# Accepted CVEs for Sourcegraph 5.2.0

| CVE ID | Affected Images | CVE Severity | CVSS Base Score | [Sourcegraph Assessment](../../../engineering/dev/policies/vulnerability-management-policy.md#severity-levels) | CVSS Environmental Score | Details |
| ------ | --------------- | ------------ | --------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------ | ------- |

**No known CVEs in Sourcegraph 5.2.0**

## Known False Positives

Some scanners incorrectly identify false positives in our images:

| Vulnerability ID                                                                                                                             | Affected Images      | Note                                                                                                                          |
| -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| [SNYK-GOLANG-GITHUBCOMCYPHARFILEPATHSECUREJOIN-5889602](https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCYPHARFILEPATHSECUREJOIN-5889602) | sourcegraph/cadvisor | This potential security issue only affects `filepath-securejoin` when used on Windows - all Sourcegraph deployments use Linux |


<section class="h0Wrapper headingWrapper"><section class="h1Wrapper headingWrapper"><h1 id="accepted-cves-for-sourcegraph-520"><a class="anchor" aria-hidden tabindex="-1" href="#accepted-cves-for-sourcegraph-520"><span class="icon icon-link"></span></a>Accepted CVEs for Sourcegraph 5.2.0</h1>












<div class="table-responsive"><table><thead><tr><th>CVE ID</th><th>Affected Images</th><th>CVE Severity</th><th>CVSS Base Score</th><th><a href="../../../../engineering/dev/policies/vulnerability-management-policy#severity-levels">Sourcegraph Assessment</a></th><th>CVSS Environmental Score</th><th>Details</th></tr></thead></table></div>
<p><strong>No known CVEs in Sourcegraph 5.2.0</strong></p>
<section class="h2Wrapper headingWrapper"><h2 id="known-false-positives"><a class="anchor" aria-hidden tabindex="-1" href="#known-false-positives"><span class="icon icon-link"></span></a>Known False Positives</h2>
<p>Some scanners incorrectly identify false positives in our images:</p>















<div class="table-responsive"><table><thead><tr><th>Vulnerability ID</th><th>Affected Images</th><th>Note</th></tr></thead><tbody><tr><td><a href="https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCYPHARFILEPATHSECUREJOIN-5889602">SNYK-GOLANG-GITHUBCOMCYPHARFILEPATHSECUREJOIN-5889602</a></td><td>sourcegraph/cadvisor</td><td>This potential security issue only affects <code>filepath-securejoin</code> when used on Windows - all Sourcegraph deployments use Linux</td></tr></tbody></table></div></section></section></section>