Quay reports false positive vulnerabilities

Question

Quay reports false positive vulnerabilities

tzaspel-telekom opened this issue a year ago · 1 comments

Not sure if the report in this repository is correct or not. Please tell my if I'm wrong here and tell me the correct repo/place.
I encounter some issues that the clair reports false positive vulnerabilities.

For example this report. All of them are fixed some since a while. (4 critical security issues)

Is someone is aware of this issue?

EDIT:
CVE-2023-37920: https://nvd.nist.gov/vuln/detail/CVE-2023-37920 (fixed since v2.3.3)
CVE-2020-36242: https://nvd.nist.gov/vuln/detail/CVE-2020-36242 (fixed since v2023.07.22)
CVE-2018-2006: https://nvd.nist.gov/vuln/detail/CVE-2018-2006 (fixed since v11.0.0.4)
CVE-2009-5042: GHSA-cg75-6938-wx58 (fixed since v0.6)

Answer 1 · 2024-02-14T01:37:28.000Z

We no longer use pyup.io data and have removed our pyupio package.