+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.50.4
Component bom-ref: b6c02c34-cb18-4c75-984c-a02c7f515d68
Type: application
Name: https://github.com/apache/pulsar
Properties:
  • aquasecurity:trivy:SchemaVersion: 2

OpenSSF Scorecard: 6.1 / 10
Total Components

4831

7.75 / 10

Vulnerability Severity Distribution

Total Vulnerabilities

42

Critical

6

High

15

Medium

21

Low

0

None

0

GHSA-24rp-q3w6-vc56
Severity: Critical

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation...

GHSA-gx2c-fvhc-ph4j
Severity: Critical

Path traversal in Hadoop...

GHSA-c27h-mcmw-48hv
Severity: Critical

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl...

GHSA-rcjc-c4pj-xxrp
Severity: Critical

Apache Derby: LDAP injection vulnerability in authenticator...

GHSA-c9hw-wf7x-jp9j
Severity: Critical

Improper Privilege Management in Tomcat...

GHSA-24rp-q3w6-vc56
Severity: Critical

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation...

GHSA-cfgp-2977-2fmm
Severity: High

Connection confusion in gRPC...

GHSA-xjhv-p3fv-x24r
Severity: High

In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that ...

GHSA-493p-pfq6-5258
Severity: High

json-smart Uncontrolled Recursion vulnerabilty...

GHSA-q24v-hpg3-v3jp
Severity: High

Reactor Netty HTTP Server denial of service vulnerability...

GHSA-p22x-g9px-3945
Severity: High

Apache Tomcat may reject request containing invalid Content-Length header...

GHSA-3vqj-43w4-2q58
Severity: High

json stack overflow vulnerability...

GHSA-r6j9-8759-g62w
Severity: High

Improper Restriction of XML External Entity Reference in jackson-mapper-asl...

GHSA-c24f-2j3g-rg48
Severity: High

kaml has potential denial of service while parsing input with anchors and aliases ...

GHSA-9xcj-c8cr-8c3c
Severity: High

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could p...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4,1.5 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 8.5

# Description Score Score Progress
1 0/4832 have supplier names 0.0
2 4832/4832 have names 10.0
3 4695/4832 have versions 9.7
4 4832/4832 have unique ID's 10.0
5 doc has 3845 relationships 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-05-07T16:44:48+00:00 10.0

Semantic

Average: 6.3

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 4332/4832 have licenses 9.0
3 0/4832 have checksums 0.0

Quality

Average: 7.5

# Description Score Score Progress
1 662/4832 components with valid license 1.0
2 4832/4832 components have primary purpose specified 10.0
3 1/4832 components have deprecated licenses 10.0
4 530/4832 components have restricted licenses 8.9
5 4695/4832 components have any lookup id 9.7
6 0/4832 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0