Get Vulnerability Updates

Data for SBOM Document ID: ca757970-7319-42b0-8475-ea87a3ae7fe4

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2024-05-07T16:44:48+00:00
Signature unsigned
Tool Vendor: aquasecurity
Name: trivy
Version: 0.50.4
Component bom-ref: b6c02c34-cb18-4c75-984c-a02c7f515d68
Type: application
Name: https://github.com/apache/pulsar
Properties:
  • aquasecurity:trivy:SchemaVersion: 2

OpenSSF Scorecard: 6.1 / 10
Total Components

4831

SBOM Quality Score

7.75 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

42

Critical

6

High

15

Medium

21

Low

0

None

0

GHSA-24rp-q3w6-vc56
Severity: Critical

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation...

GHSA-gx2c-fvhc-ph4j
Severity: Critical

Path traversal in Hadoop...

GHSA-c27h-mcmw-48hv
Severity: Critical

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl...

GHSA-rcjc-c4pj-xxrp
Severity: Critical

Apache Derby: LDAP injection vulnerability in authenticator...

GHSA-c9hw-wf7x-jp9j
Severity: Critical

Improper Privilege Management in Tomcat...

GHSA-24rp-q3w6-vc56
Severity: Critical

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation...

GHSA-cfgp-2977-2fmm
Severity: High

Connection confusion in gRPC...

GHSA-xjhv-p3fv-x24r
Severity: High

In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that ...

GHSA-493p-pfq6-5258
Severity: High

json-smart Uncontrolled Recursion vulnerabilty...

GHSA-q24v-hpg3-v3jp
Severity: High

Reactor Netty HTTP Server denial of service vulnerability...

GHSA-p22x-g9px-3945
Severity: High

Apache Tomcat may reject request containing invalid Content-Length header...

GHSA-3vqj-43w4-2q58
Severity: High

json stack overflow vulnerability...

GHSA-r6j9-8759-g62w
Severity: High

Improper Restriction of XML External Entity Reference in jackson-mapper-asl...

GHSA-c24f-2j3g-rg48
Severity: High

kaml has potential denial of service while parsing input with anchors and aliases ...

GHSA-9xcj-c8cr-8c3c
Severity: High

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could p...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4,1.5 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 8.5

# Description Score Score Progress
1 0/4832 have supplier names 0.0
2 4832/4832 have names 10.0
3 4695/4832 have versions 9.7
4 4832/4832 have unique ID's 10.0
5 doc has 3845 relationships 10.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2024-05-07T16:44:48+00:00 10.0

Semantic

Average: 6.3

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 4332/4832 have licenses 9.0
3 0/4832 have checksums 0.0

Quality

Average: 7.5

# Description Score Score Progress
1 662/4832 components with valid license 1.0
2 4832/4832 components have primary purpose specified 10.0
3 1/4832 components have deprecated licenses 10.0
4 530/4832 components have restricted licenses 8.9
5 4695/4832 components have any lookup id 9.7
6 0/4832 components have multiple lookup id 0.0
7 1/1 tools have creator and version 10.0
8 primary component found 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0