Hi,

I’m finding the issues highlighted by DockerScout to be inaccurate in some scenarios.

For example, docker scout is saying that tomcat 8.5.90 has this issue:

But when you follow the link - you find that issue was fixed in tomcat 8.5.9.

I suspect that DockerScout has issues with reading version numbers that go into the double digits?

Or am I missing something here?

Paul

Your assumption could be right, unless somehow the same vulnerability came back. You could try to report the issue on hub-feedback