This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution, HTTP request smuggling, or denial of service by exploiting vulnerabilities like CVE-2024-47561, which directly impacts Druid's Avro data ingestion. Upgrading to patched versions of affected packages is the only complete remediation; no compensating controls fully eliminate these risks.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2024-47561 | HIGH8.8 | org.apache.avro:avro 1.7.7 fixed in 1.11.4 | 3.3% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2025-14087 | HIGH8.33 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u8 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42579 | HIGH7.73 | io.netty:netty-codec-dns 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42584 | HIGH7.73 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2332 | HIGH7.73 | org.eclipse.jetty:jetty-http 12.0.25 fixed in 12.1.7, 12.0.33 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2332 | HIGH7.73 | org.eclipse.jetty:jetty-http 9.4.43.v20210629 fixed in 12.1.7, 12.0.33 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2332 | HIGH7.73 | org.eclipse.jetty:jetty-http 9.4.51.v20230217 fixed in 12.1.7, 12.0.33 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-25638 | HIGH7.57 | dnsjava:dnsjava 2.1.7 fixed in 3.6.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2018-20796 | HIGH7.5 | libc6 2.36-9+deb12u13 No fix yet | 5.8% Low-Moderate Risk | Directly Exposed |
| CVE-2019-9192 | HIGH7.5 | libc6 2.36-9+deb12u13 No fix yet | 2.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-28757 | HIGH7.5 | libexpat1 2.5.0-1+deb12u2 No fix yet | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-25193 | HIGH7.5 | libharfbuzz0b 6.0.0+dfsg-3 No fix yet | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2026-33416 | HIGH7.5 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u4 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-42003 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.12.7 fixed in 2.12.7.1, 2.13.4.2 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-42004 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.12.7 fixed in 2.12.7.1, 2.13.4 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2022-42003 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.13.2.2 fixed in 2.12.7.1, 2.13.4.2 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-42004 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.13.2.2 fixed in 2.12.7.1, 2.13.4 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-7254 | HIGH7.5 | com.google.protobuf:protobuf-java 3.7.1 fixed in 3.25.5, 4.27.5, 4.28.2 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-3171 | HIGH7.5 | com.google.protobuf:protobuf-java 3.7.1 fixed in 3.21.7, 3.20.3, 3.19.6, 3.16.3 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3635 | HIGH7.5 | com.squareup.okio:okio 2.8.0 fixed in 3.4.0, 1.17.6 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37136 | HIGH7.5 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 5.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37137 | HIGH7.5 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 6.3% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37136 | HIGH7.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 5.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37137 | HIGH7.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 6.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-26464 | HIGH7.5 | log4j:log4j 1.2.17 fixed in 2.0 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-31684 | HIGH7.5 | net.minidev:json-smart 1.3.2 fixed in 1.3.3, 2.4.4 | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-1370 | HIGH7.5 | net.minidev:json-smart 1.3.2 fixed in 2.4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-39410 | HIGH7.5 | org.apache.avro:avro 1.7.7 fixed in 1.11.3 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2020-13949 | HIGH7.5 | org.apache.thrift:libthrift 0.13.0 fixed in 0.14.0 | 6.8% Low-Moderate Risk | Directly Exposed |
| CVE-2018-1320 | HIGH7.5 | org.apache.thrift:libthrift 0.6.1 fixed in 0.9.3-1, 0.12.0 | 8.2% Low-Moderate Risk | Directly Exposed |
| CVE-2019-0205 | HIGH7.5 | org.apache.thrift:libthrift 0.6.1 fixed in 0.13.0 | 9.1% Low-Moderate Risk | Directly Exposed |
| CVE-2018-1320 | HIGH7.5 | org.apache.thrift:libthrift 0.9.3 fixed in 0.9.3-1, 0.12.0 | 8.2% Low-Moderate Risk | Directly Exposed |
| CVE-2019-0205 | HIGH7.5 | org.apache.thrift:libthrift 0.9.3 fixed in 0.13.0 | 9.1% Low-Moderate Risk | Directly Exposed |
| CVE-2020-13949 | HIGH7.5 | org.apache.thrift:libthrift 0.9.3 fixed in 0.14.0 | 6.8% Low-Moderate Risk | Directly Exposed |
| CVE-2026-24308 | HIGH7.5 | org.apache.zookeeper:zookeeper 3.8.4 fixed in 3.9.5, 3.8.6 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-40150 | HIGH7.5 | org.codehaus.jettison:jettison 1.1 fixed in 1.5.2 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-45685 | HIGH7.5 | org.codehaus.jettison:jettison 1.1 fixed in 1.5.2 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-45693 | HIGH7.5 | org.codehaus.jettison:jettison 1.1 fixed in 1.5.2 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2023-1436 | HIGH7.5 | org.codehaus.jettison:jettison 1.1 fixed in 1.5.4 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-40149 | HIGH7.5 | org.codehaus.jettison:jettison 1.1 fixed in 1.5.1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-40150 | HIGH7.5 | org.codehaus.jettison:jettison 1.3.1 fixed in 1.5.2 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-45685 | HIGH7.5 | org.codehaus.jettison:jettison 1.3.1 fixed in 1.5.2 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-45693 | HIGH7.5 | org.codehaus.jettison:jettison 1.3.1 fixed in 1.5.2 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2023-1436 | HIGH7.5 | org.codehaus.jettison:jettison 1.3.1 fixed in 1.5.4 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-40149 | HIGH7.5 | org.codehaus.jettison:jettison 1.3.1 fixed in 1.5.1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41404 | HIGH7.5 | org.ini4j:ini4j 0.5.4 No fix yet | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34455 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.2 fixed in 1.1.10.1 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-43642 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.2 fixed in 1.1.10.4 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34453 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.2 fixed in 1.1.10.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34454 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.2 fixed in 1.1.10.1 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2025-67030 | HIGH7.48 | org.codehaus.plexus:plexus-utils 3.1.0 fixed in 4.0.3, 3.6.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-0861 | MEDIUM6.88 | libc6 2.36-9+deb12u13 fixed in 2.36-9+deb12u14 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-25646 | MEDIUM6.88 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u3 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM6.88 | io.netty:netty-handler 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45674 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2021-21295 | MEDIUM6.79 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 18.9% High Exploitation Risk | Directly Exposed |
| CVE-2021-21295 | MEDIUM6.79 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 18.9% High Exploitation Risk | Directly Exposed |
| CVE-2026-25210 | MEDIUM6.63 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22801 | MEDIUM6.63 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u2 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-13601 | MEDIUM6.54 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2021-37533 | MEDIUM6.5 | commons-net:commons-net 3.6 fixed in 3.9.0 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-43797 | MEDIUM6.5 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-43797 | MEDIUM6.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2018-11798 | MEDIUM6.5 | org.apache.thrift:libthrift 0.9.3 fixed in 0.12.0 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2026-33636 | MEDIUM6.46 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45186 | MEDIUM6.38 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41254 | MEDIUM6.38 | liblcms2-2 2.14-2 fixed in 2.14-2+deb12u1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-21945 | MEDIUM6.38 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.18+8-1~deb12u1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34282 | MEDIUM6.38 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.13.2 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2022-3509 | MEDIUM6.38 | com.google.protobuf:protobuf-java 3.7.1 fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2022-3510 | MEDIUM6.38 | com.google.protobuf:protobuf-java 3.7.1 fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2023-52428 | MEDIUM6.38 | com.nimbusds:nimbus-jose-jwt 9.8.1 fixed in 9.37.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-67721 | MEDIUM6.38 | io.airlift:aircompressor 0.21 fixed in 2.0.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-67721 | MEDIUM6.38 | io.airlift:aircompressor 0.27 fixed in 2.0.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-67721 | MEDIUM6.38 | io.airlift:aircompressor 2.0.2 fixed in 2.0.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-55163 | MEDIUM6.38 | io.grpc:grpc-netty-shaded 1.59.0 fixed in 1.75.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.6.Final fixed in 4.1.132.Final, 4.2.11.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.6.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.2.6.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34479 | MEDIUM6.38 | org.apache.logging.log4j:log4j-1.2-api 2.22.1 fixed in 2.25.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34478 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.22.1 fixed in 2.25.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.22.1 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk18on 1.78.1 fixed in 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5598 | MEDIUM6.38 | org.bouncycastle:bcprov-jdk18on 1.78.1 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-1605 | MEDIUM6.38 | org.eclipse.jetty:jetty-server 12.0.25 fixed in 12.1.6, 12.0.32 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-66566 | MEDIUM6.38 | org.lz4:lz4-java 1.8.0 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66453 | MEDIUM6.38 | org.mozilla:rhino 1.7.14 fixed in 1.7.14.1, 1.7.15.1, 1.8.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42198 | MEDIUM6.38 | org.postgresql:postgresql 42.7.2 fixed in 42.7.11 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-21932 | MEDIUM6.29 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.18+8-1~deb12u1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-24281 | MEDIUM6.29 | org.apache.zookeeper:zookeeper 3.8.4 fixed in 3.8.6, 3.9.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-43869 | MEDIUM6.21 | org.apache.thrift:libthrift 0.13.0 fixed in 0.23.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-43869 | MEDIUM6.21 | org.apache.thrift:libthrift 0.6.1 fixed in 0.23.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-43869 | MEDIUM6.21 | org.apache.thrift:libthrift 0.9.3 fixed in 0.23.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-64720 | MEDIUM6.03 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-65018 | MEDIUM6.03 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-66293 | MEDIUM6.03 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22695 | MEDIUM6.03 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 14.0.1 fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 30.1.1-jre fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2018-10237 | MEDIUM5.9 | com.google.guava:guava 14.0.1 fixed in 24.1.1-android | 5.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-21409 | MEDIUM5.9 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-21409 | MEDIUM5.9 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-35554 | MEDIUM5.78 | org.apache.kafka:kafka-clients 3.9.1 fixed in 3.9.2, 4.0.2, 4.1.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-40490 | MEDIUM5.78 | org.asynchttpclient:async-http-client 3.0.2 fixed in 3.0.9, 2.14.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libc6 2.36-9+deb12u13 fixed in 2.36-9+deb12u14 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | libc6 2.36-9+deb12u13 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-14512 | MEDIUM5.52 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u8 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-67735 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.8.Final, 4.1.129.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.78.1 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-11143 | MEDIUM5.52 | org.eclipse.jetty:jetty-http 12.0.25 fixed in 12.0.31, 12.1.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-11143 | MEDIUM5.52 | org.eclipse.jetty:jetty-http 9.4.43.v20210629 fixed in 12.0.31, 12.1.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-11143 | MEDIUM5.52 | org.eclipse.jetty:jetty-http 9.4.51.v20230217 fixed in 12.0.31, 12.1.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-12183 | MEDIUM5.52 | org.lz4:lz4-java 1.8.0 fixed in 1.8.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-40458 | MEDIUM5.52 | org.pac4j:pac4j-core 5.7.3 fixed in 5.7.10, 6.4.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2021-29425 | MEDIUM5.52 | commons-io:commons-io 2.4 fixed in 2.7 | 10.6% High Exploitation Risk | Directly Exposed |
| CVE-2021-22569 | MEDIUM5.5 | com.google.protobuf:protobuf-java 3.7.1 fixed in 3.16.1, 3.18.2, 3.19.2 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-21290 | MEDIUM5.5 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2021-21290 | MEDIUM5.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2019-1010024 | MEDIUM5.3 | libc6 2.36-9+deb12u13 No fix yet | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2019-1010025 | MEDIUM5.3 | libc6 2.36-9+deb12u13 No fix yet | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2025-59375 | MEDIUM5.3 | libexpat1 2.5.0-1+deb12u2 No fix yet | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-13956 | MEDIUM5.3 | org.apache.httpcomponents:httpclient 4.5.2 fixed in 4.5.13, 5.0.3 | 8.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-40167 | MEDIUM5.3 | org.eclipse.jetty:jetty-http 9.4.43.v20210629 fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-40167 | MEDIUM5.3 | org.eclipse.jetty:jetty-http 9.4.51.v20230217 fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-28162 | MEDIUM5.27 | libpng16-16 1.6.39-2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-64506 | MEDIUM5.18 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-14104 | MEDIUM5.18 | libuuid1 2.38.1-5+deb12u3 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-21933 | MEDIUM5.18 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.18+8-1~deb12u1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-22227 | MEDIUM5.18 | io.projectreactor.netty:reactor-netty-http 1.0.48 fixed in 1.3.0-M5, 1.2.8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | libc6 2.36-9+deb12u13 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-15281 | MEDIUM5.02 | libc6 2.36-9+deb12u13 fixed in 2.36-9+deb12u14 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50219 | MEDIUM5.02 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.22.1 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2012-0039 | MEDIUM5 | libglib2.0-0 2.74.6-2+deb12u7 No fix yet | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-53864 | MEDIUM4.93 | com.nimbusds:nimbus-jose-jwt 10.0.1 fixed in 10.0.2, 9.37.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-53864 | MEDIUM4.93 | com.nimbusds:nimbus-jose-jwt 9.37.2 fixed in 10.0.2, 9.37.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-53864 | MEDIUM4.93 | com.nimbusds:nimbus-jose-jwt 9.40 fixed in 10.0.2, 9.37.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-53864 | MEDIUM4.93 | com.nimbusds:nimbus-jose-jwt 9.8.1 fixed in 10.0.2, 9.37.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | gcc-12-base 12.2.0-14+deb12u1 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-66382 | MEDIUM4.67 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32776 | MEDIUM4.67 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-32777 | MEDIUM4.67 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32778 | MEDIUM4.67 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2023-52426 | MEDIUM4.67 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libgcc-s1 12.2.0-14+deb12u1 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2021-4214 | MEDIUM4.67 | libpng16-16 1.6.39-2 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libstdc++6 12.2.0-14+deb12u1 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2022-0563 | MEDIUM4.67 | libuuid1 2.38.1-5+deb12u3 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib1g 1:1.2.13.dfsg-1 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-23015 | MEDIUM4.67 | org.apache.cassandra:cassandra-all 1.0.8 fixed in 5.0.3, 4.1.8, 4.0.16, 3.11.18, 3.0.31 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-25710 | MEDIUM4.67 | org.apache.commons:commons-compress 1.21 fixed in 1.26.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-26308 | MEDIUM4.67 | org.apache.commons:commons-compress 1.21 fixed in 1.26.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-1489 | MEDIUM4.59 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2019-17571 | MEDIUM4.58 | log4j:log4j 1.2.17 No fix yet | 69.1% Actively Exploited | Post-Exploit |
| CVE-2022-23305 | MEDIUM4.58 | log4j:log4j 1.2.17 No fix yet | 67.5% Actively Exploited | Post-Exploit |
| CVE-2022-1471 | MEDIUM4.58 | org.yaml:snakeyaml 1.33 fixed in 2.0 | 99.6% Actively Exploited | Post-Exploit |
| CVE-2026-0915 | MEDIUM4.5 | libc6 2.36-9+deb12u13 fixed in 2.36-9+deb12u14 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libc6 2.36-9+deb12u13 fixed in 2.36-9+deb12u14 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-22693 | MEDIUM4.5 | libharfbuzz0b 6.0.0+dfsg-3 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-3713 | MEDIUM4.5 | libpng16-16 1.6.39-2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-3184 | MEDIUM4.5 | libuuid1 2.38.1-5+deb12u3 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-1002 | MEDIUM4.5 | io.vertx:vertx-core 4.5.14 fixed in 4.5.24, 5.0.7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6860 | MEDIUM4.5 | io.vertx:vertx-core 4.5.14 fixed in 4.5.27, 5.0.12 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-8916 | MEDIUM4.5 | org.bouncycastle:bcpkix-jdk18on 1.78.1 fixed in 1.79 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-6763 | MEDIUM4.5 | org.eclipse.jetty:jetty-http 9.4.43.v20210629 fixed in 12.0.12 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2024-6763 | MEDIUM4.5 | org.eclipse.jetty:jetty-http 9.4.51.v20230217 fixed in 12.0.12 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2024-29131 | MEDIUM4.4 | org.apache.commons:commons-configuration2 2.1.1 fixed in 2.10.1 | 2.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29133 | MEDIUM4.4 | org.apache.commons:commons-configuration2 2.1.1 fixed in 2.10.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29131 | MEDIUM4.4 | org.apache.commons:commons-configuration2 2.8.0 fixed in 2.10.1 | 2.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29133 | MEDIUM4.4 | org.apache.commons:commons-configuration2 2.8.0 fixed in 2.10.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-47554 | MEDIUM4.3 | commons-io:commons-io 2.4 fixed in 2.14.0 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-47554 | MEDIUM4.3 | commons-io:commons-io 2.8.0 fixed in 2.14.0 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2021-44521 | MEDIUM4.26 | org.apache.cassandra:cassandra-all 1.0.8 fixed in 3.0.26, 3.11.12, 4.0.2 | 54.9% Actively Exploited | Post-Exploit |
| CVE-2026-5450 | MEDIUM4.25 | libc6 2.36-9+deb12u13 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | libc6 2.36-9+deb12u13 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-28164 | MEDIUM4.25 | libpng16-16 1.6.39-2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2022-23307 | MEDIUM4.12 | log4j:log4j 1.2.17 No fix yet | 52.5% Actively Exploited | Post-Exploit |
| CVE-2022-23302 | MEDIUM4.12 | log4j:log4j 1.2.17 No fix yet | 61.8% Actively Exploited | Post-Exploit |
| CVE-2026-21925 | MEDIUM4.08 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.18+8-1~deb12u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.22.1 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid1 2.38.1-5+deb12u3 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2010-4756 | MEDIUM4 | libc6 2.36-9+deb12u13 No fix yet | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2019-20445 | LOW3.77 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 13.5% High Exploitation Risk | Post-Exploit |
| CVE-2019-20445 | LOW3.77 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 13.5% High Exploitation Risk | Post-Exploit |
| CVE-2025-64505 | LOW3.74 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34757 | LOW3.74 | libpng16-16 1.6.39-2 fixed in 1.6.39-2+deb12u5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.12.0 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-1484 | LOW3.57 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2019-1010022 | LOW3.53 | libc6 2.36-9+deb12u13 No fix yet | 3.2% Low-Moderate Risk | Post-Exploit |
| CVE-2023-45853 | LOW3.53 | zlib1g 1:1.2.13.dfsg-1 No fix yet | 2.9% Low-Moderate Risk | Post-Exploit |
| CVE-2022-46337 | LOW3.53 | org.apache.derby:derby 10.14.2.0 fixed in 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2021-4104 | LOW3.51 | log4j:log4j 1.2.17 No fix yet | 81.1% Actively Exploited | Post-Exploit |
| CVE-2026-4438 | LOW3.4 | libc6 2.36-9+deb12u13 fixed in 2.36-9+deb12u14 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-49128 | LOW3.4 | com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.13.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-kqueue 4.2.6.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2019-20444 | LOW3.28 | io.netty:netty 3.10.5.Final fixed in 4.0.0 | 8.7% Low-Moderate Risk | Post-Exploit |
| CVE-2019-20444 | LOW3.28 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 8.7% Low-Moderate Risk | Post-Exploit |
| CVE-2019-1010023 | LOW3.17 | libc6 2.36-9+deb12u13 No fix yet | 3.1% Low-Moderate Risk | Post-Exploit |
| CVE-2025-48734 | LOW3.17 | commons-beanutils:commons-beanutils 1.9.4 fixed in 1.11.0 | 1.5% Low-Moderate Risk | Post-Exploit |
| CVE-2026-41080 | LOW3.15 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0988 | LOW3.15 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u9 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2022-40152 | LOW3.1 | com.fasterxml.woodstox:woodstox-core 5.3.0 fixed in 6.4.0, 5.4.0 | 19.5% High Exploitation Risk | Post-Exploit |
| CVE-2021-33813 | LOW3.1 | org.jdom:jdom2 2.0.6 fixed in 2.0.6.1 | 19.4% High Exploitation Risk | Post-Exploit |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 14.0.1 fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 30.1.1-jre fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-22007 | LOW2.46 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk-17-jre-headless 17.0.17+10-1~deb12u1 fixed in 17.0.19+10-1~deb12u2 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-1485 | LOW2.38 | libglib2.0-0 2.74.6-2+deb12u7 fixed in 2.74.6-2+deb12u9 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2022-2047 | LOW2.29 | org.eclipse.jetty:jetty-http 9.4.43.v20210629 fixed in 9.4.47, 10.0.10, 11.0.10 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-24515 | LOW2.12 | libexpat1 2.5.0-1+deb12u2 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-48924 | NONE0 | commons-lang:commons-lang 2.5 No fix yet | 2.2% Low-Moderate Risk | Not Applicable |
| CVE-2025-48924 | NONE0 | commons-lang:commons-lang 2.6 No fix yet | 2.2% Low-Moderate Risk | Not Applicable |
| CVE-2026-50593 | NONE0 | libgraphite2-3 1.3.14-1 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2025-29070 | NONE0 | liblcms2-2 2.14-2 No fix yet | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-53613 | NONE0 | libuuid1 2.38.1-5+deb12u3 No fix yet | — | Not Applicable |
| CVE-2026-53615 | NONE0 | libuuid1 2.38.1-5+deb12u3 No fix yet | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.13.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.18.1 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.19.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2024-36114 | NONE0 | io.airlift:aircompressor 0.21 fixed in 0.27 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec-compression 4.2.6.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42577 | NONE0 | io.netty:netty-transport-native-epoll 4.2.6.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-45205 | NONE0 | org.apache.commons:commons-configuration2 2.10.1 fixed in 2.15.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-45205 | NONE0 | org.apache.commons:commons-configuration2 2.8.0 fixed in 2.15.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-23906 | NONE0 | org.apache.druid.extensions:druid-basic-security 35.0.0 fixed in 36.0.0 | 1.0% Low-Moderate Risk | Not Applicable |
| CVE-2024-23454 | NONE0 | org.apache.hadoop:hadoop-common 3.3.6 fixed in 3.4.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-33558 | NONE0 | org.apache.kafka:kafka-clients 3.9.1 fixed in 3.9.2, 4.0.1 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-59059 | NONE0 | org.apache.ranger:ranger-plugins-common 2.7.0 fixed in 2.8.0 | 1.2% Low-Moderate Risk | Not Applicable |
| CVE-2026-45300 | NONE0 | org.asynchttpclient:async-http-client 3.0.2 fixed in 3.0.10, 2.15.0 | 0.3% Theoretical Threat | Not Applicable |
| GHSA-58qw-p7qm-5rvh | NONE0 | org.eclipse.jetty:jetty-xml 9.4.43.v20210629 fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 | — | Not Applicable |
| GHSA-58qw-p7qm-5rvh | NONE0 | org.eclipse.jetty:jetty-xml 9.4.51.v20230217 fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 | — | Not Applicable |