Docker Community Forums

Share and learn in the Docker community.

False positives by DTR scanning in Debian images

DTR scanning is reporting multiple CVEs for BerkeleyDB in the base images of Debian and I found all of them are false positives.

Version: 5.3.28+dfsg1-0.5
License: sleepycat

I found that all these CVEs are related to Oracle BerkelyDB database, but these are reported for libdb which is installed.
None of the CVEs are related to libdb, these are false postiives.