What happened:
grype was not able to find a known CVE about libpcap-1.10.4-r1
What you expected to happen:
grype should find known CVE against a vulnerable version (1.10.4-r1)
Steps to reproduce the issue:
Create a simple Dockerfile:
FROM alpine:3.19
RUN apk update && apk add libpcap
docker build -t test/libpcap .
grype test/libpcap
-> No vulnerabilities found
Anything else we need to know?:
Debug:
syft scan tests/libpcap -o cycloneDX-json | jq --indent 4 | grep libpcap:libpcap
Give us:
"cpe": "cpe:2.3:a:libpcap:libpcap:1.10.4-r1:*:*:*:*:*:*:*"
The CPE string is incorrect. The vendor should be ‘tcpdump’ not ‘libpcap’
grype "cpe:2.3:a:libpcap:libpcap:1.10.4-r1:*:*:*:*:*:*:*"
-> No vulnerabilities found
Meanwhile, if I execute:
grype "cpe:2.3:a:tcpdump:libpcap:1.10.4-r1:*:*:*:*:*:*:*"
NAME INSTALLED FIXED IN VULNERABILITY SEVERITY EPSS RISK
libpcap 1.10.4-r1 1.10.5 CVE-2024-8006 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.5 CVE-2023-7256 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11961 Low < 0.1% (4th) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11964 Low < 0.1% (4th) < 0.1
check that 'libpcap:libpcap' is a bug:
grype "cpe:2.3:a:*:libpcap:1.10.4-r1:*:*:*:*:*:*:*"
NAME INSTALLED FIXED IN VULNERABILITY SEVERITY EPSS RISK
libpcap 1.10.4-r1 1.10.5 CVE-2024-8006 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.5 CVE-2023-7256 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11961 Low < 0.1% (4th) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11964 Low < 0.1% (4th) < 0.1
Environment:
- Output of
syft version:
Application: syft
Version: 1.42.3
BuildDate: 2026-03-19T16:44:55Z
GitCommit: Homebrew
GitDescription: [not provided]
Platform: darwin/arm64
GoVersion: go1.26.1
Compiler: gc
SchemaVersion: 16.1.3
What happened:
grype was not able to find a known CVE about libpcap-1.10.4-r1
What you expected to happen:
grype should find known CVE against a vulnerable version (1.10.4-r1)
Steps to reproduce the issue:
Create a simple Dockerfile:
docker build -t test/libpcap .grype test/libpcap-> No vulnerabilities found
Anything else we need to know?:
Debug:
syft scan tests/libpcap -o cycloneDX-json | jq --indent 4 | grep libpcap:libpcapGive us:
"cpe": "cpe:2.3:a:libpcap:libpcap:1.10.4-r1:*:*:*:*:*:*:*"The CPE string is incorrect. The vendor should be ‘tcpdump’ not ‘libpcap’
grype "cpe:2.3:a:libpcap:libpcap:1.10.4-r1:*:*:*:*:*:*:*"-> No vulnerabilities found
Meanwhile, if I execute:
grype "cpe:2.3:a:tcpdump:libpcap:1.10.4-r1:*:*:*:*:*:*:*"NAME INSTALLED FIXED IN VULNERABILITY SEVERITY EPSS RISK
libpcap 1.10.4-r1 1.10.5 CVE-2024-8006 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.5 CVE-2023-7256 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11961 Low < 0.1% (4th) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11964 Low < 0.1% (4th) < 0.1
check that 'libpcap:libpcap' is a bug:
grype "cpe:2.3:a:*:libpcap:1.10.4-r1:*:*:*:*:*:*:*"NAME INSTALLED FIXED IN VULNERABILITY SEVERITY EPSS RISK
libpcap 1.10.4-r1 1.10.5 CVE-2024-8006 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.5 CVE-2023-7256 Medium < 0.1% (2nd) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11961 Low < 0.1% (4th) < 0.1
libpcap 1.10.4-r1 1.10.6 CVE-2025-11964 Low < 0.1% (4th) < 0.1
Environment:
syft version:Application: syft
Version: 1.42.3
BuildDate: 2026-03-19T16:44:55Z
GitCommit: Homebrew
GitDescription: [not provided]
Platform: darwin/arm64
GoVersion: go1.26.1
Compiler: gc
SchemaVersion: 16.1.3