@@ -766,7 +766,7 @@ Scanned <rootdir>/testdata/sbom-insecure/only-unimportant.spdx.json file and fou
766766Scanned <rootdir>/testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages
767767Scanned <rootdir>/testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages
768768Filtered 9 local/unscannable package/s from the scan.
769- Total 26 packages affected by 159 known vulnerabilities (20 Critical, 67 High, 48 Medium, 1 Low, 23 Unknown) from 4 ecosystems.
769+ Total 26 packages affected by 159 known vulnerabilities (20 Critical, 68 High, 48 Medium, 1 Low, 22 Unknown) from 4 ecosystems.
7707708 vulnerabilities can be fixed.
771771
772772
@@ -958,7 +958,7 @@ Total 26 packages affected by 159 known vulnerabilities (20 Critical, 67 High, 4
958958| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
959959| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
960960| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
961- | https://osv.dev/DSA-5895-1 | | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
961+ | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
962962| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
963963+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+
964964
@@ -1839,7 +1839,7 @@ testdata/osv-scanner-partial-ignores-config.toml has unused ignores:
18391839 - GO-2022-0274
18401840 - CVE-2019-5188
18411841 - CVE-2022-1304
1842- Total 24 packages affected by 153 known vulnerabilities (20 Critical, 62 High, 47 Medium, 1 Low, 23 Unknown) from 4 ecosystems.
1842+ Total 24 packages affected by 153 known vulnerabilities (20 Critical, 63 High, 47 Medium, 1 Low, 22 Unknown) from 4 ecosystems.
184318437 vulnerabilities can be fixed.
18441844
18451845
@@ -2023,7 +2023,7 @@ Total 24 packages affected by 153 known vulnerabilities (20 Critical, 62 High, 4
20232023| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
20242024| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
20252025| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2026- | https://osv.dev/DSA-5895-1 | | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2026+ | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
20272027| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
20282028+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+
20292029
@@ -2050,7 +2050,7 @@ testdata/osv-scanner-partial-ignores-config.toml has unused ignores:
20502050 - GO-2022-0274
20512051 - CVE-2019-5188
20522052 - CVE-2022-1304
2053- Total 22 packages affected by 151 known vulnerabilities (18 Critical, 62 High, 47 Medium, 1 Low, 23 Unknown) from 3 ecosystems.
2053+ Total 22 packages affected by 151 known vulnerabilities (18 Critical, 63 High, 47 Medium, 1 Low, 22 Unknown) from 3 ecosystems.
205420547 vulnerabilities can be fixed.
20552055
20562056
@@ -2232,7 +2232,7 @@ Total 22 packages affected by 151 known vulnerabilities (18 Critical, 62 High, 4
22322232| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
22332233| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
22342234| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2235- | https://osv.dev/DSA-5895-1 | | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2235+ | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
22362236| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
22372237+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+
22382238
@@ -3779,7 +3779,7 @@ Scanned <rootdir>/testdata/sbom-insecure/postgres-stretch.cdx.xml file and found
37793779Loaded Debian local db from <tempdir>/osv-scanner/Debian/all.zip
37803780Loaded Go local db from <tempdir>/osv-scanner/Go/all.zip
37813781Loaded OSS-Fuzz local db from <tempdir>/osv-scanner/OSS-Fuzz/all.zip
3782- Total 21 packages affected by 152 known vulnerabilities (17 Critical, 63 High, 48 Medium, 1 Low, 23 Unknown) from 2 ecosystems.
3782+ Total 21 packages affected by 152 known vulnerabilities (17 Critical, 64 High, 48 Medium, 1 Low, 22 Unknown) from 2 ecosystems.
378337838 vulnerabilities can be fixed.
37843784
37853785
@@ -3964,7 +3964,7 @@ Total 21 packages affected by 152 known vulnerabilities (17 Critical, 63 High, 4
39643964| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
39653965| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
39663966| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
3967- | https://osv.dev/DSA-5895-1 | | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
3967+ | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
39683968| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
39693969+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+
39703970
@@ -3980,7 +3980,7 @@ Scanned <rootdir>/testdata/sbom-insecure/postgres-stretch.cdx.xml file and found
39803980Loaded Debian local db from <tempdir>/osv-scanner/Debian/all.zip
39813981Loaded Go local db from <tempdir>/osv-scanner/Go/all.zip
39823982Loaded OSS-Fuzz local db from <tempdir>/osv-scanner/OSS-Fuzz/all.zip
3983- Total 21 packages affected by 152 known vulnerabilities (17 Critical, 63 High, 48 Medium, 1 Low, 23 Unknown) from 2 ecosystems.
3983+ Total 21 packages affected by 152 known vulnerabilities (17 Critical, 64 High, 48 Medium, 1 Low, 22 Unknown) from 2 ecosystems.
398439848 vulnerabilities can be fixed.
39853985
39863986
@@ -4165,7 +4165,7 @@ Total 21 packages affected by 152 known vulnerabilities (17 Critical, 63 High, 4
41654165| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
41664166| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
41674167| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
4168- | https://osv.dev/DSA-5895-1 | | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
4168+ | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
41694169| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
41704170+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+
41714171
0 commit comments