Vulnerability Reportapache/druid:31.0.2

apache/druid:31.0.2
DIGESTsha256:e735e30b115439d4e696f63f3e97dabdb20ce779e8599dba0738b93256f2bea6

Executive Summary

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution by sending a malicious Parquet or Avro file to the Druid ingestion pipeline, as demonstrated by CVE-2025-30065 and CVE-2024-47561, both of which require no special configuration. These vulnerabilities are directly reachable because Druid processes external data. Upgrading the parquet-avro, avro, and glib packages to their patched versions (e.g., parquet-avro 1.15.1, avro 1.11.4) would fully mitigate the most critical issues. Note that CVE-2019-17571 and CVE-2022-23307 in Log4j only apply if non-default components like SocketServer or JDBCAppender are enabled, which is not typical for this container.

Vulnerabilities

Vulnerability Log

289 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-30065CRITICAL10
org.apache.parquet:parquet-avro
1.13.0
fixed in 1.15.1
37.8%
High Exploitation Risk
Directly ExposedContext importance: HIGH
CVE-2024-47561HIGH8.8
org.apache.avro:avro
1.7.7
fixed in 1.11.4
3.3%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-45674HIGH8.5
io.netty:netty-resolver-dns
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-47691HIGH8.5
io.netty:netty-resolver-dns
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-14087HIGH8.33
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u8
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42581HIGH8.33
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-30749HIGH8.1
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.16+8-1~deb12u1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-46762HIGH8.1
org.apache.parquet:parquet-avro
1.13.0
fixed in 1.15.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2019-17571HIGH8
log4j:log4j
1.2.17
No fix yet
69.1%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-23305HIGH8
log4j:log4j
1.2.17
No fix yet
67.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2019-20445HIGH8
io.netty:netty
3.10.5.Final
fixed in 4.0.0
13.5%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2019-20445HIGH8
io.netty:netty
3.10.6.Final
fixed in 4.0.0
13.5%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-23302HIGH8
log4j:log4j
1.2.17
No fix yet
61.8%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2021-4104HIGH7.8
log4j:log4j
1.2.17
No fix yet
81.1%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2026-42579HIGH7.73
io.netty:netty-codec-dns
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42584HIGH7.73
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2332HIGH7.73
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 12.1.7, 12.0.33
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2332HIGH7.73
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 12.1.7, 12.0.33
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2332HIGH7.73
org.eclipse.jetty:jetty-http
9.4.56.v20240826
fixed in 12.1.7, 12.0.33
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-25638HIGH7.57
dnsjava:dnsjava
2.1.7
fixed in 3.6.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2018-20796HIGH7.5
libc6
2.36-9+deb12u10
No fix yet
5.8%
Low-Moderate Risk
Directly Exposed
CVE-2019-9192HIGH7.5
libc6
2.36-9+deb12u10
No fix yet
2.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-52425HIGH7.5
libexpat1
2.5.0-1+deb12u1
fixed in 2.5.0-1+deb12u2
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2024-8176HIGH7.5
libexpat1
2.5.0-1+deb12u1
fixed in 2.5.0-1+deb12u2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-28757HIGH7.5
libexpat1
2.5.0-1+deb12u1
No fix yet
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-25193HIGH7.5
libharfbuzz0b
6.0.0+dfsg-3
No fix yet
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2026-33416HIGH7.5
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u4
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-42003HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.12.7
fixed in 2.12.7.1, 2.13.4.2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-42004HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.12.7
fixed in 2.12.7.1, 2.13.4
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-42003HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.13.2.2
fixed in 2.12.7.1, 2.13.4.2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-42004HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.13.2.2
fixed in 2.12.7.1, 2.13.4
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-7254HIGH7.5
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.25.5, 4.27.5, 4.28.2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-3171HIGH7.5
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.21.7, 3.20.3, 3.19.6, 3.16.3
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-3635HIGH7.5
com.squareup.okio:okio
1.15.0
fixed in 3.4.0, 1.17.6
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-3635HIGH7.5
com.squareup.okio:okio
2.8.0
fixed in 3.4.0, 1.17.6
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2021-37136HIGH7.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
5.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-37137HIGH7.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
6.3%
Low-Moderate Risk
Directly Exposed
CVE-2021-37136HIGH7.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
5.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-37137HIGH7.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
6.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-24970HIGH7.5
io.netty:netty-handler
4.1.108.Final
fixed in 4.1.118.Final
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-26464HIGH7.5
log4j:log4j
1.2.17
fixed in 2.0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2021-31684HIGH7.5
net.minidev:json-smart
1.3.2
fixed in 1.3.3, 2.4.4
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-1370HIGH7.5
net.minidev:json-smart
1.3.2
fixed in 2.4.9
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-39410HIGH7.5
org.apache.avro:avro
1.7.7
fixed in 1.11.3
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-50298HIGH7.5
org.apache.solr:solr-solrj
8.11.2
fixed in 9.4.1, 8.11.3
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2020-13949HIGH7.5
org.apache.thrift:libthrift
0.13.0
fixed in 0.14.0
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2018-1320HIGH7.5
org.apache.thrift:libthrift
0.6.1
fixed in 0.9.3-1, 0.12.0
8.2%
Low-Moderate Risk
Directly Exposed
CVE-2019-0205HIGH7.5
org.apache.thrift:libthrift
0.6.1
fixed in 0.13.0
9.1%
Low-Moderate Risk
Directly Exposed
CVE-2018-1320HIGH7.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.9.3-1, 0.12.0
8.2%
Low-Moderate Risk
Directly Exposed
CVE-2019-0205HIGH7.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.13.0
9.1%
Low-Moderate Risk
Directly Exposed
CVE-2020-13949HIGH7.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.14.0
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2026-24308HIGH7.5
org.apache.zookeeper:zookeeper
3.8.4
fixed in 3.9.5, 3.8.6
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-40150HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.2
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-45685HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-45693HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-1436HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-40149HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-40150HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.2
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-45685HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-45693HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-1436HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-40149HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-41404HIGH7.5
org.ini4j:ini4j
0.5.4
No fix yet
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-34455HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.2
fixed in 1.1.10.1
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-43642HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.2
fixed in 1.1.10.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-34453HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.2
fixed in 1.1.10.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-34454HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.2
fixed in 1.1.10.1
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2025-67030HIGH7.48
org.codehaus.plexus:plexus-utils
3.0.24
fixed in 4.0.3, 3.6.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-50059HIGH7.31
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.16+8-1~deb12u1
0.5%
Theoretical Threat
Directly Exposed
CVE-2019-20444HIGH7.28
io.netty:netty
3.10.5.Final
fixed in 4.0.0
8.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2019-20444HIGH7.28
io.netty:netty
3.10.6.Final
fixed in 4.0.0
8.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-0861MEDIUM6.88
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u14
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25646MEDIUM6.88
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u3
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-50106MEDIUM6.88
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.16+8-1~deb12u1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44249MEDIUM6.88
io.netty:netty-handler
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-53990MEDIUM6.88
org.asynchttpclient:async-http-client
2.5.3
fixed in 2.12.4, 3.0.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-21295MEDIUM6.79
io.netty:netty
3.10.5.Final
fixed in 4.0.0
18.9%
High Exploitation Risk
Directly Exposed
CVE-2021-21295MEDIUM6.79
io.netty:netty
3.10.6.Final
fixed in 4.0.0
18.9%
High Exploitation Risk
Directly Exposed
CVE-2026-25210MEDIUM6.63
libexpat1
2.5.0-1+deb12u1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22801MEDIUM6.63
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u2
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-13601MEDIUM6.54
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u8
0.3%
Theoretical Threat
Directly Exposed
CVE-2021-37533MEDIUM6.5
commons-net:commons-net
3.6
fixed in 3.9.0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2021-43797MEDIUM6.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-43797MEDIUM6.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2018-11798MEDIUM6.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.12.0
4.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-33636MEDIUM6.46
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat1
2.5.0-1+deb12u1
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41254MEDIUM6.38
liblcms2-2
2.14-2
fixed in 2.14-2+deb12u1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-21945MEDIUM6.38
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.18+8-1~deb12u1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-22016MEDIUM6.38
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34282MEDIUM6.38
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.12.7
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.13.2
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.13.4
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-3509MEDIUM6.38
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-3510MEDIUM6.38
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-52428MEDIUM6.38
com.nimbusds:nimbus-jose-jwt
8.22.1
fixed in 9.37.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-52428MEDIUM6.38
com.nimbusds:nimbus-jose-jwt
9.8.1
fixed in 9.37.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2021-0341MEDIUM6.38
com.squareup.okhttp3:okhttp
3.12.12
fixed in 4.9.2
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-67721MEDIUM6.38
io.airlift:aircompressor
0.21
fixed in 2.0.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-55163MEDIUM6.38
io.grpc:grpc-netty-shaded
1.59.0
fixed in 1.75.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-58057MEDIUM6.38
io.netty:netty-codec
4.1.108.Final
fixed in 4.1.125.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33870MEDIUM6.38
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.1.132.Final, 4.2.10.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42585MEDIUM6.38
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-58056MEDIUM6.38
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.1.125.Final, 4.2.5.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-55163MEDIUM6.38
io.netty:netty-codec-http2
4.1.108.Final
fixed in 4.2.4.Final, 4.1.124.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-33871MEDIUM6.38
io.netty:netty-codec-http2
4.1.108.Final
fixed in 4.1.132.Final, 4.2.11.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http2
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-48043MEDIUM6.38
io.netty:netty-codec-http2
4.1.108.Final
fixed in 4.1.135.Final, 4.2.15.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-45416MEDIUM6.38
io.netty:netty-handler
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-50010MEDIUM6.38
io.netty:netty-handler
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42578MEDIUM6.38
io.netty:netty-handler-proxy
4.1.108.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34479MEDIUM6.38
org.apache.logging.log4j:log4j-1.2-api
2.22.1
fixed in 2.25.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34478MEDIUM6.38
org.apache.logging.log4j:log4j-core
2.22.1
fixed in 2.25.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34480MEDIUM6.38
org.apache.logging.log4j:log4j-core
2.22.1
fixed in 2.25.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-5588MEDIUM6.38
org.bouncycastle:bcpkix-jdk18on
1.78.1
fixed in 1.84
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-5598MEDIUM6.38
org.bouncycastle:bcprov-jdk18on
1.78.1
fixed in 1.84
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-66566MEDIUM6.38
org.lz4:lz4-java
1.8.0
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-66453MEDIUM6.38
org.mozilla:rhino
1.7.14
fixed in 1.7.14.1, 1.7.15.1, 1.8.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42198MEDIUM6.38
org.postgresql:postgresql
42.7.2
fixed in 42.7.11
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-21932MEDIUM6.29
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.18+8-1~deb12u1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-21587MEDIUM6.29
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.15+6-1~deb12u1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-24281MEDIUM6.29
org.apache.zookeeper:zookeeper
3.8.4
fixed in 3.8.6, 3.9.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43869MEDIUM6.21
org.apache.thrift:libthrift
0.13.0
fixed in 0.23.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43869MEDIUM6.21
org.apache.thrift:libthrift
0.6.1
fixed in 0.23.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43869MEDIUM6.21
org.apache.thrift:libthrift
0.9.3
fixed in 0.23.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-13009MEDIUM6.12
org.eclipse.jetty:jetty-server
9.4.56.v20240826
fixed in 9.4.57.v20241219
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-64720MEDIUM6.03
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-65018MEDIUM6.03
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-66293MEDIUM6.03
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22695MEDIUM6.03
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u2
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-2976MEDIUM6.03
com.google.guava:guava
14.0.1
fixed in 32.0.0-android
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-2976MEDIUM6.03
com.google.guava:guava
30.1.1-jre
fixed in 32.0.0-android
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-4802MEDIUM5.95
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u11
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-50602MEDIUM5.9
libexpat1
2.5.0-1+deb12u1
fixed in 2.5.0-1+deb12u2
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2018-10237MEDIUM5.9
com.google.guava:guava
14.0.1
fixed in 24.1.1-android
5.1%
Low-Moderate Risk
Directly Exposed
CVE-2021-21409MEDIUM5.9
io.netty:netty
3.10.5.Final
fixed in 4.0.0
4.9%
Low-Moderate Risk
Directly Exposed
CVE-2021-21409MEDIUM5.9
io.netty:netty
3.10.6.Final
fixed in 4.0.0
4.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-45673MEDIUM5.78
io.netty:netty-resolver-dns
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-35554MEDIUM5.78
org.apache.kafka:kafka-clients
2.8.1
fixed in 3.9.2, 4.0.2, 4.1.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-35554MEDIUM5.78
org.apache.kafka:kafka-clients
3.9.0
fixed in 3.9.2, 4.0.2, 4.1.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-40490MEDIUM5.78
org.asynchttpclient:async-http-client
2.5.3
fixed in 3.0.9, 2.14.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4437MEDIUM5.52
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u14
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6238MEDIUM5.52
libc6
2.36-9+deb12u10
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-14512MEDIUM5.52
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u8
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-67735MEDIUM5.52
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.8.Final, 4.1.129.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41417MEDIUM5.52
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42580MEDIUM5.52
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-0636MEDIUM5.52
org.bouncycastle:bcprov-jdk18on
1.78.1
fixed in 1.84
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-11143MEDIUM5.52
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 12.0.31, 12.1.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-11143MEDIUM5.52
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 12.0.31, 12.1.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-11143MEDIUM5.52
org.eclipse.jetty:jetty-http
9.4.56.v20240826
fixed in 12.0.31, 12.1.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-12183MEDIUM5.52
org.lz4:lz4-java
1.8.0
fixed in 1.8.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-40458MEDIUM5.52
org.pac4j:pac4j-core
4.5.7
fixed in 5.7.10, 6.4.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2021-29425MEDIUM5.52
commons-io:commons-io
2.4
fixed in 2.7
10.6%
High Exploitation Risk
Directly Exposed
CVE-2021-22569MEDIUM5.5
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.16.1, 3.18.2, 3.19.2
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-21290MEDIUM5.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2021-21290MEDIUM5.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2019-1010024MEDIUM5.3
libc6
2.36-9+deb12u10
No fix yet
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2019-1010025MEDIUM5.3
libc6
2.36-9+deb12u10
No fix yet
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-59375MEDIUM5.3
libexpat1
2.5.0-1+deb12u1
No fix yet
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2020-13956MEDIUM5.3
org.apache.httpcomponents:httpclient
4.5.2
fixed in 4.5.13, 5.0.3
8.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-31141MEDIUM5.3
org.apache.kafka:kafka-clients
2.8.1
fixed in 3.7.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-40167MEDIUM5.3
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-40167MEDIUM5.3
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-28162MEDIUM5.27
libpng16-16
1.6.39-2
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-64506MEDIUM5.18
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u1
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-14104MEDIUM5.18
libuuid1
2.38.1-5+deb12u3
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-21933MEDIUM5.18
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.18+8-1~deb12u1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22227MEDIUM5.18
io.projectreactor.netty:reactor-netty-http
1.0.43
fixed in 1.3.0-M5, 1.2.8
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-5435MEDIUM5.02
libc6
2.36-9+deb12u10
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-15281MEDIUM5.02
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u14
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat1
2.5.0-1+deb12u1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-53057MEDIUM5.02
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.17+10-1~deb12u1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34477MEDIUM5.02
org.apache.logging.log4j:log4j-core
2.22.1
fixed in 2.25.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2012-0039MEDIUM5
libglib2.0-0
2.74.6-2+deb12u5
No fix yet
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
8.22.1
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
9.37.3
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
9.8.1
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-30698MEDIUM4.76
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.15+6-1~deb12u1
0.5%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
gcc-12-base
12.2.0-14
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-66382MEDIUM4.67
libexpat1
2.5.0-1+deb12u1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat1
2.5.0-1+deb12u1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat1
2.5.0-1+deb12u1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat1
2.5.0-1+deb12u1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2023-52426MEDIUM4.67
libexpat1
2.5.0-1+deb12u1
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
libgcc-s1
12.2.0-14
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2021-4214MEDIUM4.67
libpng16-16
1.6.39-2
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
libstdc++6
12.2.0-14
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid1
2.38.1-5+deb12u3
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib1g
1:1.2.13.dfsg-1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-35255MEDIUM4.67
com.azure:azure-identity
1.12.0
fixed in 1.12.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-35255MEDIUM4.67
com.microsoft.azure:msal4j
1.15.0
fixed in 1.15.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-47535MEDIUM4.67
io.netty:netty-common
4.1.108.Final
fixed in 4.1.115.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-25193MEDIUM4.67
io.netty:netty-common
4.1.108.Final
fixed in 4.1.118.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-23015MEDIUM4.67
org.apache.cassandra:cassandra-all
1.0.8
fixed in 5.0.3, 4.1.8, 4.0.16, 3.11.18, 3.0.31
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-25710MEDIUM4.67
org.apache.commons:commons-compress
1.21
fixed in 1.26.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-26308MEDIUM4.67
org.apache.commons:commons-compress
1.21
fixed in 1.26.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-1489MEDIUM4.59
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u9
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-1471MEDIUM4.58
org.yaml:snakeyaml
1.33
fixed in 2.0
99.6%
Actively Exploited
Post-Exploit
CVE-2026-0915MEDIUM4.5
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u14
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u14
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22693MEDIUM4.5
libharfbuzz0b
6.0.0+dfsg-3
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-3713MEDIUM4.5
libpng16-16
1.6.39-2
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3184MEDIUM4.5
libuuid1
2.38.1-5+deb12u3
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22013MEDIUM4.5
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22021MEDIUM4.5
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50020MEDIUM4.5
io.netty:netty-codec-http
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-47244MEDIUM4.5
io.netty:netty-codec-http2
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50560MEDIUM4.5
io.netty:netty-codec-http2
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-8916MEDIUM4.5
org.bouncycastle:bcpkix-jdk18on
1.78.1
fixed in 1.79
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-6763MEDIUM4.5
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 12.0.12
1.0%
Theoretical Threat
Directly Exposed
CVE-2024-6763MEDIUM4.5
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 12.0.12
1.0%
Theoretical Threat
Directly Exposed
CVE-2024-6763MEDIUM4.5
org.eclipse.jetty:jetty-http
9.4.56.v20240826
fixed in 12.0.12
1.0%
Theoretical Threat
Directly Exposed
CVE-2024-29131MEDIUM4.4
org.apache.commons:commons-configuration2
2.1.1
fixed in 2.10.1
2.1%
Low-Moderate Risk
Directly Exposed
CVE-2024-29133MEDIUM4.4
org.apache.commons:commons-configuration2
2.1.1
fixed in 2.10.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-29131MEDIUM4.4
org.apache.commons:commons-configuration2
2.8.0
fixed in 2.10.1
2.1%
Low-Moderate Risk
Directly Exposed
CVE-2024-29133MEDIUM4.4
org.apache.commons:commons-configuration2
2.8.0
fixed in 2.10.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-47554MEDIUM4.3
commons-io:commons-io
2.4
fixed in 2.14.0
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-47554MEDIUM4.3
commons-io:commons-io
2.8.0
fixed in 2.14.0
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2021-44521MEDIUM4.26
org.apache.cassandra:cassandra-all
1.0.8
fixed in 3.0.26, 3.11.12, 4.0.2
54.9%
Actively Exploited
Post-Exploit
CVE-2026-5450MEDIUM4.25
libc6
2.36-9+deb12u10
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-5928MEDIUM4.25
libc6
2.36-9+deb12u10
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-28164MEDIUM4.25
libpng16-16
1.6.39-2
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2022-23307MEDIUM4.12
log4j:log4j
1.2.17
No fix yet
52.5%
Actively Exploited
Post-Exploit
CVE-2023-4039MEDIUM4.08
gcc-12-base
12.2.0-14
fixed in 12.2.0-14+deb12u1
0.7%
Theoretical Threat
Directly Exposed
CVE-2023-4039MEDIUM4.08
libgcc-s1
12.2.0-14
fixed in 12.2.0-14+deb12u1
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-4373MEDIUM4.08
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u7
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-4039MEDIUM4.08
libstdc++6
12.2.0-14
fixed in 12.2.0-14+deb12u1
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-30691MEDIUM4.08
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.15+6-1~deb12u1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-30754MEDIUM4.08
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.16+8-1~deb12u1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-53066MEDIUM4.08
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.17+10-1~deb12u1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-21925MEDIUM4.08
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.18+8-1~deb12u1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68161MEDIUM4.08
org.apache.logging.log4j:log4j-core
2.22.1
fixed in 2.25.3
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libuuid1
2.38.1-5+deb12u3
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2010-4756MEDIUM4
libc6
2.36-9+deb12u10
No fix yet
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2025-27817LOW3.79
org.apache.kafka:kafka-clients
3.9.0
fixed in 3.9.1
60.8%
Actively Exploited
Post-Exploit
CVE-2025-64505LOW3.74
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34757LOW3.74
libpng16-16
1.6.39-2
fixed in 1.6.39-2+deb12u5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-48924LOW3.7
org.apache.commons:commons-lang3
3.12.0
fixed in 3.18.0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-8058LOW3.57
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u13
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-1484LOW3.57
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u9
0.3%
Theoretical Threat
Directly Exposed
CVE-2019-1010022LOW3.53
libc6
2.36-9+deb12u10
No fix yet
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-45853LOW3.53
zlib1g
1:1.2.13.dfsg-1
No fix yet
2.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-46337LOW3.53
org.apache.derby:derby
10.14.2.0
fixed in 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-4438LOW3.4
libc6
2.36-9+deb12u10
fixed in 2.36-9+deb12u14
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-49128LOW3.4
com.fasterxml.jackson.core:jackson-core
2.12.7
fixed in 2.13.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-epoll
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-kqueue
4.1.108.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-27363LOW3.35
libfreetype6
2.12.1+dfsg-5+deb12u3
fixed in 2.12.1+dfsg-5+deb12u4
23.4%
High Exploitation Risk
Post-Exploit
CVE-2019-1010023LOW3.17
libc6
2.36-9+deb12u10
No fix yet
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-48734LOW3.17
commons-beanutils:commons-beanutils
1.9.4
fixed in 1.11.0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2026-41080LOW3.15
libexpat1
2.5.0-1+deb12u1
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-3360LOW3.15
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u6
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-7039LOW3.15
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-0988LOW3.15
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u9
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22018LOW3.15
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-40152LOW3.1
com.fasterxml.woodstox:woodstox-core
5.3.0
fixed in 6.4.0, 5.4.0
19.5%
High Exploitation Risk
Post-Exploit
CVE-2022-40152LOW3.1
com.fasterxml.woodstox:woodstox-core
6.2.4
fixed in 6.4.0, 5.4.0
19.5%
High Exploitation Risk
Post-Exploit
CVE-2021-33813LOW3.1
org.jdom:jdom2
2.0.6
fixed in 2.0.6.1
19.4%
High Exploitation Risk
Post-Exploit
CVE-2020-8908LOW2.8
com.google.guava:guava
14.0.1
fixed in 32.0.0-android
1.0%
Theoretical Threat
Directly Exposed
CVE-2020-8908LOW2.8
com.google.guava:guava
30.1.1-jre
fixed in 32.0.0-android
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-22007LOW2.46
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-34268LOW2.46
openjdk-17-jre-headless
17.0.14+7-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-1485LOW2.38
libglib2.0-0
2.74.6-2+deb12u5
fixed in 2.74.6-2+deb12u9
0.1%
Theoretical Threat
Directly Exposed
CVE-2022-2047LOW2.29
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 9.4.47, 10.0.10, 11.0.10
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-24515LOW2.12
libexpat1
2.5.0-1+deb12u1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-48924NONE0
commons-lang:commons-lang
2.5
No fix yet
2.2%
Low-Moderate Risk
Not Applicable
CVE-2025-48924NONE0
commons-lang:commons-lang
2.6
No fix yet
2.2%
Low-Moderate Risk
Not Applicable
CVE-2026-50593NONE0
libgraphite2-3
1.3.14-1
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2025-29070NONE0
liblcms2-2
2.14-2
No fix yet
0.8%
Theoretical Threat
Not Applicable
CVE-2026-53613NONE0
libuuid1
2.38.1-5+deb12u3
No fix yet
Not Applicable
CVE-2026-53615NONE0
libuuid1
2.38.1-5+deb12u3
No fix yet
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.12.7
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.13.2
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.13.4
fixed in 2.21.1, 2.18.6
Not Applicable
CVE-2024-36114NONE0
io.airlift:aircompressor
0.21
fixed in 0.27
0.5%
Theoretical Threat
Not Applicable
CVE-2026-42583NONE0
io.netty:netty-codec
4.1.108.Final
fixed in 4.1.133.Final
0.4%
Theoretical Threat
Not Applicable
CVE-2026-45205NONE0
org.apache.commons:commons-configuration2
2.10.1
fixed in 2.15.0
0.5%
Theoretical Threat
Not Applicable
CVE-2026-45205NONE0
org.apache.commons:commons-configuration2
2.8.0
fixed in 2.15.0
0.5%
Theoretical Threat
Not Applicable
CVE-2026-23906NONE0
org.apache.druid.extensions:druid-basic-security
31.0.2
fixed in 36.0.0
1.0%
Low-Moderate Risk
Not Applicable
CVE-2024-23454NONE0
org.apache.hadoop:hadoop-common
3.3.6
fixed in 3.4.0
0.4%
Theoretical Threat
Not Applicable
CVE-2026-33558NONE0
org.apache.kafka:kafka-clients
2.8.1
fixed in 3.9.2, 4.0.1
0.5%
Theoretical Threat
Not Applicable
CVE-2026-33558NONE0
org.apache.kafka:kafka-clients
3.9.0
fixed in 3.9.2, 4.0.1
0.5%
Theoretical Threat
Not Applicable
CVE-2025-59059NONE0
org.apache.ranger:ranger-plugins-common
2.4.0
fixed in 2.8.0
1.2%
Low-Moderate Risk
Not Applicable
CVE-2026-45300NONE0
org.asynchttpclient:async-http-client
2.5.3
fixed in 3.0.10, 2.15.0
0.3%
Theoretical Threat
Not Applicable
GHSA-58qw-p7qm-5rvhNONE0
org.eclipse.jetty:jetty-xml
9.4.43.v20210629
fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
Not Applicable
GHSA-58qw-p7qm-5rvhNONE0
org.eclipse.jetty:jetty-xml
9.4.51.v20230217
fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
Not Applicable