Multiple Critical Vulnerabilities in dremio-oss:23.1..0

Grype output… having to trim the output because is is way over the character limit, but you get the point.

grype docker.io/dremio/dremio-oss:23.1.0
 ✔ Vulnerability DB        [no update available]
New version of grype is available: 0.55.0 (currently running: 0.48.0)
 ✔ Loaded image            
 ✔ Parsed image            
 ✔ Cataloged packages      [1348 packages]
 ✔ Scanned image           [889 vulnerabilities]
NAME                               INSTALLED                                   FIXED-IN                 TYPE          VULNERABILITY        SEVERITY   
avatica-core                       1.18.0                                      1.22.0                   java-archive  GHSA-w7f5-jrpr-5c2m  High        
avatica-core                       1.18.0                                                               java-archive  CVE-2020-13955       Medium      
avatica-core                       1.18.0                                                               java-archive  CVE-2022-39135       Critical    
avatica-metrics                    1.18.0                                                               java-archive  CVE-2020-13955       Medium      
avatica-metrics                    1.18.0                                                               java-archive  CVE-2022-39135       Critical    
avro                               1.8.2                                                                java-archive  CVE-2021-43045       High        
avro                               1.7.7                                                                java-archive  CVE-2021-43045       High        
avro                               1.10.1                                                               java-archive  CVE-2021-43045       High        
avro-guava-dependencies            1.8.2                                                                java-archive  CVE-2021-43045       High        
avro-mapred                        1.8.2                                                                java-archive  CVE-2021-43045       High        
avro-mapred                        1.7.7                                                                java-archive  CVE-2021-43045       High        
aws-java-sdk-s3                    1.12.75                                     1.12.261                 java-archive  GHSA-c28r-hw5m-5gv3  High        
aws-java-sdk-s3                    1.11.761                                    1.12.261                 java-archive  GHSA-c28r-hw5m-5gv3  High        
flatbuffers-java                   1.12.0                                                               java-archive  CVE-2020-35864       High        
gpgv                               2.2.27-3ubuntu2.1                                                    deb           CVE-2022-3219        Low         
guava                              11.0.2                                                               java-archive  CVE-2020-8908        Low         
guava                              11.0.2                                                               java-archive  GHSA-5mg8-w23w-74h3  Low         
guava                              13.0.1                                                               java-archive  CVE-2020-8908        Low         
guava                              13.0.1                                                               java-archive  CVE-2018-10237       Medium      
guava                              13.0.1                                      24.1.1                   java-archive  GHSA-mvr2-9pj6-7w5j  Medium      
guava                              11.0.2                                      24.1.1                   java-archive  GHSA-mvr2-9pj6-7w5j  Medium      
guava                              11.0.2                                                               java-archive  CVE-2018-10237       Medium      
guava                              13.0.1                                                               java-archive  GHSA-5mg8-w23w-74h3  Low         
hadoop-annotations                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-annotations                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-annotations                 2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-annotations                 2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-annotations                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-annotations                 2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-annotations                 2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-annotations                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-annotations                 2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-auth                        2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-auth                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-auth                        2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-auth                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-auth                        2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-auth                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-auth                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-auth                        2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-auth                        2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-aws                         3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-aws                         3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-aws                         3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-aws                         3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-aws                         2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-aws                         2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-aws                         2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-aws                         2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-aws                         2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-azure                       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-azure                       2.8.5-dremio-r2-202106241733540604-acdda22                           java-archive  CVE-2020-9492        High        
hadoop-azure                       2.8.5-dremio-r2-202106241733540604-acdda22                           java-archive  CVE-2021-33036       High        
hadoop-azure                       2.8.5-dremio-r2-202106241733540604-acdda22                           java-archive  CVE-2022-26612       Critical    
hadoop-azure                       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-azure                       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-azure                       2.8.5-dremio-r2-202106241733540604-acdda22                           java-archive  CVE-2022-25168       Critical    
hadoop-azure                       2.8.5-dremio-r2-202106241733540604-acdda22                           java-archive  CVE-2018-11765       High        
hadoop-azure                       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-azure-datalake              3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-azure-datalake              3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-azure-datalake              2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-azure-datalake              2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-azure-datalake              2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-azure-datalake              3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-azure-datalake              2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-azure-datalake              3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-azure-datalake              2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-client                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-client                      2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-client                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-client                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-client                      2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-client                      2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-client                      2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-client                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-client                      2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-common                      3.3.2-dremio-202207041927090255-61c2bd1     3.3.2                    java-archive  GHSA-rmpj-7c96-mrg8  Critical    
hadoop-common                      2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-common                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-common                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-common                      2.8.5                                       2.10.2                   java-archive  GHSA-8wm5-8h9c-47pc  Critical    
hadoop-common                      2.8.5                                       2.10.1                   java-archive  GHSA-f8vc-wfc8-hxqh  High        
hadoop-common                      2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-common                      3.3.2-dremio-202207041927090255-61c2bd1     3.3.3                    java-archive  GHSA-8wm5-8h9c-47pc  Critical    
hadoop-common                      2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-common                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-common                      3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-common                      2.8.5                                       2.10.2                   java-archive  GHSA-rmpj-7c96-mrg8  Critical    
hadoop-common                      2.8.5                                       3.2.3                    java-archive  GHSA-gx2c-fvhc-ph4j  Critical    
hadoop-common                      2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-common                      2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-hdfs                        2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-hdfs                        2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-hdfs                        2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-hdfs                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-hdfs                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-hdfs                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-hdfs                        2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-hdfs                        3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-hdfs                        2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-hdfs-client                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-hdfs-client                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-hdfs-client                 2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-hdfs-client                 2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-hdfs-client                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-hdfs-client                 3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-hdfs-client                 2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-hdfs-client                 2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-hdfs-client                 2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-mapreduce-client-app        2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-mapreduce-client-app        2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-mapreduce-client-app        2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-mapreduce-client-app        2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-mapreduce-client-app        2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-mapreduce-client-common     3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-mapreduce-client-common     3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
hadoop-mapreduce-client-common     2.8.5                                                                java-archive  CVE-2018-11765       High        
hadoop-mapreduce-client-common     3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-mapreduce-client-common     2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-mapreduce-client-common     2.8.5                                                                java-archive  CVE-2021-33036       High        
hadoop-mapreduce-client-common     3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-33036       High        
hadoop-mapreduce-client-common     2.8.5                                                                java-archive  CVE-2022-25168       Critical    
hadoop-mapreduce-client-common     2.8.5                                                                java-archive  CVE-2022-26612       Critical    
hadoop-mapreduce-client-core       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2022-25168       Critical    
hadoop-mapreduce-client-core       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-25642       High        
hadoop-mapreduce-client-core       2.8.5                                                                java-archive  CVE-2020-9492        High        
hadoop-mapreduce-client-core       3.3.2-dremio-202207041927090255-61c2bd1                              java-archive  CVE-2021-37404       Critical    
jackson-databind                   2.4.0                                       2.8.11                   java-archive  GHSA-h592-38cm-4ggp  Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-11307       Critical    
jackson-databind                   2.4.0                                       2.9.10.7                 java-archive  GHSA-5949-rw7g-wx7w  High        
jackson-databind                   2.4.0                                       2.9.10                   java-archive  GHSA-85cw-hj65-qqv9  Critical    
jackson-databind                   2.13.2.2                                    2.13.4.1                 java-archive  GHSA-jjjh-jjxp-wpff  High        
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-f9xh-2qgp-cq57  High        
jackson-databind                   2.4.0                                       2.12.7.1                 java-archive  GHSA-rgv9-q543-rqg4  High        
jackson-databind                   2.6.3                                       2.9.9.2                  java-archive  GHSA-gwp4-hfv6-p7hw  High        
jackson-databind                   2.6.3                                       2.9.10.4                 java-archive  GHSA-p43x-xfjf-5jhr  Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2019-17531       Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2020-10673       High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2019-16942       Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2019-14540       Critical    
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-r3gr-cxrf-hg25  High        
jackson-databind                   2.6.3                                       2.9.10.1                 java-archive  GHSA-fmmc-742q-jg75  Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-14718       Critical    
jackson-databind                   2.6.3                                       2.9.10.1                 java-archive  GHSA-gjmw-vf9h-g25v  Critical    
jackson-databind                   2.4.0                                       2.8.11                   java-archive  GHSA-w3f4-3q6j-rh82  High        
jackson-databind                   2.4.0                                       2.6.7.4                  java-archive  GHSA- 
jackson-databind                   2.6.3                                       2.9.10.7                 java-archive  GHSA-5949-rw7g-wx7w  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2022-42003       High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2020-35490       High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2019-16943       Critical    
jackson-databind                   2.6.3                                       2.9.9.1                  java-archive  GHSA-cmfg-87vq-g5g4  Medium      
jackson-databind                   2.6.3                                       2.6.7.4                  java-archive  GHSA-288c-cq4h-88gq  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2017-17485       Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-14721       Critical    
jackson-databind                   2.4.0                                       2.9.9.1                  java-archive  GHSA-mph4-vhrx-mv67  Medium      
jackson-databind                   2.4.0                                       2.6.7.5                  java-archive  GHSA-qjw2-hr98-qgfh  High        
jackson-databind                   2.4.0                                       2.9.10.4                 java-archive  GHSA-fqwf-pjwf-7vqv  Medium      
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-9m6f-7xcq-8vf8  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-14720       Critical    
jackson-databind                   2.6.3                                       2.9.10.4                 java-archive  GHSA-rpr3-cw39-3pxh  High        
jackson-databind                   2.6.3                                       2.7.9.4                  java-archive  GHSA-qr7j-h6gg-jmgc  Critical    
jackson-databind                   2.6.3                                       2.6.7.4                  java-archive  GHSA-gww7-p5w4-wrfv  Critical    
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-m6x4-97wx-4q27  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-7489        Critical    
jackson-databind                   2.6.3                                       2.9.10.1                 java-archive  GHSA-mx7p-6679-8g3q  Critical    
jackson-databind                   2.6.3                                       2.8.11                   java-archive  GHSA-w3f4-3q6j-rh82  High        
jackson-databind                   2.4.0                                       2.12.7.1                 java-archive  GHSA-jjjh-jjxp-wpff  High        
jackson-databind                   2.6.3                                       2.9.10                   java-archive  GHSA-85cw-hj65-qqv9  Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-19362       Critical    
jackson-databind                   2.6.3                                       2.7.9.5                  java-archive  GHSA-645p-88qh-w398  Critical    
jackson-databind                   2.4.0                                       2.9.10.4                 java-archive  GHSA-q93h-jc49-78gg  Critical    
jackson-databind                   2.4.0                                       2.9.10.6                 java-archive  GHSA-h3cw-g4mq-c5x2  High        
jackson-databind                   2.4.0                                       2.9.9.2                  java-archive  GHSA-gwp4-hfv6-p7hw  High        
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-9m6f-7xcq-8vf8  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-5968        High        
jackson-databind                   2.4.0                                       2.9.10.1                 java-archive  GHSA-gjmw-vf9h-g25v  Critical    
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-r695-7vr9-jgc2  High        
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-9gph-22xh-8x98  High        
jackson-databind                   2.13.2                                                               java-archive  CVE-2020-36518       High        
jackson-databind                   2.4.0                                       2.9.10.4                 java-archive  GHSA-p43x-xfjf-5jhr  Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2020-25649       High        
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-89qr-369f-5m5x  High        
jackson-databind                   2.4.0                                       2.9.10                   java-archive  GHSA-f3j5-rmmp-3fc5  Critical    
jackson-databind                   2.13.2                                      2.13.4                   java-archive  GHSA-rgv9-q543-rqg4  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2018-19360       Critical    
jackson-databind                   2.6.3                                       2.8.11                   java-archive  GHSA-h592-38cm-4ggp  Critical    
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-8w26-6f25-cm9x  High        
jackson-databind                   2.4.0                                       2.6.7.4                  java-archive  GHSA-gww7-p5w4-wrfv  Critical    
jackson-databind                   2.4.0                                       2.6.7.4                  java-archive  GHSA-4w82-r329-3q67  Critical    
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-cvm9-fjm9-3572  High        
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-m6x4-97wx-4q27  High        
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-f9xh-2qgp-cq57  High        
jackson-databind                   2.6.3                                                                java-archive  CVE-2020-35491       High        
jackson-databind                   2.4.0                                       2.9.10                   java-archive  GHSA-h822-r4r5-v8jg  Critical    
jackson-databind                   2.6.3                                                                java-archive  CVE-2019-14379       Critical    
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-cvm9-fjm9-3572  High        
jackson-databind                   2.4.0                                       2.7.9.4                  java-archive  GHSA-cjjf-94ff-43w7  High        
jackson-databind                   2.6.3                                       2.9.10.8                 java-archive  GHSA-8w26-6f25-cm9x  High        
jackson-databind                   2.4.0                                                                java-archive  CVE-2022-42004       High        
jackson-databind                   2.4.0                                       2.9.10.4                 java-archive  GHSA-rpr3-cw39-3pxh  High        
jackson-databind                   2.4.0                                                                java-archive  CVE-2018-7489        Critical    
jackson-databind                   2.4.0                                       2.9.9.2                  java-archive  GHSA-6fpp-rgj9-8rwc  Critical    
jackson-databind                   2.4.0                                                                java-archive  CVE-2020-35490       High        
jackson-databind                   2.4.0                                       2.9.10.8                 java-archive  GHSA-