Hi, On Fri, Jul 26, 2019 at 05:45:34AM +0000, Security Tracker wrote: > CVE-2019-17196: missing from list This one is a false positive. It looks that https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml wrong information, because the CVE should be CVE-201*8*-17196 as is for kafka. I contacted Red Hat to double check. Regards, Salvatore