diff --git a/glow.advisories.yaml b/glow.advisories.yaml index a3b75bc54..3c6a2ab57 100644 --- a/glow.advisories.yaml +++ b/glow.advisories.yaml @@ -65,6 +65,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/glow scanner: grype + - timestamp: 2024-12-22T13:38:48Z + type: fixed + data: + fixed-version: 2.0.0-r3 - id: CGA-mxwc-74fh-p77h aliases: diff --git a/hugo-extended.advisories.yaml b/hugo-extended.advisories.yaml index 94fb5a160..1c969c7cb 100644 --- a/hugo-extended.advisories.yaml +++ b/hugo-extended.advisories.yaml @@ -64,6 +64,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/hugo scanner: grype + - timestamp: 2024-12-21T18:18:04Z + type: fixed + data: + fixed-version: 0.140.0-r1 - id: CGA-4r74-w9mc-9hvw aliases: diff --git a/kubeadm-controlplane-controller.advisories.yaml b/kubeadm-controlplane-controller.advisories.yaml index db33edff0..5613144df 100644 --- a/kubeadm-controlplane-controller.advisories.yaml +++ b/kubeadm-controlplane-controller.advisories.yaml @@ -61,6 +61,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/kubeadm-controlplane-controller scanner: grype + - timestamp: 2024-12-21T18:04:32Z + type: fixed + data: + fixed-version: 1.9.2-r1 - id: CGA-7m4f-cm35-r6vq aliases: diff --git a/neuvector-scanner.advisories.yaml b/neuvector-scanner.advisories.yaml index 2960819ac..b40478de2 100644 --- a/neuvector-scanner.advisories.yaml +++ b/neuvector-scanner.advisories.yaml @@ -219,6 +219,18 @@ advisories: type: fixed data: fixed-version: 0_git20240528-r10 + - timestamp: 2024-12-22T10:31:29Z + type: detection + data: + type: scan/v1 + data: + subpackageName: neuvector-scanner + componentID: bf92469ac1521c7c + componentName: golang.org/x/net + componentVersion: v0.23.0 + componentType: go-module + componentLocation: /usr/local/bin/scanner + scanner: grype - id: CGA-p8xg-r44c-55h5 aliases: diff --git a/opa-envoy.advisories.yaml b/opa-envoy.advisories.yaml index 627dec86a..9f6223145 100644 --- a/opa-envoy.advisories.yaml +++ b/opa-envoy.advisories.yaml @@ -25,3 +25,15 @@ advisories: type: fixed data: fixed-version: 0.70.0_rc1-r1 + - timestamp: 2024-12-22T08:25:42Z + type: detection + data: + type: scan/v1 + data: + subpackageName: opa-envoy + componentID: 34345bdb2373cd87 + componentName: golang.org/x/net + componentVersion: v0.30.0 + componentType: go-module + componentLocation: /usr/bin/opa + scanner: grype diff --git a/prometheus-alertmanager.advisories.yaml b/prometheus-alertmanager.advisories.yaml index c00585475..7933b9253 100644 --- a/prometheus-alertmanager.advisories.yaml +++ b/prometheus-alertmanager.advisories.yaml @@ -166,6 +166,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/alertmanager scanner: grype + - timestamp: 2024-12-22T13:42:10Z + type: fixed + data: + fixed-version: 0.27.0-r13 - id: CGA-hmfg-p87v-vwv4 aliases: diff --git a/secrets-store-csi-driver-provider-gcp.advisories.yaml b/secrets-store-csi-driver-provider-gcp.advisories.yaml index 52d1766a5..c30c29c12 100644 --- a/secrets-store-csi-driver-provider-gcp.advisories.yaml +++ b/secrets-store-csi-driver-provider-gcp.advisories.yaml @@ -200,6 +200,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/secrets-store-csi-driver-provider-gcp scanner: grype + - timestamp: 2024-12-21T18:06:59Z + type: fixed + data: + fixed-version: 1.7.0-r1 - id: CGA-q53p-fgj2-3j2m aliases: diff --git a/slsa-verifier.advisories.yaml b/slsa-verifier.advisories.yaml index 89c231347..21fc792b1 100644 --- a/slsa-verifier.advisories.yaml +++ b/slsa-verifier.advisories.yaml @@ -426,6 +426,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/slsa-verifier scanner: grype + - timestamp: 2024-12-21T17:42:47Z + type: fixed + data: + fixed-version: 2.6.0-r7 - id: CGA-h3m2-ppgf-58hc aliases: diff --git a/smarter-device-manager.advisories.yaml b/smarter-device-manager.advisories.yaml index be355414e..0c6454b30 100644 --- a/smarter-device-manager.advisories.yaml +++ b/smarter-device-manager.advisories.yaml @@ -231,6 +231,28 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CGA-wvj2-3chg-gqv6 + aliases: + - CVE-2024-45338 + - GHSA-w32m-9786-jp63 + events: + - timestamp: 2024-12-22T09:10:41Z + type: detection + data: + type: scan/v1 + data: + subpackageName: smarter-device-manager + componentID: 40143f9b2943e893 + componentName: golang.org/x/net + componentVersion: v0.29.0 + componentType: go-module + componentLocation: /usr/bin/smarter-device-management + scanner: grype + - timestamp: 2024-12-22T13:17:39Z + type: fixed + data: + fixed-version: 1.20.11-r11 + - id: CGA-x944-qr2v-f5rw aliases: - CVE-2024-34156 diff --git a/sriov-network-device-plugin.advisories.yaml b/sriov-network-device-plugin.advisories.yaml index 881904d14..f6e1722b4 100644 --- a/sriov-network-device-plugin.advisories.yaml +++ b/sriov-network-device-plugin.advisories.yaml @@ -21,3 +21,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/sriovdp scanner: grype + - timestamp: 2024-12-21T18:02:00Z + type: fixed + data: + fixed-version: 3.8.0-r1 diff --git a/temporal.advisories.yaml b/temporal.advisories.yaml index 1c0e2a314..472740a58 100644 --- a/temporal.advisories.yaml +++ b/temporal.advisories.yaml @@ -172,6 +172,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/temporal scanner: grype + - timestamp: 2024-12-21T18:08:23Z + type: fixed + data: + fixed-version: 1.1.2-r2 - id: CGA-87q2-mwvf-7f59 aliases: diff --git a/terraform-docs.advisories.yaml b/terraform-docs.advisories.yaml index d0d69e659..2ade99626 100644 --- a/terraform-docs.advisories.yaml +++ b/terraform-docs.advisories.yaml @@ -74,6 +74,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/terraform-docs scanner: grype + - timestamp: 2024-12-21T17:39:19Z + type: fixed + data: + fixed-version: 0.19.0-r2 - id: CGA-82g5-h23x-33p6 aliases: diff --git a/terraform-provider-aws.advisories.yaml b/terraform-provider-aws.advisories.yaml index 8ec3e44bc..8b3099f49 100644 --- a/terraform-provider-aws.advisories.yaml +++ b/terraform-provider-aws.advisories.yaml @@ -21,6 +21,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/terraform-provider-aws scanner: grype + - timestamp: 2024-12-22T13:16:37Z + type: fixed + data: + fixed-version: 5.82.2-r0 - id: CGA-43ch-mwp2-gv8j aliases: diff --git a/vitess-20.0.advisories.yaml b/vitess-20.0.advisories.yaml index 43317d30f..164486b24 100644 --- a/vitess-20.0.advisories.yaml +++ b/vitess-20.0.advisories.yaml @@ -108,6 +108,10 @@ advisories: componentType: npm componentLocation: /vt/web/vtadmin/node_modules/nanoid/package.json scanner: grype + - timestamp: 2024-12-22T13:13:36Z + type: fixed + data: + fixed-version: 20.0.4-r3 - id: CGA-qw57-j898-5h79 aliases: @@ -166,6 +170,10 @@ advisories: type: pending-upstream-fix data: note: It's not possible to bump 3 minor versions on this package, other dependencies still depend on this. + - timestamp: 2024-12-22T13:13:37Z + type: fixed + data: + fixed-version: 20.0.4-r3 - id: CGA-wpr6-q8w2-pw5m aliases: