Accepted CVEs for Sourcegraph 5.1.1

CVE IDAffected ImagesCVE SeverityCVSS Base ScoreSourcegraph AssessmentCVSS Environmental ScoreDetails

No known CVEs in Sourcegraph 5.1.1

Known False Positives

Some scanners incorrectly identify false positives in our images:

Vulnerability IDAffected ImagesNote
CVE-2023-27561sourcegraph/cadvisorFalse positive - this is patched in
CVE-2022-0543, CVE-2022-3734sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/serverFalse positive - these vulnerabilities are specific to Windows and Debian releases
CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-39201sourcegraph/grafana, sourcegraph/serverFalse positive - these vulnerabilities have been patched by Chainguard