Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Jan 30, 2025
1 parent f506a88 commit d3630bd
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
2 changes: 2 additions & 0 deletions reports/main/data.csv
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
"target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2025-0651","https://nvd.nist.gov/vuln/detail/CVE-2025-0651","warp","","3.3.31","3.4.7","3.4.7","haskell:warp","2025A0000000651","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","RUSTSEC-2025-0003","https://osv.dev/RUSTSEC-2025-0003","fast-float","","7.0.0","7.0.0","7.0.0","fast-float","2025A0000000003","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-pxg6-pf52-xh8x","https://osv.dev/GHSA-pxg6-pf52-xh8x","cookie","","0.4.6","0.5.0","0.5.0","haskell:cookie","2024A1728000000","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-lfs-2024-53263","https://osv.dev/BIT-git-lfs-2024-53263","git-lfs","","3.6.0","3.6.0","3.6.1","git-lfs","2024A0000053263","False","","err_not_vulnerable_based_on_repology",""
Expand Down Expand Up @@ -47,6 +48,7 @@ https://github.com/NixOS/nixpkgs/pull/363310"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-4030","https://nvd.nist.gov/vuln/detail/CVE-2024-4030","python","7.1","2.7.18.8","3.13.1","3.13.1","python","2024A0000004030","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-3219","https://nvd.nist.gov/vuln/detail/CVE-2024-3219","python","","2.7.18.8","3.13.1","3.13.1","python","2024A0000003219","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1391","https://osv.dev/OSV-2024-1391","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001391","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1251","https://osv.dev/OSV-2024-1251","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001251","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1209","https://osv.dev/OSV-2024-1209","libxml2","","2.13.5","2.13.5","2.13.5","libxml2","2024A0000001209","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1059","https://osv.dev/OSV-2024-1059","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001059","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1042","https://osv.dev/OSV-2024-1042","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001042","False","","err_not_vulnerable_based_on_repology",""
Expand Down
11 changes: 9 additions & 2 deletions reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0

# Vulnerability Report

This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/fc435a07c3f73b9068a169916490fac5c1ff8f2e. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target.
This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/2dd4898366923b63f2b38db7de23fa79ebd92b6b. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target.

This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file.

Expand Down Expand Up @@ -48,7 +48,12 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:

```No vulnerabilities```

| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|--------------------------------------------------------|-------------|------------|-----------------|----------------|------------|-----------|
| [RUSTSEC-2025-0003](https://osv.dev/RUSTSEC-2025-0003) | fast-float | | 7.0.0 | 7.0.0 | 7.0.0 | |
| [OSV-2024-1251](https://osv.dev/OSV-2024-1251) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | |



## All Vulnerabilities Impacting Ghaf
Expand Down Expand Up @@ -319,6 +324,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 20.3.4-source | 24.0 | 25.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928), [PR](https://github.com/NixOS/nixpkgs/pull/368263)]* |
| [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 3.3 | 9.2.0 | 9.2.0 | 9.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). |
| [CVE-2025-0651](https://nvd.nist.gov/vuln/detail/CVE-2025-0651) | warp | | 3.3.31 | 3.4.7 | 3.4.7 | |
| [RUSTSEC-2025-0003](https://osv.dev/RUSTSEC-2025-0003) | fast-float | | 7.0.0 | 7.0.0 | 7.0.0 | |
| [GHSA-pxg6-pf52-xh8x](https://osv.dev/GHSA-pxg6-pf52-xh8x) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | |
| [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.5 | 2.2.5 | 2.2.5 | |
| [BIT-git-lfs-2024-53263](https://osv.dev/BIT-git-lfs-2024-53263) | git-lfs | | 3.6.0 | 3.6.0 | 3.6.1 | |
Expand All @@ -332,6 +338,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2024-8088](https://nvd.nist.gov/vuln/detail/CVE-2024-8088) | python | | 2.7.18.8 | 3.13.1 | 3.13.1 | |
| [CVE-2024-3219](https://nvd.nist.gov/vuln/detail/CVE-2024-3219) | python | | 2.7.18.8 | 3.13.1 | 3.13.1 | |
| [OSV-2024-1391](https://osv.dev/OSV-2024-1391) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | |
| [OSV-2024-1251](https://osv.dev/OSV-2024-1251) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | |
| [OSV-2024-1209](https://osv.dev/OSV-2024-1209) | libxml2 | | 2.13.5 | 2.13.5 | 2.13.5 | |
| [OSV-2024-1059](https://osv.dev/OSV-2024-1059) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | |
| [OSV-2024-1042](https://osv.dev/OSV-2024-1042) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | |
Expand Down

0 comments on commit d3630bd

Please sign in to comment.