From e534038f1903cce52cca75556b684cdd90673952 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 1 Nov 2023 16:09:48 +0100
Subject: [PATCH] monthly update of vulnerability report (#2115)

Signed-off-by: bossenti <noreply@gmail.com>
Co-authored-by: bossenti <bossenti@github.com>
---
 VULNERABILITY.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/VULNERABILITY.md b/VULNERABILITY.md
index 09a7553baf..8c44874110 100644
--- a/VULNERABILITY.md
+++ b/VULNERABILITY.md
@@ -1,11 +1,14 @@
 <!--\n  ~ Licensed to the Apache Software Foundation (ASF) under one or more\n  ~ contributor license agreements.  See the NOTICE file distributed with\n  ~ this work for additional information regarding copyright ownership.\n  ~ The ASF licenses this file to You under the Apache License, Version 2.0\n  ~ (the "License"); you may not use this file except in compliance with\n  ~ the License.  You may obtain a copy of the License at\n  ~\n  ~    http://www.apache.org/licenses/LICENSE-2.0\n  ~\n  ~ Unless required by applicable law or agreed to in writing, software\n  ~ distributed under the License is distributed on an "AS IS" BASIS,\n  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  ~ See the License for the specific language governing permissions and\n  ~ limitations under the License.\n  ~\n  -->
 | OSV URL | CVSS | Ecosystem | Package | Version | Source |
 | --- | --- | --- | --- | --- | --- |
+| https://osv.dev/GHSA-57m8-f3v5-hm5m | 5.3 | Maven | io.netty:netty-handler | 4.1.72.Final | pom.xml |
 | https://osv.dev/GHSA-6mjq-h674-j845 | 6.5 | Maven | io.netty:netty-handler | 4.1.72.Final | pom.xml |
+| https://osv.dev/GHSA-crg9-44h2-xw35 | 10 | Maven | org.apache.activemq:activemq-client | 5.18.0 | pom.xml |
 | https://osv.dev/GHSA-cgwf-w82q-5jrr | 5.5 | Maven | org.apache.commons:commons-compress | 1.23.0 | pom.xml |
 | https://osv.dev/GHSA-hr8g-6v94-x4m9 | 5.3 | Maven | org.bouncycastle:bcprov-jdk15on | 1.70 | pom.xml |
-| https://osv.dev/PYSEC-2023-175 |  | PyPI | pillow | 10.0.0 | streampipes-client-python/poetry.lock |
+| https://osv.dev/GHSA-2cqf-6xv9-f22w | 7.5 | Maven | org.elasticsearch:elasticsearch | 6.8.17 | pom.xml |
 | https://osv.dev/GHSA-w596-4wvx-j9j6<br/>https://osv.dev/PYSEC-2022-42969 | 7.5 | PyPI | py | 1.11.0 | streampipes-client-python/poetry.lock |
 | https://osv.dev/GHSA-ww39-953v-wcq6 | 7.5 | npm | glob-parent | 3.1.0 | ui/package-lock.json |
+| https://osv.dev/GHSA-7fh5-64p2-3v2j | 5.3 | npm | postcss | 8.4.21 | ui/package-lock.json |
 | https://osv.dev/GHSA-4943-9vgg-gr5r | 6.1 | npm | quill | 1.3.7 | ui/package-lock.json |
 | https://osv.dev/MAL-2022-6662 |  | npm | tsconfig-package | 7.0.0 | ui/package-lock.json |