# Accepted CVEs for Sourcegraph 5.1.1

| CVE ID | Affected Images | CVE Severity | CVSS Base Score | [Sourcegraph Assessment](../../../engineering/dev/policies/vulnerability-management-policy.md#severity-levels) | CVSS Environmental Score | Details |
| ------ | --------------- | ------------ | --------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------ | ------- |
|        |                 |              |                 |                                                                                                                |                          |         |

**No known CVEs in Sourcegraph 5.1.1**

## Known False Positives

Some scanners incorrectly identify false positives in our images:

| Vulnerability ID                                                                                                                                                                                                                                                           | Affected Images                                                      | Note                                                                                     |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| [CVE-2023-27561](https://www.cve.org/CVERecord?id=CVE-2023-27561)                                                                                                                                                                                                          | sourcegraph/cadvisor                                                 | False positive - this is patched in `github.com/opencontainers/runc/libcontainer@v1.1.5` |
| [CVE-2022-0543](https://www.cve.org/CVERecord?id=CVE-2022-0543), [CVE-2022-3734](https://www.cve.org/CVERecord?id=CVE-2022-3734)                                                                                                                                           | sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/server | False positive - these vulnerabilities are specific to Windows and Debian releases       |
| [CVE-2022-31107](https://www.cve.org/CVERecord?id=CVE-2022-31107), [CVE-2022-31123](https://www.cve.org/CVERecord?id=CVE-2022-31123), [CVE-2022-31130](https://www.cve.org/CVERecord?id=CVE-2022-31130), [CVE-2022-39201](https://www.cve.org/CVERecord?id=CVE-2022-39201) | sourcegraph/grafana, sourcegraph/server                              | False positive - these vulnerabilities have been patched by Chainguard                   |


<section class="h0Wrapper headingWrapper"><section class="h1Wrapper headingWrapper"><h1 id="accepted-cves-for-sourcegraph-511"><a class="anchor" aria-hidden tabindex="-1" href="#accepted-cves-for-sourcegraph-511"><span class="icon icon-link"></span></a>Accepted CVEs for Sourcegraph 5.1.1</h1>























<div class="table-responsive"><table><thead><tr><th>CVE ID</th><th>Affected Images</th><th>CVE Severity</th><th>CVSS Base Score</th><th><a href="../../../../engineering/dev/policies/vulnerability-management-policy#severity-levels">Sourcegraph Assessment</a></th><th>CVSS Environmental Score</th><th>Details</th></tr></thead><tbody><tr><td></td><td></td><td></td><td></td><td></td><td></td><td></td></tr></tbody></table></div>
<p><strong>No known CVEs in Sourcegraph 5.1.1</strong></p>
<section class="h2Wrapper headingWrapper"><h2 id="known-false-positives"><a class="anchor" aria-hidden tabindex="-1" href="#known-false-positives"><span class="icon icon-link"></span></a>Known False Positives</h2>
<p>Some scanners incorrectly identify false positives in our images:</p>

























<div class="table-responsive"><table><thead><tr><th>Vulnerability ID</th><th>Affected Images</th><th>Note</th></tr></thead><tbody><tr><td><a href="https://www.cve.org/CVERecord?id=CVE-2023-27561">CVE-2023-27561</a></td><td>sourcegraph/cadvisor</td><td>False positive - this is patched in <code>github.com/opencontainers/runc/libcontainer@v1.1.5</code></td></tr><tr><td><a href="https://www.cve.org/CVERecord?id=CVE-2022-0543">CVE-2022-0543</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2022-3734">CVE-2022-3734</a></td><td>sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/server</td><td>False positive - these vulnerabilities are specific to Windows and Debian releases</td></tr><tr><td><a href="https://www.cve.org/CVERecord?id=CVE-2022-31107">CVE-2022-31107</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2022-31123">CVE-2022-31123</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2022-31130">CVE-2022-31130</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2022-39201">CVE-2022-39201</a></td><td>sourcegraph/grafana, sourcegraph/server</td><td>False positive - these vulnerabilities have been patched by Chainguard</td></tr></tbody></table></div></section></section></section>

Vulnerability ID	Affected Images	Note
CVE-2023-27561	sourcegraph/cadvisor	False positive - this is patched in `github.com/opencontainers/runc/libcontainer@v1.1.5`
CVE-2022-0543, CVE-2022-3734	sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/server	False positive - these vulnerabilities are specific to Windows and Debian releases
CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-39201	sourcegraph/grafana, sourcegraph/server	False positive - these vulnerabilities have been patched by Chainguard