Critical vulnerabilities with packages org.yaml/snakeyaml v1.33 and org.apache.sshd/sshd-common v2.8

Upon downloading the lts and latest docker images there are currently two critical vulnerabilities in both relating to the packages org.yaml/snakeyaml version 1.33 and org.apache.sshd/sshd-common version 2.8.0.

It looks as if this issue can be resolved by updating the packages to the following versions if possible:

org.yaml/snakeyaml β†’ version 2.0
org.apache.sshd/sshd-common β†’ version 2.9.2

The Docker Image Vulnerability Database can be referenced at the links below.


I also have an open GitHub issue here in the docker-sonarqube repo.

Hey there.

These will both be addressed in SonarQube 10.1 – as a matter of regularly updating dependencies, not because we’re aware of any exploitable security risk.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.