Vulnerability Reportalpine/terragrunt:1.14.8

alpine/terragrunt:tf1.14.8alpine/terragrunt:1.14.8alpine/terragrunt:842cf2c

DIGESTsha256:f58806df57588e2365a8a0903260c7a69f32c907b80d3b501f2c3931bb5d32fd

Executive Summary

Threat ScoreCAUTION• 148 vulnerabilities found, 45 with severity >= 6.0 (max 6.8); high vulnerability density.• CVE-2025-68121 (TLS session resumption bypass) and CVE-2026-45570 (SSH command injection in go-git) are notable.• Multiple OpenSSL CVEs (e.g., CVE-2026-28388) enable denial of service via crafted CRLs or CMS messages.• Image is from a reliable community publisher (alpine) with high reputation, but vulnerability load drives caution.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (16M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This base/runtime image carries significant vulnerabilities that any image built on it would inherit; remediate them in the final image before production. An attacker could cause denial of service by exploiting OpenSSL flaws or achieve remote code execution through SSH command injection in go-git. Note that CVE-2025-68121 requires the application to clone and mutate TLS Config between handshakes, and CVE-2026-45570 only applies if SSH-based git authentication is used with attacker-influenced paths. Prioritize updating the affected packages (crypto/tls, go-git, OpenSSL) in downstream images. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

168 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.24.2 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45570	MEDIUM6.53	github.com/go-git/go-git/v6 v6.0.0-alpha.1 fixed in 6.0.0-alpha.4	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	nghttp2-libs 1.68.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4660	MEDIUM6.38	github.com/hashicorp/go-getter v1.8.2 fixed in 1.8.6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-29181	MEDIUM6.38	go.opentelemetry.io/otel v1.40.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-32285	MEDIUM6.38	github.com/buger/jsonparser v1.1.1 fixed in 1.1.2	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.1.3 fixed in 4.1.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4660	MEDIUM6.38	github.com/hashicorp/go-getter v1.8.4 fixed in 1.8.6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-29181	MEDIUM6.38	go.opentelemetry.io/otel v1.39.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27137	MEDIUM6.38	stdlib v1.26.0 fixed in 1.26.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-45022	MEDIUM6.38	github.com/go-git/go-git/v6 v6.0.0-alpha.1 fixed in 6.0.0-alpha.3	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-41506	MEDIUM6.29	github.com/go-git/go-git/v6 v6.0.0-alpha.1 fixed in 6.0.0-alpha.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.40.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.39.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47907	MEDIUM5.95	stdlib v1.24.2 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.24.2 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33810	MEDIUM5.58	stdlib v1.26.0 fixed in 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.36.0 fixed in 0.38.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.24.2 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.24.2 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.8 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.26.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.25.8 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.26.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22874	MEDIUM5.1	stdlib v1.24.2 fixed in 1.24.4	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM5.1	stdlib v1.24.2 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61729	MEDIUM5.1	stdlib v1.24.2 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-58183	MEDIUM5.1	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61728	MEDIUM5.1	stdlib v1.24.2 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.8 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.26.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.26.0 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.24.2 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.35.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.35.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.24.2 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27138	LOW3.15	stdlib v1.26.0 fixed in 1.26.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.5-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.5-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33186	LOW2.78	google.golang.org/grpc v1.69.4 fixed in 1.79.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33186	LOW2.78	google.golang.org/grpc v1.78.0 fixed in 1.79.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33186	LOW2.78	google.golang.org/grpc v1.66.2 fixed in 1.79.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-32952	LOW2.7	github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c fixed in 0.1.1	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.5-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.26.0 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27139	LOW2.12	stdlib v1.24.2 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1965	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW1.93	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.7% Theoretical Threat	Post-Exploit
GHSA-xmrv-pmrh-hhx2	NONE0	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 fixed in 1.7.8	—	Not Applicable
GHSA-xmrv-pmrh-hhx2	NONE0	github.com/aws/aws-sdk-go-v2/service/s3 v1.88.3 fixed in 1.97.3	—	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 fixed in 1.43.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.8 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.8 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.8 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.8 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
GHSA-xmrv-pmrh-hhx2	NONE0	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 fixed in 1.7.8	—	Not Applicable
GHSA-xmrv-pmrh-hhx2	NONE0	github.com/aws/aws-sdk-go-v2/service/s3 v1.95.1 fixed in 1.97.3	—	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.39.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.0 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.0 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.0 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.0 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.24.2 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-44973	NONE0	github.com/go-git/go-billy/v6 v6.0.0-20260328065524-593ae452e14d fixed in 6.0.0-alpha.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-44740	NONE0	github.com/go-git/go-billy/v6 v6.0.0-20260328065524-593ae452e14d fixed in 6.0.0-alpha.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-45571	NONE0	github.com/go-git/go-git/v6 v6.0.0-alpha.1 fixed in 6.0.0-alpha.4	0.3% Theoretical Threat	Not Applicable
GHSA-w5pp-99ch-qj29	NONE0	github.com/go-git/go-git/v6 v6.0.0-alpha.1 fixed in 6.0.0-alpha.4	—	Not Applicable