scout-cli icon indicating copy to clipboard operation
scout-cli copied to clipboard

Published 20 hours ago verified publisher icon docker

missing CVE data

Open mcandre opened this issue 3 weeks ago • 2 comments
trafficstars

Docker Scout treats images vulnerable to CVE-2025-11579 as having a clean bill of health with no CVE's.

Whereas Snyk Container identifies this, and other CVE's in the Snyk Vulnerability Database.

https://www.cve.org/CVERecord?id=CVE-2025-11579

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNWAPLESRARDECODEV2-13537508

Can we please sync more data between the Docker Scout and Snyk databases? As a developer, it's confusing to see mutually exclusive security reports. Very, very, very often, Docker Scout and Snyk report completely different sets of CVE's.

mcandre avatar Oct 29 '25 20:10 mcandre