Get Vulnerability Updates

Data for SBOM Document ID: e6545de4-81a1-43a5-b212-076a02b32dc5

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2023-09-06T08:55:46-04:00
Signature unsigned
Tool Vendor: anchore
Name: syft
Version: 0.54.0
Component bom-ref: af63bd4c8601b7f1
Type: file
Name: .
Total Components

977

SBOM Quality Score

6.14 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

933

Critical

319

High

427

Medium

139

Low

48

None

0

GHSA-rfx6-vp9g-rh7v
Severity: Critical

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist ...

GHSA-7rjr-3q55-vv33
Severity: Critical

Incomplete fix for Apache Log4j vulnerability...

GHSA-h822-r4r5-v8jg
Severity: Critical

Polymorphic Typing issue in FasterXML jackson-databind...

GHSA-gjmw-vf9h-g25v
Severity: Critical

jackson-databind polymorphic typing issue...

GHSA-fjq5-5j5f-mvxh
Severity: Critical

Deserialization of Untrusted Data in Apache commons collections...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-6fpp-rgj9-8rwc
Severity: Critical

Deserialization of untrusted data in FasterXML jackson-databind...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-fmmc-742q-jg75
Severity: Critical

jackson-databind polymorphic typing issue...

GHSA-rfx6-vp9g-rh7v
Severity: Critical

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist ...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-fmmc-742q-jg75
Severity: Critical

jackson-databind polymorphic typing issue...

GHSA-h822-r4r5-v8jg
Severity: Critical

Polymorphic Typing issue in FasterXML jackson-databind...

GHSA-h822-r4r5-v8jg
Severity: Critical

Polymorphic Typing issue in FasterXML jackson-databind...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.4 and versions: 1.0,1.1,1.2,1.3,1.4 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 6.5

# Description Score Score Progress
1 0/978 have supplier names 0.0
2 978/978 have names 10.0
3 508/978 have versions 5.2
4 978/978 have unique ID's 10.0
5 doc has 0 relationships 0.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2023-09-06T08:55:46-04:00 10.0

Semantic

Average: 3.3

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 0/978 have licenses 0.0
3 0/978 have checksums 0.0

Quality

Average: 5.7

# Description Score Score Progress
1 0/978 components with valid license 0.0
2 978/978 components have primary purpose specified 10.0
3 no licenses found 0.0
4 no licenses found 0.0
5 976/978 components have any lookup id 10.0
6 967/978 components have multiple lookup id 9.9
7 1/1 tools have creator and version 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0