^.*$ CVE-2018-1000840 ^.*$ CVE-2015-2808 ^.*$ CVE-2013-2566 ^.*$ CVE-2015-9097 ^javax\.servlet\.jsp:javax\.servlet\.jsp-api:.*$ CVE-2011-5035 ^javax\.validation:validation-api:.*$ CVE-2013-4499 ^mysql:mysql-connector-java:.*$ .* Jetty is currently only used for developer experimentations ^org\.eclipse\.jetty:.*$ cpe:/a:org.eclipse.jetty: ^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$ CVE-2017-14867 ^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$ CVE-2015-7545 ^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$ CVE-2015-7082 ^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$ CVE-2010-2542 ^org\.mariadb\.jdbc:mariadb-java-client:.*$ cpe:/a:mariadb:mariadb ^org\.springframework\.ldap:spring-ldap-core:.*$ CVE-2014-6232 ^org\.apache\.tomcat:tomcat-annotations-api:.*$ CVE-2017-6056 ^org\.apache\.tomcat:tomcat-annotations-api:.*$ CVE-2016-6325 ^org\.apache\.tomcat:tomcat-annotations-api:.*$ CVE-2016-5425 ^org\.eclipse\.jetty\..*$ cpe:/a:mortbay_jetty:jetty ^org\.postgresql:postgresql:.*$ CVE-2017-8806 ^org\.postgresql:postgresql:.*$ CVE-2017-14798 Does not affect the postgres client ^org\.postgresql:postgresql:.*$ CVE-2018-1115 Does not affect the postgres client ^org\.postgresql:postgresql:.*$ CVE-2016-7048 This is for nodejs ^org\.mariadb\.jdbc:mariadb-java-client:.*$ CVE-2017-16046 ^stax.*$ CVE-2017-16224 ^javax\.xml\.stream:stax.*$ CVE-2017-16224 .*slf4j.* CVE-2018-8088 .*spring.* CVE-2018-1258 This is for an unrelated C library ^com\.sun\.xml\.bind\.external:relaxng-datatype:.* CVE-2018-18749