quoting-service/.grype.yaml at main · mojaloop/quoting-service · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
scan-type: source

ignore:
  - vulnerability: CVE-2025-9230
  - vulnerability: CVE-2025-9232
  - vulnerability: CVE-2025-9231
  - vulnerability: GHSA-9965-vmph-33xx
  - vulnerability: GHSA-vghf-hv5q-vc2g
  - vulnerability: GHSA-5j98-mcp5-4vw2
  - vulnerability: GHSA-r6q2-hw4h-h46w
  - vulnerability: GHSA-8qq5-rm4j-mr97
  - vulnerability: CVE-2025-60876
  - vulnerability: CVE-2026-22184
  - vulnerability: CVE-2025-64718
  - vulnerability: GHSA-34x7-hfp2-rc4v
  - vulnerability: GHSA-37qj-frw5-hhjh
  - vulnerability: GHSA-p5wg-g6qr-c7cg
  - vulnerability: GHSA-3966-f6p6-2qr9
  - vulnerability: CVE-2025-15467
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (critical severity)"
  - vulnerability: CVE-2025-69420
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2025-59465
    include-aliases: true
    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2025-69421
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2025-69419
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2026-22796
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: GHSA-3ppc-4f35-3m26
    include-aliases: true
    reason: >-
      Base image npm package: minimatch - bundled in Node.js base image, not fixable via application dependencies as of
      2026-02-23 (high severity)
  - vulnerability: CVE-2025-66199
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2025-15468
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2026-21637
    include-aliases: true
    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2025-55131
    include-aliases: true
    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2025-59466
    include-aliases: true
    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (high severity)"
  - vulnerability: CVE-2025-55130
    include-aliases: true
    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (critical severity)"
  - vulnerability: GHSA-83g3-92jg-28cx
    include-aliases: true
    reason: >-
      Base image npm package: tar - bundled in Node.js base image, not fixable via application dependencies as of
      2026-02-23 (high severity)
  - vulnerability: CVE-2026-22795
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2025-68160
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2025-11187
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: GHSA-73rr-hh4g-fpgx
    include-aliases: true
    reason: >-
      Base image npm package: diff - bundled in Node.js base image, not fixable via application dependencies as of
      2026-02-23 (low severity)
  - vulnerability: CVE-2025-55132
    include-aliases: true
    reason: "Node.js binary vulnerability: node - requires Node.js runtime update as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2026-27171
    include-aliases: true
    reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2025-15469
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: CVE-2025-69418
    include-aliases: true
    reason: "Alpine base image package (apk): libcrypto3 - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: GHSA-m7jm-9gc2-mpf2
    include-aliases: true
    reason: "Unfixable npm transitive vulnerability: fast-xml-parser (critical severity) as of 2026-02-23"
  - vulnerability: GHSA-jmr7-xgp7-cmfj
    include-aliases: true
    reason: "Unfixable npm transitive vulnerability: fast-xml-parser (high severity) as of 2026-02-23"
  - vulnerability: GHSA-2g4f-4pwh-qvx6
    include-aliases: true
    reason: "Unfixable npm transitive vulnerability: unknown (unknown severity) as of 2026-02-23"
output:
  - table
  - json
search:
  scope: squashed
quiet: false
check-for-app-update: false