JFrog XRay detects CVE-2020-18032 for graphviz library in alpine 3.13, which has a critical severity.
Please apply a patch to the vulnerability or upgrade the library.
Fix was introduced in this MR and when I run
git tag --contains 784411c (commit with fix) in graphviz lib, it returns:
2.46.0 2.46.1 2.47.0 2.47.1
So upgrading the library to version >= 2.46.0 in alpine 3.13 should also resolve the issue.
- master (06464b7d)