<aside> 💡 Releases of Sourcegraph may ship with container images that contain known vulnerable packages that are either false positives considering the way in which we run Sourcegraph, or that we have accepted as low risk.

</aside>

For more information about how we scan releases for vulnerabilities, see Container vulnerability scanning.

Accepted CVEs in Sourcegraph Releases