calico.advisories.yaml

schema-version: 2.0.2

package:
  name: calico

advisories:
  - id: CVE-2019-11255
    aliases:
      - GHSA-f4w6-3rh6-6q4q
    events:
      - timestamp: 2023-08-11T21:07:34Z
        type: false-positive-determination
        data:
          type: component-vulnerability-mismatch
          note: Vulnerable code is part of external-csi-driver and not included in calico

  - id: CVE-2020-8552
    aliases:
      - GHSA-82hx-w2r5-c2wq
    events:
      - timestamp: 2023-09-19T16:40:39Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Go vulndb has marked this code NOT_IMPORTABLE.

  - id: CVE-2023-2727
    aliases:
      - GHSA-qc2g-gmh6-95p4
    events:
      - timestamp: 2023-07-06T19:08:57Z
        type: fixed
        data:
          fixed-version: 3.26.1-r5

  - id: CVE-2023-32731
    aliases:
      - GHSA-cfgp-2977-2fmm
    events:
      - timestamp: 2023-07-06T19:08:10Z
        type: fixed
        data:
          fixed-version: 3.26.1-r5

  - id: CVE-2023-3955
    aliases:
      - GHSA-q78c-gwqw-jcmc
    events:
      - timestamp: 2023-11-02T14:08:02Z
        type: fixed
        data:
          fixed-version: 3.26.3-r5

  - id: CVE-2023-44487
    aliases:
      - GHSA-m425-mq94-257g
      - GHSA-qppj-fm5r-hxr3
    events:
      - timestamp: 2023-10-30T10:57:46Z
        type: fixed
        data:
          fixed-version: 3.26.3-r4

  - id: CVE-2023-45142
    aliases:
      - GHSA-rcjv-mgp8-qvmr
    events:
      - timestamp: 2023-10-30T12:36:29Z
        type: fixed
        data:
          fixed-version: 3.26.3-r4

  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:23:51Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:23:53Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2023-12-19T10:31:08Z
        type: fixed
        data:
          fixed-version: 3.27.0-r0

  - id: CVE-2023-5528
    aliases:
      - GHSA-hq6q-c2x6-hmch
    events:
      - timestamp: 2023-11-22T09:29:22Z
        type: fixed
        data:
          fixed-version: 3.26.4-r1