-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathgrype-new.json
More file actions
1 lines (1 loc) · 30.3 KB
/
grype-new.json
File metadata and controls
1 lines (1 loc) · 30.3 KB
1
{"matches":[{"vulnerability":{"id":"CVE-2025-12781","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-12781","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/python/cpython/commit/13360efd385d1a7d0659beba03787ea3d063ef9b","https://github.com/python/cpython/commit/1be80bec7960f5ccd059e75f3dfbd45fca302947","https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5","https://github.com/python/cpython/commit/e95e783dff443b68e8179fdb57737025bf02ba76","https://github.com/python/cpython/commit/fd17ee026fa9b67f6288cbafe374a3e479fe03a5","https://github.com/python/cpython/issues/125346","https://github.com/python/cpython/pull/141128","https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/"],"description":"When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\n\n\n\n\nThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\n\n\n\n\nThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.","cvss":[{"source":"nvd@nist.gov","type":"Primary","version":"3.1","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","metrics":{"baseScore":5.3,"exploitabilityScore":3.9,"impactScore":1.5},"vendorMetadata":{}},{"source":"cna@python.org","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":6.3},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-12781","epss":0.00018,"percentile":0.04067,"date":"2026-03-09"}],"fix":{"versions":[],"state":"unknown"},"advisories":[]},"relatedVulnerabilities":[],"matchDetails":[{"type":"cpe-match","matcher":"apk-matcher","searchedBy":{"namespace":"nvd:cpe","cpes":["cpe:2.3:a:python:python:3.12.12:*:*:*:*:*:*:*"],"package":{"name":"python-3.12","version":"3.12.12-r7"}},"found":{"vulnerabilityID":"CVE-2025-12781","versionConstraint":"< 3.15.0 (unknown)","cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"]}}],"artifact":{"id":"aba2ee1b4c47970f","name":"python-3.12","version":"3.12.12-r7","type":"apk","locations":[{"path":"/usr/lib/apk/db/installed","layerID":"sha256:21e39a5f26b56216c570ae54c50584f7916fad8b5cf0c6191355f157a0f44451","accessPath":"/usr/lib/apk/db/installed","annotations":{"evidence":"primary"}}],"language":"","licenses":["PSF-2.0"],"cpes":["cpe:2.3:a:python-software-foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python:3.12.12-r7:*:*:*:*:*:*:*"],"purl":"pkg:apk/chainguard/python-3.12@3.12.12-r7?arch=x86_64&distro=chainguard-20230214","upstreams":[{"name":"python-3.12"}],"metadataType":"ApkMetadata","metadata":{"files":[{"path":"/usr"},{"path":"/usr/bin"},{"path":"/usr/bin/pydoc3"},{"path":"/usr/bin/python"},{"path":"/usr/bin/python3"},{"path":"/usr/lib"},{"path":"/usr/lib/python3.12"},{"path":"/var"},{"path":"/var/lib"},{"path":"/var/lib/db"},{"path":"/var/lib/db/sbom"},{"path":"/var/lib/db/sbom/python-3.12-3.12.12-r7.spdx.json"}]}}},{"vulnerability":{"id":"CVE-2025-15366","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-15366","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b45","https://github.com/python/cpython/issues/143921","https://github.com/python/cpython/pull/143922","https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/"],"description":"The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.","cvss":[{"source":"cna@python.org","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-15366","epss":0.00093,"percentile":0.25932,"date":"2026-03-09"}],"fix":{"versions":[],"state":"unknown"},"advisories":[]},"relatedVulnerabilities":[],"matchDetails":[{"type":"cpe-match","matcher":"apk-matcher","searchedBy":{"namespace":"nvd:cpe","cpes":["cpe:2.3:a:python:python:3.12.12:*:*:*:*:*:*:*"],"package":{"name":"python-3.12","version":"3.12.12-r7"}},"found":{"vulnerabilityID":"CVE-2025-15366","versionConstraint":"< 3.15.0a6 (unknown)","cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"]}}],"artifact":{"id":"aba2ee1b4c47970f","name":"python-3.12","version":"3.12.12-r7","type":"apk","locations":[{"path":"/usr/lib/apk/db/installed","layerID":"sha256:21e39a5f26b56216c570ae54c50584f7916fad8b5cf0c6191355f157a0f44451","accessPath":"/usr/lib/apk/db/installed","annotations":{"evidence":"primary"}}],"language":"","licenses":["PSF-2.0"],"cpes":["cpe:2.3:a:python-software-foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python:3.12.12-r7:*:*:*:*:*:*:*"],"purl":"pkg:apk/chainguard/python-3.12@3.12.12-r7?arch=x86_64&distro=chainguard-20230214","upstreams":[{"name":"python-3.12"}],"metadataType":"ApkMetadata","metadata":{"files":[{"path":"/usr"},{"path":"/usr/bin"},{"path":"/usr/bin/pydoc3"},{"path":"/usr/bin/python"},{"path":"/usr/bin/python3"},{"path":"/usr/lib"},{"path":"/usr/lib/python3.12"},{"path":"/var"},{"path":"/var/lib"},{"path":"/var/lib/db"},{"path":"/var/lib/db/sbom"},{"path":"/var/lib/db/sbom/python-3.12-3.12.12-r7.spdx.json"}]}}},{"vulnerability":{"id":"CVE-2025-15367","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2025-15367","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7","https://github.com/python/cpython/issues/143923","https://github.com/python/cpython/pull/143924","https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/"],"description":"The poplib module, when passed a user-controlled command, can have\nadditional commands injected using newlines. Mitigation rejects commands\ncontaining control characters.","cvss":[{"source":"cna@python.org","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":5.9},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2025-15367","epss":0.00093,"percentile":0.25932,"date":"2026-03-09"}],"fix":{"versions":[],"state":"unknown"},"advisories":[]},"relatedVulnerabilities":[],"matchDetails":[{"type":"cpe-match","matcher":"apk-matcher","searchedBy":{"namespace":"nvd:cpe","cpes":["cpe:2.3:a:python:python:3.12.12:*:*:*:*:*:*:*"],"package":{"name":"python-3.12","version":"3.12.12-r7"}},"found":{"vulnerabilityID":"CVE-2025-15367","versionConstraint":"< 3.15.0a6 (unknown)","cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"]}}],"artifact":{"id":"aba2ee1b4c47970f","name":"python-3.12","version":"3.12.12-r7","type":"apk","locations":[{"path":"/usr/lib/apk/db/installed","layerID":"sha256:21e39a5f26b56216c570ae54c50584f7916fad8b5cf0c6191355f157a0f44451","accessPath":"/usr/lib/apk/db/installed","annotations":{"evidence":"primary"}}],"language":"","licenses":["PSF-2.0"],"cpes":["cpe:2.3:a:python-software-foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python:3.12.12-r7:*:*:*:*:*:*:*"],"purl":"pkg:apk/chainguard/python-3.12@3.12.12-r7?arch=x86_64&distro=chainguard-20230214","upstreams":[{"name":"python-3.12"}],"metadataType":"ApkMetadata","metadata":{"files":[{"path":"/usr"},{"path":"/usr/bin"},{"path":"/usr/bin/pydoc3"},{"path":"/usr/bin/python"},{"path":"/usr/bin/python3"},{"path":"/usr/lib"},{"path":"/usr/lib/python3.12"},{"path":"/var"},{"path":"/var/lib"},{"path":"/var/lib/db"},{"path":"/var/lib/db/sbom"},{"path":"/var/lib/db/sbom/python-3.12-3.12.12-r7.spdx.json"}]}}},{"vulnerability":{"id":"CVE-2026-2297","dataSource":"https://nvd.nist.gov/vuln/detail/CVE-2026-2297","namespace":"nvd:cpe","severity":"Medium","urls":["https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e","https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e","https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86","https://github.com/python/cpython/issues/145506","https://github.com/python/cpython/pull/145507","http://www.openwall.com/lists/oss-security/2026/03/05/6"],"description":"The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.","cvss":[{"source":"cna@python.org","type":"Secondary","version":"4.0","vector":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","metrics":{"baseScore":5.7},"vendorMetadata":{}}],"epss":[{"cve":"CVE-2026-2297","epss":0.00014,"percentile":0.02398,"date":"2026-03-09"}],"fix":{"versions":[],"state":"unknown"},"advisories":[]},"relatedVulnerabilities":[],"matchDetails":[{"type":"cpe-match","matcher":"apk-matcher","searchedBy":{"namespace":"nvd:cpe","cpes":["cpe:2.3:a:python:python:3.12.12:*:*:*:*:*:*:*"],"package":{"name":"python-3.12","version":"3.12.12-r7"}},"found":{"vulnerabilityID":"CVE-2026-2297","versionConstraint":"< 3.15.0 (unknown)","cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"]}}],"artifact":{"id":"aba2ee1b4c47970f","name":"python-3.12","version":"3.12.12-r7","type":"apk","locations":[{"path":"/usr/lib/apk/db/installed","layerID":"sha256:21e39a5f26b56216c570ae54c50584f7916fad8b5cf0c6191355f157a0f44451","accessPath":"/usr/lib/apk/db/installed","annotations":{"evidence":"primary"}}],"language":"","licenses":["PSF-2.0"],"cpes":["cpe:2.3:a:python-software-foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software-foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software_foundation:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_software:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python-3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python-3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python_3.12:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python_3.12:python:3.12.12-r7:*:*:*:*:*:*:*","cpe:2.3:a:python:python:3.12.12-r7:*:*:*:*:*:*:*"],"purl":"pkg:apk/chainguard/python-3.12@3.12.12-r7?arch=x86_64&distro=chainguard-20230214","upstreams":[{"name":"python-3.12"}],"metadataType":"ApkMetadata","metadata":{"files":[{"path":"/usr"},{"path":"/usr/bin"},{"path":"/usr/bin/pydoc3"},{"path":"/usr/bin/python"},{"path":"/usr/bin/python3"},{"path":"/usr/lib"},{"path":"/usr/lib/python3.12"},{"path":"/var"},{"path":"/var/lib"},{"path":"/var/lib/db"},{"path":"/var/lib/db/sbom"},{"path":"/var/lib/db/sbom/python-3.12-3.12.12-r7.spdx.json"}]}}}],"source":{"type":"image","target":{"userInput":"cgr.dev/cgr-demo.com/python:3.12.12","imageID":"sha256:ebac0b192ca653240b727e756a775976c69e8e1f0ffaaa128230521516b583a8","manifestDigest":"sha256:b27c213418c7404a505aa936d013456ead9efbb4e491c46ec5f839d185b94725","mediaType":"application/vnd.docker.distribution.manifest.v2+json","tags":["cgr.dev/cgr-demo.com/python:3.12.12"],"imageSize":62376727,"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:afe207348069547b57836fd0bb7c10e81b7bbeb61129242244f931d2943c4027","size":35481088},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:a80c931912f720d92ecc3b4d4bb757b5604caddb3a69914463a7f41e257ccbf5","size":7179533},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:4e545b58f49f8aa9be9bc077d4c09e7ea1cf8801a5944c2e511b37846fac2be9","size":6936488},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:285b45cb1e823344ff86786fa4c11faf3e4cbe8b5897bd141bf0b8b0fe6fdb21","size":3476825},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:19f21f8d692721b4e20ae574a4a8dd792a088481e8672e2c569f577d3b153fda","size":1808226},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:c16afc2f3c19a4d0e63dd713ab9416677a1fc5a95cbb705f74b7356123a1e6b4","size":1637398},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:e5774f41f4fda3780603505e4a88c715cef96f4910427c8e213e12e2cfe119c7","size":1649263},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:54e29b179d3ef50b56c7733174e705171fc44a5738f42316d39d94a7ca6fb774","size":1067458},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:d2ebc8d523d282e40a080f383ac66eac345dd549e752e5f5a52c4ca47670909d","size":934683},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:da673f40ad2dadbc4ec6165d65bd52955a478559dfb7ae89b2f08789810c0bda","size":2074267},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:21e39a5f26b56216c570ae54c50584f7916fad8b5cf0c6191355f157a0f44451","size":131498}],"manifest":"eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoyOTQ5LCJkaWdlc3QiOiJzaGEyNTY6ZWJhYzBiMTkyY2E2NTMyNDBiNzI3ZTc1NmE3NzU5NzZjNjllOGUxZjBmZmFhYTEyODIzMDUyMTUxNmI1ODNhOCJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNjU1NDc1MiwiZGlnZXN0Ijoic2hhMjU2OmFmZTIwNzM0ODA2OTU0N2I1NzgzNmZkMGJiN2MxMGU4MWI3YmJlYjYxMTI5MjQyMjQ0ZjkzMWQyOTQzYzQwMjcifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo3MTkwNTI4LCJkaWdlc3QiOiJzaGEyNTY6YTgwYzkzMTkxMmY3MjBkOTJlY2MzYjRkNGJiNzU3YjU2MDRjYWRkYjNhNjk5MTQ0NjNhN2Y0MWUyNTdjY2JmNSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjY5Nzk1ODQsImRpZ2VzdCI6InNoYTI1Njo0ZTU0NWI1OGY0OWY4YWE5YmU5YmMwNzdkNGMwOWU3ZWExY2Y4ODAxYTU5NDRjMmU1MTFiMzc4NDZmYWMyYmU5In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzQ4NzIzMiwiZGlnZXN0Ijoic2hhMjU2OjI4NWI0NWNiMWU4MjMzNDRmZjg2Nzg2ZmE0YzExZmFmM2U0Y2JlOGI1ODk3YmQxNDFiZjBiOGIwZmU2ZmRiMjEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxODE2MDY0LCJkaWdlc3QiOiJzaGEyNTY6MTlmMjFmOGQ2OTI3MjFiNGUyMGFlNTc0YTRhOGRkNzkyYTA4ODQ4MWU4NjcyZTJjNTY5ZjU3N2QzYjE1M2ZkYSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjE4OTQ0MDAsImRpZ2VzdCI6InNoYTI1NjpjMTZhZmMyZjNjMTlhNGQwZTYzZGQ3MTNhYjk0MTY2NzdhMWZjNWE5NWNiYjcwNWY3NGI3MzU2MTIzYTFlNmI0In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTY1ODM2OCwiZGlnZXN0Ijoic2hhMjU2OmU1Nzc0ZjQxZjRmZGEzNzgwNjAzNTA1ZTRhODhjNzE1Y2VmOTZmNDkxMDQyN2M4ZTIxM2UxMmUyY2ZlMTE5YzcifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMTM3NjY0LCJkaWdlc3QiOiJzaGEyNTY6NTRlMjliMTc5ZDNlZjUwYjU2Yzc3MzMxNzRlNzA1MTcxZmM0NGE1NzM4ZjQyMzE2ZDM5ZDk0YTdjYTZmYjc3NCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjk0NzIwMCwiZGlnZXN0Ijoic2hhMjU2OmQyZWJjOGQ1MjNkMjgyZTQwYTA4MGYzODNhYzY2ZWFjMzQ1ZGQ1NDllNzUyZTVmNWE1MmM0Y2E0NzY3MDkwOWQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMTcwMzY4LCJkaWdlc3QiOiJzaGEyNTY6ZGE2NzNmNDBhZDJkYWRiYzRlYzYxNjVkNjViZDUyOTU1YTQ3ODU1OWRmYjdhZTg5YjJmMDg3ODk4MTBjMGJkYSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1OTA3MiwiZGlnZXN0Ijoic2hhMjU2OjIxZTM5YTVmMjZiNTYyMTZjNTcwYWU1NGM1MDU4NGY3OTE2ZmFkOGI1Y2YwYzYxOTEzNTVmMTU3YTBmNDQ0NTEifV19","config":"eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImF1dGhvciI6ImdpdGh1Yi5jb20vY2hhaW5ndWFyZC1kZXYvYXBrbyIsImNyZWF0ZWQiOiIyMDI2LTAzLTA2VDAyOjExOjM0WiIsImhpc3RvcnkiOlt7ImF1dGhvciI6ImFwa28iLCJjcmVhdGVkIjoiMjAyNi0wMy0wNlQwMjoxMTozNFoiLCJjcmVhdGVkX2J5IjoiYXBrbyIsImNvbW1lbnQiOiJweXRob24gYnkgQ2hhaW5ndWFyZCJ9LHsiYXV0aG9yIjoiYXBrbyIsImNyZWF0ZWQiOiIyMDI2LTAzLTA2VDAyOjExOjM0WiIsImNyZWF0ZWRfYnkiOiJhcGtvIiwiY29tbWVudCI6InB5dGhvbiBieSBDaGFpbmd1YXJkIn0seyJhdXRob3IiOiJhcGtvIiwiY3JlYXRlZCI6IjIwMjYtMDMtMDZUMDI6MTE6MzRaIiwiY3JlYXRlZF9ieSI6ImFwa28iLCJjb21tZW50IjoicHl0aG9uIGJ5IENoYWluZ3VhcmQifSx7ImF1dGhvciI6ImFwa28iLCJjcmVhdGVkIjoiMjAyNi0wMy0wNlQwMjoxMTozNFoiLCJjcmVhdGVkX2J5IjoiYXBrbyIsImNvbW1lbnQiOiJweXRob24gYnkgQ2hhaW5ndWFyZCJ9LHsiYXV0aG9yIjoiYXBrbyIsImNyZWF0ZWQiOiIyMDI2LTAzLTA2VDAyOjExOjM0WiIsImNyZWF0ZWRfYnkiOiJhcGtvIiwiY29tbWVudCI6InB5dGhvbiBieSBDaGFpbmd1YXJkIn0seyJhdXRob3IiOiJhcGtvIiwiY3JlYXRlZCI6IjIwMjYtMDMtMDZUMDI6MTE6MzRaIiwiY3JlYXRlZF9ieSI6ImFwa28iLCJjb21tZW50IjoicHl0aG9uIGJ5IENoYWluZ3VhcmQifSx7ImF1dGhvciI6ImFwa28iLCJjcmVhdGVkIjoiMjAyNi0wMy0wNlQwMjoxMTozNFoiLCJjcmVhdGVkX2J5IjoiYXBrbyIsImNvbW1lbnQiOiJweXRob24gYnkgQ2hhaW5ndWFyZCJ9LHsiYXV0aG9yIjoiYXBrbyIsImNyZWF0ZWQiOiIyMDI2LTAzLTA2VDAyOjExOjM0WiIsImNyZWF0ZWRfYnkiOiJhcGtvIiwiY29tbWVudCI6InB5dGhvbiBieSBDaGFpbmd1YXJkIn0seyJhdXRob3IiOiJhcGtvIiwiY3JlYXRlZCI6IjIwMjYtMDMtMDZUMDI6MTE6MzRaIiwiY3JlYXRlZF9ieSI6ImFwa28iLCJjb21tZW50IjoicHl0aG9uIGJ5IENoYWluZ3VhcmQifSx7ImF1dGhvciI6ImFwa28iLCJjcmVhdGVkIjoiMjAyNi0wMy0wNlQwMjoxMTozNFoiLCJjcmVhdGVkX2J5IjoiYXBrbyIsImNvbW1lbnQiOiJweXRob24gYnkgQ2hhaW5ndWFyZCJ9LHsiYXV0aG9yIjoiYXBrbyIsImNyZWF0ZWQiOiIyMDI2LTAzLTA2VDAyOjExOjM0WiIsImNyZWF0ZWRfYnkiOiJhcGtvIiwiY29tbWVudCI6InB5dGhvbiBieSBDaGFpbmd1YXJkIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6YWZlMjA3MzQ4MDY5NTQ3YjU3ODM2ZmQwYmI3YzEwZTgxYjdiYmViNjExMjkyNDIyNDRmOTMxZDI5NDNjNDAyNyIsInNoYTI1NjphODBjOTMxOTEyZjcyMGQ5MmVjYzNiNGQ0YmI3NTdiNTYwNGNhZGRiM2E2OTkxNDQ2M2E3ZjQxZTI1N2NjYmY1Iiwic2hhMjU2OjRlNTQ1YjU4ZjQ5ZjhhYTliZTliYzA3N2Q0YzA5ZTdlYTFjZjg4MDFhNTk0NGMyZTUxMWIzNzg0NmZhYzJiZTkiLCJzaGEyNTY6Mjg1YjQ1Y2IxZTgyMzM0NGZmODY3ODZmYTRjMTFmYWYzZTRjYmU4YjU4OTdiZDE0MWJmMGI4YjBmZTZmZGIyMSIsInNoYTI1NjoxOWYyMWY4ZDY5MjcyMWI0ZTIwYWU1NzRhNGE4ZGQ3OTJhMDg4NDgxZTg2NzJlMmM1NjlmNTc3ZDNiMTUzZmRhIiwic2hhMjU2OmMxNmFmYzJmM2MxOWE0ZDBlNjNkZDcxM2FiOTQxNjY3N2ExZmM1YTk1Y2JiNzA1Zjc0YjczNTYxMjNhMWU2YjQiLCJzaGEyNTY6ZTU3NzRmNDFmNGZkYTM3ODA2MDM1MDVlNGE4OGM3MTVjZWY5NmY0OTEwNDI3YzhlMjEzZTEyZTJjZmUxMTljNyIsInNoYTI1Njo1NGUyOWIxNzlkM2VmNTBiNTZjNzczMzE3NGU3MDUxNzFmYzQ0YTU3MzhmNDIzMTZkMzlkOTRhN2NhNmZiNzc0Iiwic2hhMjU2OmQyZWJjOGQ1MjNkMjgyZTQwYTA4MGYzODNhYzY2ZWFjMzQ1ZGQ1NDllNzUyZTVmNWE1MmM0Y2E0NzY3MDkwOWQiLCJzaGEyNTY6ZGE2NzNmNDBhZDJkYWRiYzRlYzYxNjVkNjViZDUyOTU1YTQ3ODU1OWRmYjdhZTg5YjJmMDg3ODk4MTBjMGJkYSIsInNoYTI1NjoyMWUzOWE1ZjI2YjU2MjE2YzU3MGFlNTRjNTA1ODRmNzkxNmZhZDhiNWNmMGM2MTkxMzU1ZjE1N2EwZjQ0NDUxIl19LCJjb25maWciOnsiRW50cnlwb2ludCI6WyIvdXNyL2Jpbi9weXRob24iXSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3IvYmluOi91c3Ivc2Jpbjovc2JpbjovYmluIiwiU1NMX0NFUlRfRklMRT0vZXRjL3NzbC9jZXJ0cy9jYS1jZXJ0aWZpY2F0ZXMuY3J0Il0sIkxhYmVscyI6eyJkZXYuY2hhaW5ndWFyZC5pbWFnZS50aXRsZSI6InB5dGhvbiIsImRldi5jaGFpbmd1YXJkLnBhY2thZ2UubWFpbiI6InB5dGhvbi0zLjEyIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmF1dGhvcnMiOiJDaGFpbmd1YXJkIFRlYW0gaHR0cHM6Ly93d3cuY2hhaW5ndWFyZC5kZXYvIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmJhc2UuZGlnZXN0Ijoic2hhMjU2OmUxZWZiYzMxZTM1YjcxMWFlMWZhYzQ3MWE1YWYzNDFkN2FmYmYzN2U4ODllZmM0MWE1Y2FmZjUxM2QxZmRjMjYiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuY3JlYXRlZCI6IjIwMjYtMDMtMDZUMDI6MTE6MzRaIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9jaGFpbmd1YXJkLWltYWdlcy9pbWFnZXMtcHJpdmF0ZS90cmVlL21haW4vaW1hZ2VzL3B5dGhvbiIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS50aXRsZSI6InB5dGhvbiIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS51cmwiOiJodHRwczovL2ltYWdlcy5jaGFpbmd1YXJkLmRldi9kaXJlY3RvcnkvaW1hZ2UvcHl0aG9uL292ZXJ2aWV3Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlbmRvciI6IkNoYWluZ3VhcmQifSwiVXNlciI6IjY1NTMyIn19","repoDigests":["cgr.dev/cgr-demo.com/python@sha256:cc136371ef0348791e44b1803b1a50e3415d6aa08c37b575a829ab0481d7f944"],"architecture":"amd64","os":"linux","labels":{"dev.chainguard.image.title":"python","dev.chainguard.package.main":"python-3.12","org.opencontainers.image.authors":"Chainguard Team https://www.chainguard.dev/","org.opencontainers.image.base.digest":"sha256:e1efbc31e35b711ae1fac471a5af341d7afbf37e889efc41a5caff513d1fdc26","org.opencontainers.image.created":"2026-03-06T02:11:34Z","org.opencontainers.image.source":"https://github.com/chainguard-images/images-private/tree/main/images/python","org.opencontainers.image.title":"python","org.opencontainers.image.url":"https://images.chainguard.dev/directory/image/python/overview","org.opencontainers.image.vendor":"Chainguard"}}},"distro":{"name":"chainguard","version":"20230214","idLike":[]},"descriptor":{"name":"grype","version":"0.91.2","configuration":{"output":["json"],"file":"","pretty":false,"distro":"","add-cpes-if-none":false,"output-template-file":"","check-for-app-update":true,"only-fixed":false,"only-notfixed":false,"ignore-wontfix":"","platform":"","search":{"scope":"squashed","unindexed-archives":false,"indexed-archives":true},"ignore":[{"vulnerability":"","reason":"","namespace":"","fix-state":"","package":{"name":"kernel-headers","version":"","language":"","type":"rpm","location":"","upstream-name":"kernel"},"vex-status":"","vex-justification":"","match-type":"exact-indirect-match"},{"vulnerability":"","reason":"","namespace":"","fix-state":"","package":{"name":"linux(-.*)?-headers-.*","version":"","language":"","type":"deb","location":"","upstream-name":"linux.*"},"vex-status":"","vex-justification":"","match-type":"exact-indirect-match"},{"vulnerability":"","reason":"","namespace":"","fix-state":"","package":{"name":"linux-libc-dev","version":"","language":"","type":"deb","location":"","upstream-name":"linux"},"vex-status":"","vex-justification":"","match-type":"exact-indirect-match"}],"exclude":[],"externalSources":{"enable":false,"maven":{"searchUpstreamBySha1":true,"baseUrl":"https://search.maven.org/solrsearch/select","rateLimit":300000000}},"match":{"java":{"using-cpes":false},"jvm":{"using-cpes":true},"dotnet":{"using-cpes":false},"golang":{"using-cpes":false,"always-use-cpe-for-stdlib":true,"allow-main-module-pseudo-version-comparison":false},"javascript":{"using-cpes":false},"python":{"using-cpes":false},"ruby":{"using-cpes":false},"rust":{"using-cpes":false},"stock":{"using-cpes":true}},"fail-on-severity":"","registry":{"insecure-skip-tls-verify":false,"insecure-use-http":false,"auth":null,"ca-cert":""},"show-suppressed":false,"by-cve":false,"name":"","default-image-pull-source":"","vex-documents":[],"vex-add":[],"match-upstream-kernel-headers":false,"db":{"cache-dir":"/home/runner/.cache/grype/db","update-url":"https://grype.anchore.io/databases","ca-cert":"","auto-update":true,"validate-by-hash-on-start":true,"validate-age":true,"max-allowed-built-age":432000000000000,"require-update-check":false,"update-available-timeout":30000000000,"update-download-timeout":300000000000,"max-update-check-frequency":7200000000000},"exp":{},"dev":{"db":{"debug":false}}},"db":{"status":{"schemaVersion":"v6.1.4","from":"https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28","built":"2026-03-10T06:26:23Z","path":"/home/runner/.cache/grype/db/6/vulnerability.db","valid":true},"providers":{"alma":{"captured":"2026-03-10T00:28:42Z","input":"xxh64:914c7d889a9ad6e4"},"alpine":{"captured":"2026-03-10T00:29:23Z","input":"xxh64:25eafb15ac8f0457"},"amazon":{"captured":"2026-03-10T00:28:51Z","input":"xxh64:f1524ad7fca6ccc5"},"arch":{"captured":"2026-03-10T00:29:32Z","input":"xxh64:4eed2069a473253d"},"bitnami":{"captured":"2026-03-10T00:28:46Z","input":"xxh64:22340b5dbac27b45"},"chainguard":{"captured":"2026-03-10T00:30:34Z","input":"xxh64:fd3509f725533511"},"chainguard-libraries":{"captured":"2026-03-10T00:29:01Z","input":"xxh64:085997f0850e7672"},"debian":{"captured":"2026-03-10T00:28:59Z","input":"xxh64:90f9c10c3453be35"},"echo":{"captured":"2026-03-10T00:29:32Z","input":"xxh64:9e17e49e2ae0d768"},"eol":{"captured":"2026-03-10T00:28:41Z","input":"xxh64:6b1487e45bfe23c2"},"epss":{"captured":"2026-03-10T00:29:08Z","input":"xxh64:c400799398adc6a9"},"fedora":{"captured":"2026-03-10T00:28:37Z","input":"xxh64:64cf8da43d1c7dba"},"github":{"captured":"2026-03-10T00:28:48Z","input":"xxh64:e65095049bbbdc06"},"kev":{"captured":"2026-03-10T00:28:50Z","input":"xxh64:ab4d9286aeedd36c"},"mariner":{"captured":"2026-03-10T00:28:56Z","input":"xxh64:8bddd8a5fb75e7bf"},"minimos":{"captured":"2026-03-10T00:29:46Z","input":"xxh64:f3d667690d5145b4"},"nvd":{"captured":"2026-03-10T00:28:28Z","input":"xxh64:ea89de7a4cda0c74"},"oracle":{"captured":"2026-03-10T00:28:43Z","input":"xxh64:226d35a2f709e58f"},"photon":{"captured":"2026-03-10T00:28:54Z","input":"xxh64:8da4574a8cf30ab1"},"rhel":{"captured":"2026-03-10T00:28:54Z","input":"xxh64:1fd0425e2eb8271a"},"secureos":{"captured":"2026-03-10T00:28:49Z","input":"xxh64:6e743e35d2d2d3ad"},"sles":{"captured":"2026-03-10T00:28:10Z","input":"xxh64:d14c4d9c3ab004ea"},"ubuntu":{"captured":"2026-03-10T00:29:57Z","input":"xxh64:38b59255718311cd"},"wolfi":{"captured":"2026-03-10T00:28:45Z","input":"xxh64:b5f026d68146042e"}}},"timestamp":"2026-03-10T18:14:59.251999409Z"}}