| CVE-2023-39325 | caddy | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
| GHSA-M425-MQ94-257G | sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor, sourcegraph/executor, sourcegraph/bundled-executor, sourcegraph/dind, caddy, sourcegraph/executor-kubernetes | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
| CVE-2023-47108 | sourcegraph/dind | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |
| CVE-2023-45142 | caddy | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |
| CVE-2023-7104 | sourcegraph/codeinsights-db, sourcegraph/codeintel-db, sourcegraph/postgres-12-alpine | High | 7.3 | Medium | 4.1 | This is not exploitable over the internet. It would require an actor to write very specific SQLITE queries which is not possible in the default configuration. |
| CVE-2024-23652 | sourcegraph/dind | Critical | 7.4 | Info | 0 | We are not vulnerable for this issue as it requires access to our underlying infrastructure for exploitation. An actor cannot use this to gain access to our instances. |
| CVE-2024-23653 | sourcegraph/dind | Critical | 9.8 | Info | 0 | We are not vulnerable for this issue as it requires access to our underlying infrastructure for exploitation. An actor cannot use this to gain access to our instances. |
| CVE-2024-23651 | sourcegraph/dind | High | 7.4 | Info | 0 | We are not vulnerable for this issue as it requires access to our underlying infrastructure for exploitation. An actor cannot use this to gain access to our instances. |
| CVE-2024-21626 | sourcegraph/dind | High | 8.6 | High | 8.6 | Dind is used for Kubernetes executors and is not part of the standard deployment. This issue is not fixed in the latest dind release, and we will upgrade once a patch is available. |
| CVE-2023-5363 | caddy, sourcegraph/dind | High | 0 | info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |
