vendor,product,version,cve_number,remarks,comment
@OPENJPEG_ID@,CVE-2016-9675,NotAffected,issue in convert command line tool not used by blender
@PYTHON_ID@,CVE-2009-2940,NotAffected,issue in pygresql not used by blender
@PYTHON_ID@,CVE-2020-29396,NotAffected,issue in odoo not used by blender
@PYTHON_ID@,CVE-2021-32052,NotAffected,issue in django not used by blender
@PYTHON_ID@,CVE-2009-3720,NotAffected,already fixed in libexpat version used
@PYTHON_ID@,CVE-2023-36632,NotAffected,not used in blender and not considered a bug upstream
@PYTHON_ID@,CVE-2023-27043,NotAffected,not used in blender
@PYTHON_ID@,CVE-2024-6232,FalsePositive,fixed in 3.11.10 upstream fix gh-121285
@PYTHON_ID@,CVE-2024-7592,FalsePositive,fixed in 3.11.10 upstream fix gh-123067
@PYTHON_PIP_ID@,CVE-2018-20225,NotAffected,not a blender specific issue and pip is inherently affected by malicious packages
@SSL_ID@,CVE-2009-1390,NotAffected,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3765,NotAffected,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3766,NotAffected,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3767,NotAffected,issue in ldap not used by blender
@SSL_ID@,CVE-2019-0190,NotAffected,issue in apache not used by blender
@TIFF_ID@,CVE-2022-2056,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2057,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2058,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2519,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2520,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2521,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2953,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-34526,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3570,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3597,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3598,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3599,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3626,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3627,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2023-40745,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2023-41175,NotAffected,issue in tiff command line tool not used by blender
@XML2_ID@,CVE-2016-3709,NotAffected,not affecting blender and not considered a security issue upstream
@XML2_ID@,CVE-2023-39615,NotAffected,not affecting blender and not considered a security issue upstream
@XML2_ID@,CVE-2020-7595,NotAffected,already fixed in the libxml2 version used
@GMP_ID@,CVE-2021-43618,Mitigated,patched using upstream commit 561a9c25298e
@SQLITE_ID@,CVE-2022-35737,NotAffected,only affects SQLITE_ENABLE_STAT4 compile option not used by blender or python
@SQLITE_ID@,CVE-2023-7104,NotAffected,does not affect blender use of sqlite
@SQLITE_ID@,CVE-2024-0232,NotAffected,does not affect blender use of sqlite
@ZLIB_ID@,CVE-2023-45853,NotAffected,only affects minizip not used by blender
@SNDFILE_ID@,CVE-2024-50612,Mitigated,patched using upstream PR 1045
@SNDFILE_ID@,CVE-2024-50613,NotAffected,all mp3 handling in blender goes through ffmpeg
@SBOMCONTENTS@