Skip to content

chore: regenerate fixture results for Trivy DB update #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andrzej-janczak merged 1 commit into from
Jun 1, 2026
Merged

chore: regenerate fixture results for Trivy DB update #299

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/multiple-tests/all-patterns/results.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<error
source="vulnerability_medium"
line="1"
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2025-68161: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...) (update to 2.25.3)"
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2025-68161: Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification) (update to 2.25.3)"
severity="warning"
/>
<error
Expand Down Expand Up @@ -54,7 +54,7 @@
<error
source="vulnerability_medium"
line="4"
message="Insecure dependency maven/org.apache.cxf/cxf-rt-transports-http@4.0.0 (CVE-2024-41172: Apache CXF allows unrestricted memory consumption in CXF HTTP clients) (update to 4.0.5)"
message="Insecure dependency maven/org.apache.cxf/cxf-rt-transports-http@4.0.0 (CVE-2024-41172: apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients) (update to 4.0.5)"
severity="warning"
/>
</file>
Expand Down
4 changes: 2 additions & 2 deletions docs/multiple-tests/pattern-vulnerability-critical/results.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<error
source="vulnerability_critical"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2024-24790: The various Is methods (IsPrivate, IsLoopback, etc) did not work as ex ...) (update to 1.21.11)"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2024-24790: golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses) (update to 1.21.11)"
severity="error"
/>
<error
Expand Down Expand Up @@ -40,7 +40,7 @@
<error
source="vulnerability_critical"
line="19"
message="Insecure dependency pypi/pymysql@1.1.0 (CVE-2024-36039: PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) (update to 1.1.1)"
message="Insecure dependency pypi/pymysql@1.1.0 (CVE-2024-36039: python-pymysql: SQL injection if used with untrusted JSON input) (update to 1.1.1)"
severity="error"
/>
</file>
Expand Down
122 changes: 37 additions & 85 deletions docs/multiple-tests/pattern-vulnerability-high/results.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,79 +12,13 @@
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-22871: The net/http package improperly accepts a bare LF as a line terminator ...) (update to 1.23.8)"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS) (update to 1.21.9)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47906: If the PATH environment variable contains paths which are executables ...) (update to 1.23.12)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47907: Cancelling a query (e.g. by cancelling the context passed to one of th ...) (update to 1.23.12)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47912: The Parse function permits values other than IPv6 addresses to be incl ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58183: tar.Reader does not set a maximum size on the number of sparse region ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58185: Parsing a maliciously crafted DER payload could allocate large amounts ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58186: Despite HTTP headers having a default limit of 1MB, the number of cook ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58187: Due to the design of the name constraint checking algorithm, the proce ...) (update to 1.24.9)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58188: Validating certificate chains which contain DSA public keys can cause ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58189: When Conn.Handshake fails during ALPN negotiation the error contains a ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61723: The processing time for parsing some invalid inputs scales non-linearl ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61724: The Reader.ReadResponse function constructs a response string through ...) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61725: The ParseAddress function constructs domain-literal address components ...) (update to 1.24.8)"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2024-34156: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion) (update to 1.22.7)"
severity="high"
/>
<error
Expand All @@ -96,13 +30,7 @@
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61727: An excluded subdomain constraint in a certificate chain does not restr ...) (update to 1.24.11)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61729: Within HostnameError.Error(), when constructing an error string, there ...) (update to 1.24.11)"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61729: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate) (update to 1.24.11)"
severity="high"
/>
<error
Expand Down Expand Up @@ -132,7 +60,7 @@
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-33811: When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...) (update to 1.25.10)"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-33811: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME) (update to 1.25.10)"
severity="high"
/>
<error
Expand Down Expand Up @@ -186,13 +114,13 @@
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-12055: Ollama Allows Out-of-Bounds Read) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-12055: ollama: DoS using malicious gguf model file in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-12886: Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-12886: ollama: Out-Of-Memory (OOM) Vulnerability in ollama/ollama) (no fix available)"
severity="high"
/>
<error
Expand All @@ -204,31 +132,31 @@
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-8063: Ollama Divide by Zero Vulnerability) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-8063: ollama: Divide by Zero in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0312: Ollama Denial of Service (DoS) via Null Pointer Dereference) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0312: ollama: NULL Pointer Dereference in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0315: Ollama Allocation of Resources Without Limits or Throttling vulnerability) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0315: ollama: Allocation of Resources Without Limits or Throttling in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0317: Ollama Divide By Zero vulnerability) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0317: ollama: Divide By Zero in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-1975: Ollama Server Vulnerable to Denial of Service (DoS) Attack) (no fix available)"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-1975: ollama: Improper Validation of Array Index in ollama/ollama) (no fix available)"
severity="high"
/>
<error
Expand All @@ -248,7 +176,7 @@
<error
source="vulnerability_high"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-27152: axios is a promise based HTTP client for the browser and node.js. The ...) (update to 0.30.0)"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-27152: axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests) (update to 0.30.0)"
severity="high"
/>
<error
Expand All @@ -275,6 +203,18 @@
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-42043: axios: Axios: NO_PROXY bypass via crafted URL) (update to 0.31.1)"
severity="high"
/>
<error
source="vulnerability_high"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-44492: axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)) (update to 0.32.0)"
severity="high"
/>
<error
source="vulnerability_high"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-44495: axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge) (update to 0.31.1)"
severity="high"
/>
</file>
<file name="javascript/yarn.lock">
<error
Expand All @@ -286,7 +226,7 @@
<error
source="vulnerability_high"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-27152: axios is a promise based HTTP client for the browser and node.js. The ...) (update to 0.30.0)"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-27152: axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests) (update to 0.30.0)"
severity="high"
/>
<error
Expand All @@ -313,6 +253,18 @@
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-42043: axios: Axios: NO_PROXY bypass via crafted URL) (update to 0.31.1)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-44492: axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)) (update to 0.32.0)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-44495: axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge) (update to 0.31.1)"
severity="high"
/>
</file>
<file name="python/requirements.txt">
<error
Expand Down
Loading