postgres-1 | 2025-08-14 06:43:11.212 UTC [216] ERROR: null value in column "known_exploited" of relation "dojo_finding" violates not-null constraint
postgres-1 | 2025-08-14 06:43:11.212 UTC [216] DETAIL: Failing row contains (1, CVE-2025-5889 | ******-2.0.1, 2025-08-14, 1035, null, Low, A vulnerability was found in juliangruber ****** up to ..., N/A, null, **Locations Found**: , CVSS v3 score: N/A (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L..., null, t, f, f, f, f, f, f, 0, null, S3, 2025-08-14 06:43:11.178093+00, null, null, null, null, /tmp/ws-ua_20250812120229_ADDIJX/Docker_MAAFMA/20250812120236/bl..., t, f, 2025-08-14 06:43:11.209592+00, null, null, null, 1, null, 1, null, 3, null, f, null, null, null, null, null, null, null, null, null, CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P, null, f, null, 2025-08-14 06:43:11.209559+00, 3, null, , null, null, null, 2025-12-12, null, null, null, null, null, null, null, null).
postgres-1 | 2025-08-14 06:43:11.212 UTC [216] STATEMENT: INSERT INTO "dojo_finding" ("title", "date", "sla_start_date", "sla_expiration_date", "cwe", "cve", "epss_score", "epss_percentile", "known_exploited", "ransomware_used", "kev_date", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "url", "severity", "description", "mitigation", "fix_available", "impact", "steps_to_reproduce", "severity_justification", "refs", "test_id", "active", "verified", "false_p", "duplicate", "duplicate_finding_id", "out_of_scope", "risk_accepted", "under_review", "last_status_update", "review_requested_by_id", "under_defect_review", "defect_review_requested_by_id", "is_mitigated", "thread_id", "mitigated", "mitigated_by_id", "reporter_id", "numerical_severity", "last_reviewed", "last_reviewed_by_id", "param", "payload", "hash_code", "line", "file_path", "component_name", "component_version", "static_finding", "dynamic_finding", "created", "scanner_confidence", "sonarqube_issue_id", "unique_id_from_tool", "vuln_id_from_tool", "sast_source_object", "sast_sink_object", "sast_source_line", "sast_source_file_path", "nb_occurences", "publish_date", "service", "planned_remediation_date", "planned_remediation_version", "effort_for_fixing") VALUES ('CVE-2025-5889 | ******-2.0.1', '2025-08-14'::date, NULL, '2025-12-12'::date, 1035, NULL, NULL, NULL, NULL, NULL, NULL, 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P', 3.0, NULL, NULL, NULL, 'Low', 'A vulnerability was found in juliangruber ****** up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue.
postgres-1 | Mend Note: The description of this vulnerability differs from MITRE. ', 'N/A', NULL, NULL, '**Locations Found**: ', 'CVSS v3 score: N/A (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P)', NULL, 3, true, false, false, false, NULL, false, false, false, '2025-08-14 06:43:11.209559+00:00'::timestamptz, NULL, false, NULL, false, 0, NULL, NULL, 1, 'S3', '2025-08-14 06:43:11.178093+00:00'::timestamptz, 1, NULL, NULL, NULL, NULL, '/tmp/ws-ua_20250812120229_ADDIJX/Docker_MAAFMA/20250812120236/blobs/sha256/layer_2/usr/local/lib/node_modules/npm/node_modules/******/index.js', NULL, NULL, true, false, '2025-08-14 06:43:11.209592+00:00'::timestamptz, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '', NULL, NULL, NULL) RETURNING "dojo_finding"."id"
postgres-1 | 2025-08-14 06:47:35.837 UTC [56] LOG: checkpoint starting: time
postgres-1 | 2025-08-14 06:47:41.507 UTC [56] LOG: checkpoint complete: wrote 57 buffers (0.3%); 0 WAL file(s) added, 0 removed, 0 recycled; write=5.660 s, sync=0.004 s, total=5.670 s; sync files=55, longest=0.001 s, average=0.001 s; distance=38 kB, estimate=6892 kB; lsn=0/217E088, redo lsn=0/217DFE0
An exception error occurred during the report import: null value in column "known_exploited" of relation "dojo_finding" violates not-null constraint DETAIL: Failing row contains (4, CVE-2025-5889 | ******-2.0.1, 2025-08-14, 1035, null, Low, A vulnerability was found in juliangruber ****** up to ..., N/A, null, **Locations Found**: , CVSS v3 score: N/A (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L..., null, t, f, f, f, f, f, f, 0, null, S3, 2025-08-14 06:55:13.039383+00, null, null, null, null, /tmp/ws-ua_20250812120229_ADDIJX/Docker_MAAFMA/20250812120236/bl..., t, f, 2025-08-14 06:55:13.062695+00, null, null, null, 1, null, 1, null, 8, null, f, null, null, null, null, null, null, null, null, null, CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P, null, f, null, 2025-08-14 06:55:13.062667+00, 3, null, , null, null, null, 2025-12-12, null, null, null, null, null, null, null, null).
The upload works with version 2.48.5 and does not work with v2.49.1 and v2.49.0.
Slack us first!
The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: Get Access.
If you're confident you've found a bug, or are allergic to Slack, you can submit an issue anyway.
Be informative
Please enter as much information as possible, otherwise we can't provide support. If possible upgrade to the latest release or dev version and try again.
Bug description
A clear and concise description of what the bug is. For errors include at least the exact error message you are seeing (including traceback).
Steps to reproduce
Steps to reproduce the behavior:
Deployment method (select with an
X)Environment information
Operating System: [e.g. Ubuntu 18.04]
Docker Compose or Helm version (Output of
docker compose versionorhelm version)DefectDojo version (see footer) or commit message: [use
git show -s --format="[%ci] %h: %s [%d]"]Docker compose on Macbook Pro M4 Pro: Docker Compose version v2.39.1-desktop.1
Kubernetes: Amazon EKS 1.32.3-eks-473151a
DefectDojo version: v2.49.1 (v2.49.0)
Logs
Use
docker compose logs(or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).Logs:
UI error message:
Sample scan files
If applicable, add sample scan files to help reproduce your problem.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context (optional)
Add any other context about the problem here.
The upload works with version 2.48.5 and does not work with v2.49.1 and v2.49.0.