Vulnerability Reportanchore/syft:v1.43.0

anchore/syft:v1.43.0

DIGESTsha256:0bf6a5b15e854c53bd8b09abe5d1ff12c07bdb06c6edc9b2df99643049233d28

Executive Summary

Threat ScoreSAFE• High reputation community image with 9M+ pulls, pinned by digest for immutability• All 13 exposed vulnerabilities have low severity (max 5.1), no exploitable risk in production• No high-severity or critical vulnerabilities identified• Post-exploit findings are minimal with max severity 3.92, no practical impact

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (9M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. It contains 13 low-severity vulnerabilities (max 5.1) and 5 post-exploit findings (max 3.92), but none pose a realistic threat to the container's operation. The image is from a high-reputation publisher and pinned by digest, ensuring integrity. No further action is required.

Vulnerabilities

Vulnerability Log

18 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33811	MEDIUM5.1	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33814	MEDIUM5.1	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45570	LOW3.92	github.com/go-git/go-git/v5 v5.18.0 fixed in 5.19.1	0.4% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-45022	LOW3.06	github.com/go-git/go-git/v5 v5.18.0 fixed in 5.19.0	0.1% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-39820	LOW2.29	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46680	NONE0	github.com/containerd/containerd/v2 v2.2.2 fixed in 2.0.9, 2.2.4, 2.3.1	—	Not Applicable
CVE-2026-44973	NONE0	github.com/go-git/go-billy/v5 v5.8.0 fixed in 5.9.0	0.3% Theoretical Threat	Not Applicable
CVE-2026-44740	NONE0	github.com/go-git/go-billy/v5 v5.8.0 fixed in 5.9.0	0.3% Theoretical Threat	Not Applicable
CVE-2026-45571	NONE0	github.com/go-git/go-git/v5 v5.18.0 fixed in 5.19.1	0.3% Theoretical Threat	Not Applicable
GHSA-w5pp-99ch-qj29	NONE0	github.com/go-git/go-git/v5 v5.18.0 fixed in 5.19.1	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable