{"scanned":"2026-03-14T04:55:45.772297Z","package":5401,"vulnerabilities":[{"id":"BIT-grafana-2026-21725","package":"pkg:bitnami/grafana","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-1365","package":"elfutils","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2022-42012","package":"dbus","score":"6.5","severity":"medium","suppressed":"Exception: false positive; Controllers run a version of dbus greater than 1.14.4.","published":"2022-10-10T00:15:09Z","modified":"2025-06-09T15:15:28.623000Z","commentary":null},{"id":"CVE-2025-5702","package":"glibc","score":"5.6","severity":"medium","suppressed":null,"published":"2025-06-05T19:15:31.073000Z","modified":"2025-10-01T15:37:50.070000Z","commentary":null},{"id":"CVE-2014-9278","package":"openssh","score":"4.0","severity":null,"suppressed":"Exception: false positive; this is a Red Hat/Fedora specific vulnerability","published":"2014-12-06T15:59:07Z","modified":"2025-04-12T10:46:40Z","commentary":null},{"id":"GHSA-rjvj-673q-4hfw","package":"traceroute","score":null,"severity":"critical","suppressed":"Exception: this result is a false positive; the indicated vulnerability only applies to the npm package, not the generic Linux utility.","published":"2020-09-04T17:54:31Z","modified":null,"commentary":null},{"id":"GHSA-2qfp-q593-8484","package":"brotli","score":null,"severity":null,"suppressed":"Exception: false positive; this vulnerability refers to the python package, not the library","published":null,"modified":null,"commentary":null},{"id":"CVE-2022-30947","package":"git","score":"7.5","severity":"high","suppressed":"Exception: this scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-05-17T15:15:08Z","modified":"2024-11-21T07:03:36.643000Z","commentary":null},{"id":"MAL-2025-191532","package":"pkg:npm/yq-go","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"OSV-2024-817","package":"libpcap","score":null,"severity":"medium","suppressed":null,"published":"2024-08-16T00:02:39.185747Z","modified":"2025-01-08T14:19:40.985698Z","commentary":null},{"id":"CVE-2008-3844","package":"openssh","score":"9.3","severity":null,"suppressed":"Exception: false positive; this vulnerability only applies to Red Hat distributions","published":"2008-08-27T20:41:00Z","modified":"2025-04-09T00:30:58Z","commentary":null},{"id":"CVE-2023-44487","package":"contour","score":"7.5","severity":"high","suppressed":"Exception: false positive; Controllers ship contour .terminfo files, not the contour kubernetes software","published":"2023-10-10T14:15:10Z","modified":"2025-10-21T23:16:11.797000Z","commentary":null},{"id":"CVE-2022-38663","package":"git","score":"6.5","severity":"medium","suppressed":"Exception: this scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-08-23T17:15:15Z","modified":"2024-11-21T07:16:53.420000Z","commentary":null},{"id":"CVE-2016-2781","package":"coreutils","score":"4.6","severity":"medium","suppressed":null,"published":"2017-02-07T15:59:00.333000Z","modified":"2025-06-09T16:15:25.013000Z","commentary":null},{"id":"CVE-2024-21485","package":"dash","score":"5.4","severity":"medium","suppressed":null,"published":"2024-02-02T05:15:09.510000Z","modified":"2025-05-15T20:15:42.327000Z","commentary":null},{"id":"CVE-2007-2768","package":"openssh","score":"4.3","severity":null,"suppressed":null,"published":"2007-05-21T20:30:00Z","modified":"2025-04-09T00:30:58.490000Z","commentary":null},{"id":"MAL-2025-25227","package":"libbsd","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-8224","package":"binutils","score":"4.8","severity":"medium","suppressed":null,"published":"2025-07-27T06:15:26.947000Z","modified":"2025-08-01T17:08:29.620000Z","commentary":null},{"id":"CVE-2025-62689","package":"libmicrohttpd","score":"7.5","severity":null,"suppressed":"Exception: false positive, Controllers do not compile libmicrohttpd with --enable-experimental","published":null,"modified":null,"commentary":null},{"id":"OSV-2024-395","package":"libpcap","score":null,"severity":"medium","suppressed":null,"published":"2024-05-01T00:04:54.392345Z","modified":"2024-08-31T14:18:45.876646Z","commentary":null},{"id":"CVE-2023-6992","package":"zlib","score":"5.5","severity":"medium","suppressed":"Exception: this result is a false positive; the vulnerable version of zlib is a Cloudflare-specific package and not the upstream zlib package.","published":"2024-01-04T12:15:23Z","modified":"2024-11-21T08:44:59.467000Z","commentary":null},{"id":"CVE-2025-49796","package":"libxml2","score":"9.1","severity":"critical","suppressed":"Exception: upstream indicates this vulnerability is inapplicable (see: https://gitlab.gnome.org/GNOME/libxml2/-/issues/933#note_2514713)","published":"2025-06-16T16:15:19Z","modified":"2025-10-22T07:15:34.360000Z","commentary":null},{"id":"CVE-2024-6174","package":"cloud-init","score":"8.8","severity":"high","suppressed":"Exception: false positive; Controllers are only provided for the x86-64 platform","published":"2025-06-26T00:00:00Z","modified":"2025-08-26T20:48:56.763000Z","commentary":null},{"id":"CVE-2023-22834","package":"contour","score":"4.3","severity":"medium","suppressed":"Exception: false positive; Controllers ship contour .terminfo files, not the contour kubernetes software","published":"2023-06-27T00:15:09Z","modified":"2024-11-21T07:45:29.317000Z","commentary":null},{"id":"CVE-2021-21684","package":"git","score":"6.1","severity":"medium","suppressed":"Exception: this scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2021-10-06T23:15:06Z","modified":"2024-11-21T05:48:49.770000Z","commentary":null},{"id":"CVE-2025-29481","package":"libbpf","score":"6.2","severity":"medium","suppressed":null,"published":"2025-04-07T20:15:20.720000Z","modified":"2025-04-15T15:42:59.650000Z","commentary":null},{"id":"CVE-2022-3219","package":"gnupg","score":"3.3","severity":"low","suppressed":null,"published":"2023-02-23T20:15:12.393000Z","modified":"2025-03-12T21:15:38.207000Z","commentary":null},{"id":"GHSA-72fg-jqhx-c68p","package":"st","score":"6.1","severity":"medium","suppressed":"Exception: false positive; the `st` package does not run on controllers","published":"2018-08-06T21:33:31Z","modified":null,"commentary":null},{"id":"BIT-grafana-2025-41115","package":"pkg:bitnami/grafana","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2024-25003","package":"kitty","score":"7.8","severity":"high","suppressed":"Exception: false positive; Controllers only ship kitty .terminfo files, not the entire program","published":"2024-02-09T07:16:00Z","modified":"2025-05-08T19:16:00.100000Z","commentary":null},{"id":"CVE-2024-56406","package":"perl","score":"8.4","severity":"high","suppressed":"Exception: false positive; patched in upstream nixpkgs","published":"2025-04-13T14:15:14Z","modified":"2025-10-16T14:15:34.083000Z","commentary":null},{"id":"GHSA-547x-748v-vp6p","package":"dash-core-components","score":"6.5","severity":"medium","suppressed":null,"published":"2024-02-02T06:30:31Z","modified":null,"commentary":null},{"id":"CVE-2025-46394","package":"busybox","score":"3.3","severity":"low","suppressed":null,"published":"2025-04-23T16:15:48.713000Z","modified":"2025-09-24T14:38:22.127000Z","commentary":null},{"id":"CVE-2025-6052","package":"glib","score":"7.5","severity":"high","suppressed":"Exception: false positive; fix has been backported to version 2.84.3","published":"2025-06-13T16:15:28Z","modified":"2025-08-20T17:27:24.260000Z","commentary":null},{"id":"CVE-2024-11584","package":"cloud-init","score":"5.3","severity":"medium","suppressed":null,"published":"2025-06-26T10:15:24.703000Z","modified":"2025-09-05T15:20:25.690000Z","commentary":null},{"id":"CVE-2023-48795","package":"kitty","score":"5.9","severity":"medium","suppressed":null,"published":"2023-12-18T16:15:10.897000Z","modified":"2025-09-29T21:56:10.567000Z","commentary":null},{"id":"OSV-2023-1307","package":"libbpf","score":null,"severity":"medium","suppressed":null,"published":"2023-12-15T00:12:51.528155Z","modified":"2025-09-25T14:24:50.411130Z","commentary":null},{"id":"MAL-2022-4301","package":"libidn2","score":null,"severity":null,"suppressed":"Exception: this result is a false positive; the indicated package is an npm package and not the generic Linux library.","published":null,"modified":null,"commentary":null},{"id":"CVE-2021-32783","package":"contour","score":"8.5","severity":"high","suppressed":"Exception: false positive; Controllers ship contour .terminfo files, not the contour kubernetes software","published":"2021-07-23T22:15:08Z","modified":"2024-11-21T06:07:43.930000Z","commentary":null},{"id":"CVE-2024-58251","package":"busybox","score":"2.5","severity":"low","suppressed":null,"published":"2025-04-23T18:16:03.057000Z","modified":"2025-04-29T13:52:47.470000Z","commentary":null},{"id":"GHSA-8rc5-mr4f-m243","package":"rio","score":"9.8","severity":"critical","suppressed":"Exception: false positive: the `rio` rate is not used on Controllers","published":"2021-08-25T20:46:57Z","modified":null,"commentary":null},{"id":"CVE-2025-3198","package":"binutils","score":"4.8","severity":"medium","suppressed":null,"published":"2025-04-04T02:15:18.803000Z","modified":"2025-05-15T19:46:30.950000Z","commentary":null},{"id":"CVE-2025-8225","package":"binutils","score":"4.8","severity":"medium","suppressed":null,"published":"2025-07-27T08:15:25.760000Z","modified":"2025-08-01T17:08:13.977000Z","commentary":null},{"id":"CVE-2025-1372","package":"elfutils","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"RUSTSEC-2020-0021","package":"rio","score":null,"severity":null,"suppressed":"Exception: false positive: the `rio` crate is unused on Controllers","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-49133","package":"libtpms","score":"5.5","severity":"medium","suppressed":null,"published":"2025-06-10T20:15:24.337000Z","modified":"2025-10-01T15:11:08.527000Z","commentary":null},{"id":"CVE-2025-5745","package":"glibc","score":"5.6","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-1153","package":"binutils","score":"2.3","severity":"low","suppressed":null,"published":"2025-02-10T19:15:39.900000Z","modified":"2025-04-04T23:15:42.230000Z","commentary":null},{"id":"CVE-2023-51767","package":"openssh","score":"7.0","severity":"high","suppressed":"Exception: dismissed by upstream","published":"2023-12-24T07:15:07Z","modified":"2025-09-22T17:16:06Z","commentary":null},{"id":"RUSTSEC-2025-0121","package":"pkg:cargo/gcc","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2023-4039","package":"gcc","score":"4.8","severity":"medium","suppressed":"Exception: this vulnerability applies to aarch64 systems only; Controllers currently only target x86-64 systems.","published":"2023-09-13T09:15:15Z","modified":"2025-02-13T17:17:14.717000Z","commentary":null},{"id":"CVE-2013-4577","package":"grub","score":"2.1","severity":null,"suppressed":"Exception: false positive; this is a Debian-specific vulnerability applicable only to Debian-based systems.","published":"2014-05-12T14:55:05Z","modified":"2025-04-12T10:46:40.837000Z","commentary":null},{"id":"MAL-2022-6425","package":"tbb","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"OSV-2023-877","package":"libbpf","score":null,"severity":"medium","suppressed":null,"published":"2023-09-18T14:02:44.989260Z","modified":"2025-09-25T14:27:18.692926Z","commentary":null},{"id":"CVE-2024-25004","package":"kitty","score":"7.8","severity":"high","suppressed":"Exception: false positive; Controllers only ship kitty .terminfo files, not the entire program","published":"2024-02-09T07:16:00Z","modified":"2025-05-15T20:15:48.197000Z","commentary":null},{"id":"CVE-2022-36884","package":"git","score":"5.3","severity":"medium","suppressed":"Exception: this scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-07-27T15:15:08Z","modified":"2024-11-21T07:13:59.117000Z","commentary":null},{"id":"OSV-2023-197","package":"p11-kit","score":null,"severity":null,"suppressed":null,"published":"2023-03-18T13:00:57.254906Z","modified":"2025-09-25T14:23:56.310071Z","commentary":null},{"id":"CVE-2025-59777","package":"libmicrohttpd","score":"7.5","severity":null,"suppressed":"Exception: false positive, Controllers do not compile libmicrohttpd with --enable-experimental","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-1377","package":"elfutils","score":"3.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-1352","package":"elfutils","score":"5.0","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2022-42011","package":"dbus","score":"6.5","severity":"medium","suppressed":"Exception: false positive; Controllers run a version of dbus greater than 1.14.4.","published":"2022-10-10T00:15:09Z","modified":"2025-06-09T15:15:28.073000Z","commentary":null},{"id":"CVE-2023-7216","package":"cpio","score":"5.3","severity":"medium","suppressed":null,"published":"2024-02-05T15:15:08.903000Z","modified":"2024-11-21T08:45:32.120000Z","commentary":null},{"id":"CVE-2000-0006","package":"strace","score":"2.6","severity":null,"suppressed":null,"published":"1999-12-25T05:00:00Z","modified":"2025-04-03T01:03:51.193000Z","commentary":null},{"id":"PYSEC-2024-35","package":"dash","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2022-36882","package":"git","score":"8.8","severity":"high","suppressed":"Exception: this scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-07-27T15:15:08Z","modified":"2024-11-21T07:13:58.690000Z","commentary":null},{"id":"CVE-2025-1371","package":"elfutils","score":"3.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-1376","package":"elfutils","score":"2.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2022-42010","package":"dbus","score":"6.5","severity":"medium","suppressed":"Exception: false positive; Controllers run a version of dbus greater than 1.14.4.","published":"2022-10-10T00:15:09Z","modified":"2025-06-09T15:15:27.810000Z","commentary":null},{"id":"CVE-2022-36883","package":"git","score":"7.5","severity":"high","suppressed":"Exception: this scan result is a false positive and refers instead to the git Jenkins plugins. Controllers do not install or run Jenkins.","published":"2022-07-27T15:15:08Z","modified":"2024-11-21T07:13:58.903000Z","commentary":null},{"id":"CVE-2024-23749","package":"kitty","score":"7.8","severity":"high","suppressed":"Exception: false positive; Controllers only ship kitty .terminfo files, not the entire program","published":"2024-02-09T08:15:08Z","modified":"2025-05-15T20:15:44.290000Z","commentary":null},{"id":"CVE-2023-34111","package":"grafana","score":"9.8","severity":"critical","suppressed":"Exception: Controllers do not use the TaosData Grafana plugin.","published":"2023-06-06T17:15:15Z","modified":"2024-11-21T08:06:34.313000Z","commentary":null},{"id":"CVE-2010-4226","package":"cpio","score":"7.2","severity":"high","suppressed":"Exception: false positive; this vulnerability only applies to systems that use RPM packaging, which Controllers do not.","published":"2014-02-06T17:00:03Z","modified":"2025-06-09T15:15:22.147000Z","commentary":null},{"id":"CVE-2025-7425","package":"libxslt","score":"7.8","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":"Reduced severity: libxslt is not in the critical path for any Controller components"},{"id":"CVE-2025-69421","package":"openssl","score":"7.5","severity":null,"suppressed":"Exception: OpenSSL PKCS#12 null deref (DoS); the controller does not process PKCS#12 files. Certificate handling only accepts PEM-encoded X.509 certs and keys.\r\n\r\nPresumably fixed in future NixOS 26.05","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69419","package":"openssl","score":"7.4","severity":null,"suppressed":"Exception: PKCS12 files not used","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-14017","package":"curl","score":"6.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69418","package":"","score":"4.0","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-68160","package":"","score":"4.7","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-15468","package":"openssl","score":"5.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-66199","package":"","score":"5.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-15467","package":"openssl","score":"9.8","severity":null,"suppressed":"Exception: AEAD ciphers not used","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-11187","package":"openssl","score":"6.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69420","package":"openssl","score":"7.5","severity":null,"suppressed":"Exception: Timestamp protocol (RFC 3161) not used","published":null,"modified":null,"commentary":null},{"id":"CVE-2026-0915","package":"glibc","score":"7.5","severity":null,"suppressed":"Exception: backported patch included in upstream packaging","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69650","package":"binutils","score":"7.5","severity":null,"suppressed":"Exception: low-impact on Controller (unused and denial-of-service only)","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69649","package":"binutils","score":"7.5","severity":null,"suppressed":"Exception: low-impact on Controller (unused and denial-of-service only)","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69652","package":"binutils","score":"6.2","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-30852","package":"caddy","score":"7.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69651","package":"binutils","score":"5.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69647","package":"binutils","score":"6.2","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-3805","package":"curl","score":"7.5","severity":null,"suppressed":"Exception: curl requests against SMB endpoints is not used by Controllers","published":null,"modified":null,"commentary":null},{"id":"CVE-2026-30851","package":"caddy","score":"8.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-1965","package":"curl","score":"6.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-3784","package":"curl","score":"6.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69648","package":"binutils","score":"6.2","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-26982","package":"","score":"6.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-3783","package":"curl","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-69644","package":"binutils","score":"5.0","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-0861","package":"glibc","score":"8.4","severity":null,"suppressed":"Exception: glibc memalign integer overflow; requires attacker-controlled alignment args with values between 2^62 and 2^63 — no controller code path exposes these parameters to external input. Local-only attack vector.\r\n\r\nFix in NixOS 26.05 presumably.","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-62408","package":"c-ares","score":"5.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-15281","package":"glibc","score":"7.5","severity":null,"suppressed":"Exception: glibc wordexp uninitialized memory (DoS); no code on the controller calls wordexp(). Zero occurrences in the codebase.\r\n\r\npresumably fixed in future NixOS 26.05","published":null,"modified":null,"commentary":null},{"id":"CVE-2026-22795","package":"","score":"5.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-13151","package":"libtasn1","score":"7.5","severity":null,"suppressed":"Exception: libtasn1 stack overflow in asn1_expend_octet_string; the controller uses OpenSSL exclusively for TLS/cert handling, not GnuTLS/libtasn1. libtasn1 is a transitive dependency but never invoked by controller code.\r\n\r\npresumably fixed in future NixOS 26.05","published":null,"modified":null,"commentary":null},{"id":"CVE-2026-22796","package":"","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-60876","package":"busybox","score":"6.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-13601","package":"glib","score":"7.7","severity":null,"suppressed":"Exception: glib g_escape_uri_string heap overflow; the controller does not use glib. glib is only linked in the client-side GTK tray app, not the controller image.","published":null,"modified":null,"commentary":null},{"id":"CVE-2019-12749","package":"dbus","score":"7.1","severity":"high","suppressed":"Exception: false positive; Controllers run a version of dbus not subject to this vulnerability.","published":"2019-06-11T17:29:00Z","modified":"2024-12-06T14:15:18.790000Z","commentary":null},{"id":"CVE-2025-14512","package":"","score":"6.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-14087","package":"","score":"5.6","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-68973","package":"gnupg","score":"7.8","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-11961","package":"","score":"1.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-11964","package":"","score":"1.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-68615","package":"","score":"9.8","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-21444","package":"","score":"5.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-41115","package":"grafana","score":"10.0","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-22184","package":"zlib","score":"9.8","severity":null,"suppressed":"Exception: false positive; vulnerability in unused reference utility","published":null,"modified":null,"commentary":null},{"id":"CVE-2025-68972","package":"gnupg","score":"5.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27171","package":"","score":"2.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-21722","package":"grafana","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-21720","package":"","score":"7.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"BIT-grafana-2026-21721","package":"pkg:bitnami/grafana","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"BIT-grafana-2026-21722","package":"pkg:bitnami/grafana","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"BIT-grafana-2026-21720","package":"pkg:bitnami/grafana","score":null,"severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-21721","package":"grafana","score":"8.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-13034","package":"curl","score":"5.9","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-10966","package":"curl","score":"4.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-15224","package":"curl","score":"3.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-14819","package":"curl","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-14524","package":"curl","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-15079","package":"curl","score":"5.3","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2025-13878","package":"bind","score":"7.5","severity":null,"suppressed":"Exception: false positive; the named daemon does not run on Controllers","published":null,"modified":null,"commentary":null},{"id":"CVE-2026-21725","package":"grafana","score":"2.6","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27590","package":"","score":"9.8","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27589","package":"","score":"6.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27587","package":"","score":"9.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27585","package":"","score":"6.5","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27586","package":"","score":"9.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null},{"id":"CVE-2026-27588","package":"","score":"9.1","severity":null,"suppressed":null,"published":null,"modified":null,"commentary":null}],"next_scan":null,"created":"2025-12-10T23:50:34.607722Z","id":293,"has_cdx":true,"has_spdx":true,"scanning":false,"queued":false}