-
Notifications
You must be signed in to change notification settings - Fork 85
Expand file tree
/
Copy path.grype.yaml
More file actions
94 lines (94 loc) · 4.61 KB
/
.grype.yaml
File metadata and controls
94 lines (94 loc) · 4.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
scan-type: source
ignore:
- vulnerability: GHSA-3ppc-4f35-3m26
reason: minimatch upgrade breaks some dev tools so adding this to ignore list
- vulnerability: CVE-2025-60876
reason: No fix available as of 1.37.0-r30
- vulnerability: GHSA-83g3-92jg-28cx
include-aliases: true
- vulnerability: GHSA-34x7-hfp2-rc4v
include-aliases: true
- vulnerability: GHSA-5j98-mcp5-4vw2
include-aliases: true
- vulnerability: GHSA-8qq5-rm4j-mr97
include-aliases: true
- vulnerability: GHSA-r6q2-hw4h-h46w
include-aliases: true
- vulnerability: CVE-2025-15467
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (critical severity)"
- vulnerability: CVE-2025-69420
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
- vulnerability: CVE-2025-59465
include-aliases: true
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
- vulnerability: CVE-2025-69421
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
- vulnerability: CVE-2025-69419
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
- vulnerability: CVE-2026-22796
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2025-66199
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2025-15468
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2026-21637
include-aliases: true
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
- vulnerability: CVE-2025-55131
include-aliases: true
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
- vulnerability: CVE-2025-59466
include-aliases: true
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
- vulnerability: CVE-2025-55130
include-aliases: true
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (critical severity)"
- vulnerability: CVE-2026-22795
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2025-68160
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2025-11187
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: GHSA-73rr-hh4g-fpgx
include-aliases: true
reason: >-
Base image npm package: diff - bundled in Node.js base image, not fixable via application dependencies as of
2026-02-23 (low severity)
- vulnerability: CVE-2025-55132
include-aliases: true
reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2026-27171
include-aliases: true
reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2025-15469
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: CVE-2025-69418
include-aliases: true
reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: GHSA-87r5-mp6g-5w5j
include-aliases: true
reason: "Unfixable npm transitive vulnerability: jsonpath (high severity) as of 2026-02-23"
- vulnerability: GHSA-378v-28hj-76wf
include-aliases: true
reason: "Unfixable npm transitive vulnerability: bn.js (moderate severity) as of 2026-02-23"
- vulnerability: GHSA-2g4f-4pwh-qvx6
include-aliases: true
reason: "Unfixable npm transitive vulnerability: ajv (moderate severity) as of 2026-02-23"
output:
- table
- json
search:
scope: squashed
quiet: false
check-for-app-update: false