This is the analysis of the known vulnerabilities that ONAP has identified. These are vulnerabilities in the components that ONAP is using, together with an analysis of whether that vulnerability is exposed to ONAP, or not (in which case this is considered as false positive).