cadvisor.advisories.yaml

schema-version: 2.0.2

package:
  name: cadvisor

advisories:
  - id: CVE-2022-41723
    aliases:
      - GHSA-vvpx-j8f3-3w6h
    events:
      - timestamp: 2023-05-03T19:00:16Z
        type: false-positive-determination
        data:
          type: vulnerable-code-version-not-used

  - id: CVE-2023-27561
    aliases:
      - GHSA-vpvm-3wq2-2wvm
    events:
      - timestamp: 2023-05-03T19:00:31Z
        type: false-positive-determination
        data:
          type: vulnerable-code-version-not-used

  - id: CVE-2023-45289
    aliases:
      - GHSA-32ch-6x54-q4h9
    events:
      - timestamp: 2024-03-12T07:06:55Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: eb3c7a076fdc2d6c
            componentName: stdlib
            componentVersion: go1.20.14
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-15T18:09:18Z
        type: fixed
        data:
          fixed-version: 0.49.1-r3

  - id: CVE-2023-45290
    aliases:
      - GHSA-rr6r-cfgf-gc6h
    events:
      - timestamp: 2024-03-12T07:06:57Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: eb3c7a076fdc2d6c
            componentName: stdlib
            componentVersion: go1.20.14
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-15T18:09:18Z
        type: fixed
        data:
          fixed-version: 0.49.1-r3

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2023-12-19T16:57:24Z
        type: fixed
        data:
          fixed-version: 0.48.1-r3

  - id: CVE-2024-21626
    aliases:
      - GHSA-xr7r-f8xq-vfvv
    events:
      - timestamp: 2024-02-02T07:04:15Z
        type: fixed
        data:
          fixed-version: 0.48.1-r4

  - id: CVE-2024-24557
    aliases:
      - GHSA-xw73-rw38-6vjc
    events:
      - timestamp: 2024-03-21T09:30:53Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: 5fd69375a57c4040
            componentName: github.com/docker/docker
            componentVersion: v20.10.27+incompatible
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-21T11:23:06Z
        type: fixed
        data:
          fixed-version: 0.49.1-r4

  - id: CVE-2024-24783
    aliases:
      - GHSA-3q2c-pvp5-3cqp
    events:
      - timestamp: 2024-03-12T07:06:58Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: eb3c7a076fdc2d6c
            componentName: stdlib
            componentVersion: go1.20.14
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-15T18:09:18Z
        type: fixed
        data:
          fixed-version: 0.49.1-r3

  - id: CVE-2024-24784
    aliases:
      - GHSA-fgq5-q76c-gx78
    events:
      - timestamp: 2024-03-12T07:06:59Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: eb3c7a076fdc2d6c
            componentName: stdlib
            componentVersion: go1.20.14
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-15T18:09:18Z
        type: fixed
        data:
          fixed-version: 0.49.1-r3

  - id: CVE-2024-24785
    aliases:
      - GHSA-j6m3-gc37-6r6q
    events:
      - timestamp: 2024-03-12T07:07:00Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: eb3c7a076fdc2d6c
            componentName: stdlib
            componentVersion: go1.20.14
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-15T18:09:18Z
        type: fixed
        data:
          fixed-version: 0.49.1-r3

  - id: CVE-2024-24786
    aliases:
      - GHSA-8r3f-844c-mc37
    events:
      - timestamp: 2024-03-15T18:09:17Z
        type: fixed
        data:
          fixed-version: 0.49.1-r3

  - id: CVE-2024-29018
    aliases:
      - GHSA-mq39-4gv4-mvpx
    events:
      - timestamp: 2024-03-21T09:30:51Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cadvisor
            componentID: 5fd69375a57c4040
            componentName: github.com/docker/docker
            componentVersion: v20.10.27+incompatible
            componentType: go-module
            componentLocation: /usr/bin/cadvisor
            scanner: grype
      - timestamp: 2024-03-21T11:23:06Z
        type: fixed
        data:
          fixed-version: 0.49.1-r4

  - id: GHSA-6xv5-86q9-7xr8
    events:
      - timestamp: 2023-09-09T15:18:01Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: This vulnerability is only present on Windows.