I created an issue for this in SECURITY (see SECURITY-777) but now I think maybe I should have created it here in TOOLS. Several of our Kubernetes Operator containers rely on database-tools, and its presence is flagging several security vulnerabilities - one deemed critical and several others deemed high - caused by the version of go being used (1.16.7) and golang.org/x/crypto. The database tools version I'm seeing is mongodb-database-tools-rhel80-x86_64-100.5.1. Containers without the package do not produce the vulnerabilities. The list of CVEs is:

CVE-2020-29652
CVE-2022-23806
CVE-2021-39293
CVE-2021-29923
CVE-2021-41771
CVE-2021-41772
CVE-2021-44716
CVE-2022-23806
CVE-2021-38297

Attaching a spreadsheet with additional details. I need to know if these are legitimate findings and if so understand our plan/timeline/LoE to address the situation.