Vulnerability Reportapache/druid:37.0.0

apache/druid:37.0.0
DIGESTsha256:0116fb802786649fc3635d6d4ab5be4da8abee3edafbe95c7f358a564d4c82e8

Executive Summary

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit multiple HTTP request smuggling vulnerabilities (e.g., CVE-2019-20445, CVE-2026-42581) to poison caches, hijack sessions, or access sensitive data. With 196 exposed vulnerabilities including 47 of high severity, the attack surface is unacceptably large for any production workload.

Vulnerabilities

Vulnerability Log

212 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2019-20445CRITICAL10
io.netty:netty
3.10.5.Final
fixed in 4.0.0
13.5%
High Exploitation Risk
Directly ExposedContext importance: HIGH
CVE-2019-20445CRITICAL10
io.netty:netty
3.10.6.Final
fixed in 4.0.0
13.5%
High Exploitation Risk
Directly ExposedContext importance: HIGH
CVE-2019-20444CRITICAL9.1
io.netty:netty
3.10.5.Final
fixed in 4.0.0
8.7%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2019-20444CRITICAL9.1
io.netty:netty
3.10.6.Final
fixed in 4.0.0
8.7%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-42581HIGH8.33
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-42579HIGH7.73
io.netty:netty-codec-dns
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42584HIGH7.73
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2332HIGH7.73
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 12.1.7, 12.0.33
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2332HIGH7.73
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 12.1.7, 12.0.33
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-25638HIGH7.57
dnsjava:dnsjava
2.1.7
fixed in 3.6.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2018-20796HIGH7.5
libc6
2.36-9+deb12u13
No fix yet
5.8%
Low-Moderate Risk
Directly Exposed
CVE-2019-9192HIGH7.5
libc6
2.36-9+deb12u13
No fix yet
2.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-28757HIGH7.5
libexpat1
2.5.0-1+deb12u2
No fix yet
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-25193HIGH7.5
libharfbuzz0b
6.0.0+dfsg-3
No fix yet
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2026-33416HIGH7.5
libpng16-16
1.6.39-2+deb12u3
fixed in 1.6.39-2+deb12u4
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-42003HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.12.7
fixed in 2.12.7.1, 2.13.4.2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-42004HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.12.7
fixed in 2.12.7.1, 2.13.4
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-42003HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.13.2.2
fixed in 2.12.7.1, 2.13.4.2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-42004HIGH7.5
com.fasterxml.jackson.core:jackson-databind
2.13.2.2
fixed in 2.12.7.1, 2.13.4
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-7254HIGH7.5
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.25.5, 4.27.5, 4.28.2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-3171HIGH7.5
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.21.7, 3.20.3, 3.19.6, 3.16.3
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-37136HIGH7.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
5.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-37137HIGH7.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
6.3%
Low-Moderate Risk
Directly Exposed
CVE-2021-37136HIGH7.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
5.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-37137HIGH7.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
6.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-26464HIGH7.5
log4j:log4j
1.2.17
fixed in 2.0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2021-31684HIGH7.5
net.minidev:json-smart
1.3.2
fixed in 1.3.3, 2.4.4
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-1370HIGH7.5
net.minidev:json-smart
1.3.2
fixed in 2.4.9
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-39410HIGH7.5
org.apache.avro:avro
1.7.7
fixed in 1.11.3
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2020-13949HIGH7.5
org.apache.thrift:libthrift
0.13.0
fixed in 0.14.0
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2018-1320HIGH7.5
org.apache.thrift:libthrift
0.6.1
fixed in 0.9.3-1, 0.12.0
8.2%
Low-Moderate Risk
Directly Exposed
CVE-2019-0205HIGH7.5
org.apache.thrift:libthrift
0.6.1
fixed in 0.13.0
9.1%
Low-Moderate Risk
Directly Exposed
CVE-2018-1320HIGH7.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.9.3-1, 0.12.0
8.2%
Low-Moderate Risk
Directly Exposed
CVE-2019-0205HIGH7.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.13.0
9.1%
Low-Moderate Risk
Directly Exposed
CVE-2020-13949HIGH7.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.14.0
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40150HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.2
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-45685HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-45693HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-1436HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-40149HIGH7.5
org.codehaus.jettison:jettison
1.1
fixed in 1.5.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-40150HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.2
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-45685HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-45693HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.2
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-1436HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-40149HIGH7.5
org.codehaus.jettison:jettison
1.3.1
fixed in 1.5.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-41404HIGH7.5
org.ini4j:ini4j
0.5.4
No fix yet
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-47561HIGH7.04
org.apache.avro:avro
1.7.7
fixed in 1.11.4
3.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-0861MEDIUM6.88
libc6
2.36-9+deb12u13
fixed in 2.36-9+deb12u14
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44249MEDIUM6.88
io.netty:netty-handler
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-45674MEDIUM6.8
io.netty:netty-resolver-dns
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-47691MEDIUM6.8
io.netty:netty-resolver-dns
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2021-21295MEDIUM6.79
io.netty:netty
3.10.5.Final
fixed in 4.0.0
18.9%
High Exploitation Risk
Directly Exposed
CVE-2021-21295MEDIUM6.79
io.netty:netty
3.10.6.Final
fixed in 4.0.0
18.9%
High Exploitation Risk
Directly Exposed
CVE-2026-25210MEDIUM6.63
libexpat1
2.5.0-1+deb12u2
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2021-37533MEDIUM6.5
commons-net:commons-net
3.6
fixed in 3.9.0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2021-43797MEDIUM6.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-43797MEDIUM6.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2018-11798MEDIUM6.5
org.apache.thrift:libthrift
0.9.3
fixed in 0.12.0
4.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-33636MEDIUM6.46
libpng16-16
1.6.39-2+deb12u3
fixed in 1.6.39-2+deb12u4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat1
2.5.0-1+deb12u2
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41254MEDIUM6.38
liblcms2-2
2.14-2
fixed in 2.14-2+deb12u1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22016MEDIUM6.38
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34282MEDIUM6.38
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.12.7
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.13.2
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-3509MEDIUM6.38
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-3510MEDIUM6.38
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-52428MEDIUM6.38
com.nimbusds:nimbus-jose-jwt
9.8.1
fixed in 9.37.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-55163MEDIUM6.38
io.grpc:grpc-netty-shaded
1.59.0
fixed in 1.75.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42585MEDIUM6.38
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-48043MEDIUM6.38
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.1.135.Final, 4.2.15.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-45416MEDIUM6.38
io.netty:netty-handler
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-50010MEDIUM6.38
io.netty:netty-handler
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42578MEDIUM6.38
io.netty:netty-handler-proxy
4.2.12.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34479MEDIUM6.38
org.apache.logging.log4j:log4j-1.2-api
2.25.3
fixed in 2.25.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34478MEDIUM6.38
org.apache.logging.log4j:log4j-core
2.25.3
fixed in 2.25.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34480MEDIUM6.38
org.apache.logging.log4j:log4j-core
2.25.3
fixed in 2.25.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-5588MEDIUM6.38
org.bouncycastle:bcpkix-jdk18on
1.82
fixed in 1.84
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-5598MEDIUM6.38
org.bouncycastle:bcprov-jdk18on
1.82
fixed in 1.84
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42198MEDIUM6.38
org.postgresql:postgresql
42.7.2
fixed in 42.7.11
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-43869MEDIUM6.21
org.apache.thrift:libthrift
0.13.0
fixed in 0.23.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43869MEDIUM6.21
org.apache.thrift:libthrift
0.6.1
fixed in 0.23.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43869MEDIUM6.21
org.apache.thrift:libthrift
0.9.3
fixed in 0.23.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-2976MEDIUM6.03
com.google.guava:guava
14.0.1
fixed in 32.0.0-android
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-2976MEDIUM6.03
com.google.guava:guava
30.1.1-jre
fixed in 32.0.0-android
0.2%
Theoretical Threat
Directly Exposed
CVE-2018-10237MEDIUM5.9
com.google.guava:guava
14.0.1
fixed in 24.1.1-android
5.1%
Low-Moderate Risk
Directly Exposed
CVE-2021-21409MEDIUM5.9
io.netty:netty
3.10.5.Final
fixed in 4.0.0
4.9%
Low-Moderate Risk
Directly Exposed
CVE-2021-21409MEDIUM5.9
io.netty:netty
3.10.6.Final
fixed in 4.0.0
4.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-45673MEDIUM5.78
io.netty:netty-resolver-dns
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-35554MEDIUM5.78
org.apache.kafka:kafka-clients
3.9.1
fixed in 3.9.2, 4.0.2, 4.1.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-40490MEDIUM5.78
org.asynchttpclient:async-http-client
3.0.2
fixed in 3.0.9, 2.14.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4437MEDIUM5.52
libc6
2.36-9+deb12u13
fixed in 2.36-9+deb12u14
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6238MEDIUM5.52
libc6
2.36-9+deb12u13
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41417MEDIUM5.52
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42580MEDIUM5.52
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-0636MEDIUM5.52
org.bouncycastle:bcprov-jdk18on
1.82
fixed in 1.84
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-11143MEDIUM5.52
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 12.0.31, 12.1.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-11143MEDIUM5.52
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 12.0.31, 12.1.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40458MEDIUM5.52
org.pac4j:pac4j-core
5.7.3
fixed in 5.7.10, 6.4.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2021-29425MEDIUM5.52
commons-io:commons-io
2.4
fixed in 2.7
10.6%
High Exploitation Risk
Directly Exposed
CVE-2021-22569MEDIUM5.5
com.google.protobuf:protobuf-java
3.7.1
fixed in 3.16.1, 3.18.2, 3.19.2
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-21290MEDIUM5.5
io.netty:netty
3.10.5.Final
fixed in 4.0.0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2021-21290MEDIUM5.5
io.netty:netty
3.10.6.Final
fixed in 4.0.0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2019-1010024MEDIUM5.3
libc6
2.36-9+deb12u13
No fix yet
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2019-1010025MEDIUM5.3
libc6
2.36-9+deb12u13
No fix yet
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-59375MEDIUM5.3
libexpat1
2.5.0-1+deb12u2
No fix yet
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2020-13956MEDIUM5.3
org.apache.httpcomponents:httpclient
4.5.2
fixed in 4.5.13, 5.0.3
8.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-40167MEDIUM5.3
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-40167MEDIUM5.3
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-28162MEDIUM5.27
libpng16-16
1.6.39-2+deb12u3
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-14104MEDIUM5.18
libuuid1
2.38.1-5+deb12u3
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22227MEDIUM5.18
io.projectreactor.netty:reactor-netty-http
1.0.48
fixed in 1.3.0-M5, 1.2.8
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-5435MEDIUM5.02
libc6
2.36-9+deb12u13
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-15281MEDIUM5.02
libc6
2.36-9+deb12u13
fixed in 2.36-9+deb12u14
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat1
2.5.0-1+deb12u2
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-34477MEDIUM5.02
org.apache.logging.log4j:log4j-core
2.25.3
fixed in 2.25.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2012-0039MEDIUM5
libglib2.0-0
2.74.6-2+deb12u8
No fix yet
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
10.0.1
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
9.37.2
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
9.40
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-53864MEDIUM4.93
com.nimbusds:nimbus-jose-jwt
9.8.1
fixed in 10.0.2, 9.37.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
gcc-12-base
12.2.0-14+deb12u1
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-66382MEDIUM4.67
libexpat1
2.5.0-1+deb12u2
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat1
2.5.0-1+deb12u2
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat1
2.5.0-1+deb12u2
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat1
2.5.0-1+deb12u2
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2023-52426MEDIUM4.67
libexpat1
2.5.0-1+deb12u2
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
libgcc-s1
12.2.0-14+deb12u1
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2021-4214MEDIUM4.67
libpng16-16
1.6.39-2+deb12u3
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
libstdc++6
12.2.0-14+deb12u1
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid1
2.38.1-5+deb12u3
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib1g
1:1.2.13.dfsg-1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-23015MEDIUM4.67
org.apache.cassandra:cassandra-all
1.0.8
fixed in 5.0.3, 4.1.8, 4.0.16, 3.11.18, 3.0.31
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-25710MEDIUM4.67
org.apache.commons:commons-compress
1.21
fixed in 1.26.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-26308MEDIUM4.67
org.apache.commons:commons-compress
1.21
fixed in 1.26.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-1489MEDIUM4.59
libglib2.0-0
2.74.6-2+deb12u8
fixed in 2.74.6-2+deb12u9
0.3%
Theoretical Threat
Directly Exposed
CVE-2019-17571MEDIUM4.58
log4j:log4j
1.2.17
No fix yet
69.1%
Actively Exploited
Post-Exploit
CVE-2022-23305MEDIUM4.58
log4j:log4j
1.2.17
No fix yet
67.5%
Actively Exploited
Post-Exploit
CVE-2022-1471MEDIUM4.58
org.yaml:snakeyaml
1.33
fixed in 2.0
99.6%
Actively Exploited
Post-Exploit
CVE-2026-0915MEDIUM4.5
libc6
2.36-9+deb12u13
fixed in 2.36-9+deb12u14
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
libc6
2.36-9+deb12u13
fixed in 2.36-9+deb12u14
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22693MEDIUM4.5
libharfbuzz0b
6.0.0+dfsg-3
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-3713MEDIUM4.5
libpng16-16
1.6.39-2+deb12u3
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3184MEDIUM4.5
libuuid1
2.38.1-5+deb12u3
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22013MEDIUM4.5
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22021MEDIUM4.5
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50020MEDIUM4.5
io.netty:netty-codec-http
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-47244MEDIUM4.5
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50560MEDIUM4.5
io.netty:netty-codec-http2
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6860MEDIUM4.5
io.vertx:vertx-core
4.5.24
fixed in 4.5.27, 5.0.12
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-6763MEDIUM4.5
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 12.0.12
1.0%
Theoretical Threat
Directly Exposed
CVE-2024-6763MEDIUM4.5
org.eclipse.jetty:jetty-http
9.4.51.v20230217
fixed in 12.0.12
1.0%
Theoretical Threat
Directly Exposed
CVE-2024-29131MEDIUM4.4
org.apache.commons:commons-configuration2
2.1.1
fixed in 2.10.1
2.1%
Low-Moderate Risk
Directly Exposed
CVE-2024-29133MEDIUM4.4
org.apache.commons:commons-configuration2
2.1.1
fixed in 2.10.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-29131MEDIUM4.4
org.apache.commons:commons-configuration2
2.8.0
fixed in 2.10.1
2.1%
Low-Moderate Risk
Directly Exposed
CVE-2024-29133MEDIUM4.4
org.apache.commons:commons-configuration2
2.8.0
fixed in 2.10.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-47554MEDIUM4.3
commons-io:commons-io
2.4
fixed in 2.14.0
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-47554MEDIUM4.3
commons-io:commons-io
2.8.0
fixed in 2.14.0
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2021-44521MEDIUM4.26
org.apache.cassandra:cassandra-all
1.0.8
fixed in 3.0.26, 3.11.12, 4.0.2
54.9%
Actively Exploited
Post-Exploit
CVE-2026-5450MEDIUM4.25
libc6
2.36-9+deb12u13
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-5928MEDIUM4.25
libc6
2.36-9+deb12u13
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-28164MEDIUM4.25
libpng16-16
1.6.39-2+deb12u3
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2022-23307MEDIUM4.12
log4j:log4j
1.2.17
No fix yet
52.5%
Actively Exploited
Post-Exploit
CVE-2022-23302MEDIUM4.12
log4j:log4j
1.2.17
No fix yet
61.8%
Actively Exploited
Post-Exploit
CVE-2026-27456MEDIUM4
libuuid1
2.38.1-5+deb12u3
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2010-4756MEDIUM4
libc6
2.36-9+deb12u13
No fix yet
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2026-34757LOW3.74
libpng16-16
1.6.39-2+deb12u3
fixed in 1.6.39-2+deb12u5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-48924LOW3.7
org.apache.commons:commons-lang3
3.12.0
fixed in 3.18.0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-1484LOW3.57
libglib2.0-0
2.74.6-2+deb12u8
fixed in 2.74.6-2+deb12u9
0.3%
Theoretical Threat
Directly Exposed
CVE-2019-1010022LOW3.53
libc6
2.36-9+deb12u13
No fix yet
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-45853LOW3.53
zlib1g
1:1.2.13.dfsg-1
No fix yet
2.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-46337LOW3.53
org.apache.derby:derby
10.14.2.0
fixed in 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-4104LOW3.51
log4j:log4j
1.2.17
No fix yet
81.1%
Actively Exploited
Post-Exploit
CVE-2026-4438LOW3.4
libc6
2.36-9+deb12u13
fixed in 2.36-9+deb12u14
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-49128LOW3.4
com.fasterxml.jackson.core:jackson-core
2.12.7
fixed in 2.13.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-epoll
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-kqueue
4.2.12.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2019-1010023LOW3.17
libc6
2.36-9+deb12u13
No fix yet
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-48734LOW3.17
commons-beanutils:commons-beanutils
1.9.4
fixed in 1.11.0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2026-41080LOW3.15
libexpat1
2.5.0-1+deb12u2
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-0988LOW3.15
libglib2.0-0
2.74.6-2+deb12u8
fixed in 2.74.6-2+deb12u9
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22018LOW3.15
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-40152LOW3.1
com.fasterxml.woodstox:woodstox-core
5.3.0
fixed in 6.4.0, 5.4.0
19.5%
High Exploitation Risk
Post-Exploit
CVE-2021-33813LOW3.1
org.jdom:jdom2
2.0.6
fixed in 2.0.6.1
19.4%
High Exploitation Risk
Post-Exploit
CVE-2020-8908LOW2.8
com.google.guava:guava
14.0.1
fixed in 32.0.0-android
1.0%
Theoretical Threat
Directly Exposed
CVE-2020-8908LOW2.8
com.google.guava:guava
30.1.1-jre
fixed in 32.0.0-android
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-22007LOW2.46
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-34268LOW2.46
openjdk-17-jre-headless
17.0.18+8-1~deb12u1
fixed in 17.0.19+10-1~deb12u2
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-1485LOW2.38
libglib2.0-0
2.74.6-2+deb12u8
fixed in 2.74.6-2+deb12u9
0.1%
Theoretical Threat
Directly Exposed
CVE-2022-2047LOW2.29
org.eclipse.jetty:jetty-http
9.4.43.v20210629
fixed in 9.4.47, 10.0.10, 11.0.10
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-24515LOW2.12
libexpat1
2.5.0-1+deb12u2
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-48924NONE0
commons-lang:commons-lang
2.5
No fix yet
2.2%
Low-Moderate Risk
Not Applicable
CVE-2025-48924NONE0
commons-lang:commons-lang
2.6
No fix yet
2.2%
Low-Moderate Risk
Not Applicable
CVE-2026-50593NONE0
libgraphite2-3
1.3.14-1
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2025-29070NONE0
liblcms2-2
2.14-2
No fix yet
0.8%
Theoretical Threat
Not Applicable
CVE-2026-53613NONE0
libuuid1
2.38.1-5+deb12u3
No fix yet
Not Applicable
CVE-2026-53615NONE0
libuuid1
2.38.1-5+deb12u3
No fix yet
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.12.7
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.13.2
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.19.2
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.20.2
fixed in 2.21.1, 2.18.6
Not Applicable
CVE-2026-42583NONE0
io.netty:netty-codec-compression
4.2.12.Final
fixed in 4.2.13.Final
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42577NONE0
io.netty:netty-transport-native-epoll
4.2.12.Final
fixed in 4.2.13.Final
0.4%
Theoretical Threat
Not Applicable
CVE-2026-45205NONE0
org.apache.commons:commons-configuration2
2.10.1
fixed in 2.15.0
0.5%
Theoretical Threat
Not Applicable
CVE-2026-45205NONE0
org.apache.commons:commons-configuration2
2.8.0
fixed in 2.15.0
0.5%
Theoretical Threat
Not Applicable
CVE-2024-23454NONE0
org.apache.hadoop:hadoop-common
3.3.6
fixed in 3.4.0
0.4%
Theoretical Threat
Not Applicable
CVE-2026-33558NONE0
org.apache.kafka:kafka-clients
3.9.1
fixed in 3.9.2, 4.0.1
0.5%
Theoretical Threat
Not Applicable
CVE-2026-45300NONE0
org.asynchttpclient:async-http-client
3.0.2
fixed in 3.0.10, 2.15.0
0.3%
Theoretical Threat
Not Applicable
GHSA-58qw-p7qm-5rvhNONE0
org.eclipse.jetty:jetty-xml
9.4.43.v20210629
fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
Not Applicable
GHSA-58qw-p7qm-5rvhNONE0
org.eclipse.jetty:jetty-xml
9.4.51.v20230217
fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
Not Applicable