Vulnerability Reportanchore/syft:v1.45.0

anchore/syft:v1.45.0

DIGESTsha256:e9695f12fca6bf93a6e106c8f7001a13d00608b92e8a73930aacc401a8727ac8

Executive Summary

Threat ScoreSAFE• Image is pinned by digest ensuring immutability and integrity• Published by Anchore with high community trust (9.9M pulls) and a score of 90• No reachable vulnerabilities of any severity in the exposed or post-exploit surfaces• Three low-severity findings exist but pose no practical threat (max severity 0.0)

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (9M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. Although three vulnerabilities are recorded in the scan, all have a severity score of 0.0, meaning they are not exploitable in practice. The image is pinned by digest, published by a reputable source (Anchore), and has no reachable findings in the exposed surface or post-exploit categories. No further action is required.

Vulnerabilities

Vulnerability Log

3 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42504	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable