Previous incidents

We are investigating multiple duplicate SBOM detections for the glibc package in unrelated binaries which lead to false positive detections for recent glibc CVEs such as CVE-2025-15281

We identified a typographical issue in our feeds that caused scanners to report false positives for CVE-2025-59466 in images containing NodeJS 22.

An incorrectly formatted “fixed” version was published, leading scanners to conclude that the CVE had not been addressed in the latest release, 22.22.0-r0.

The issue has now been corrected in our feeds. Downstream scanners will need to ingest the updated data and refresh their databases. Since most scanners rebuild their databases daily, we expec...