Vulnerability Reportapache/zeppelin:0.11.2

apache/zeppelin:0.11.2

DIGESTsha256:42abb8a82ca074c5a419beb69b4f714dc15dfefedb4c4f2a9fa5eb26377a1c30

Executive Summary

Threat ScoreDANGEROUS• Image contains 671 exposed vulnerabilities with maximum severity 10.0, including critical remote code execution flaws.• Critical CVEs such as CVE-2025-59340 (jinjava sandbox bypass) and CVE-2017-17485 (jackson-databind deserialization) allow unauthenticated RCE.• These vulnerabilities are reachable by default via Zeppelin's REST API and user notebooks, requiring no special configuration.• High community reputation and image pinning do not mitigate the severe security risk.

100/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (4M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker can achieve remote code execution by sending malicious template or JSON data to Zeppelin's REST API, leading to full compromise of the container and potentially the host. The image contains over 670 vulnerabilities, with 311 rated CVSS 7 or higher, exposing multiple unauthenticated RCE paths. No compensating controls can fully mitigate these risks, as the vulnerabilities are inherent to the default library stack.

Vulnerabilities

Vulnerability Log

702 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-59340	CRITICAL10	com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.8.1, 2.7.5	2.3% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2025-59340	CRITICAL10	com.hubspot.jinjava:jinjava 2.5.4 fixed in 2.8.1, 2.7.5	2.3% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2017-17485	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.4, 2.8.11, 2.7.9.2	50.0% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2017-7525	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.6.7.1, 2.7.9.1, 2.8.9	37.9% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2018-14718	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3	12.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2018-19362	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3	10.6% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2018-7489	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5	20.5% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2019-14540	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	10.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-8840	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3	26.6% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9547	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9548	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.3% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2019-14540	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	10.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-8840	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3	26.6% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9547	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9548	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.3% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2019-14540	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	10.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-8840	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3	26.6% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9547	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9548	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.3% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2019-14540	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	10.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-8840	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3	26.6% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9547	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.7% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2020-9548	CRITICAL10	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7	18.3% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2017-7657	CRITICAL10	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.25.v20180606, 9.3.24.v20180605	16.2% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2017-7658	CRITICAL10	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.25.v20180606, 9.3.24.v20180605, 9.4.11.v20180605	21.0% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2022-1471	CRITICAL10	org.yaml:snakeyaml 1.15 fixed in 2.0	99.6% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2022-1471	CRITICAL10	org.yaml:snakeyaml 1.28 fixed in 2.0	99.6% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2022-1471	CRITICAL10	org.yaml:snakeyaml 1.9 fixed in 2.0	99.6% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2023-47248	CRITICAL10	pyarrow 10.0.1 fixed in 14.0.1	18.3% High Exploitation Risk	Directly ExposedContext importance: HIGH
CVE-2024-3596	CRITICAL10	libgssapi-krb5-2 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Directly Exposed
CVE-2024-3596	CRITICAL10	libk5crypto3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Directly Exposed
CVE-2024-3596	CRITICAL10	libkrb5-3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Directly Exposed
CVE-2024-3596	CRITICAL10	libkrb5support0 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Directly Exposed
CVE-2022-23307	CRITICAL10	log4j:log4j 1.2.17 No fix yet	52.5% Actively Exploited	Directly Exposed
CVE-2022-23302	CRITICAL10	log4j:log4j 1.2.17 No fix yet	61.8% Actively Exploited	Directly Exposed
CVE-2023-4863	CRITICAL10	Pillow 9.2.0 fixed in 10.0.1	99.7% Actively Exploited	Directly Exposed
CVE-2016-1585	CRITICAL9.8	libapparmor1 2.13.3-7ubuntu5.3build2 fixed in 2.13.3-7ubuntu5.4	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-45491	CRITICAL9.8	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-45492	CRITICAL9.8	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7	1.4% Low-Moderate Risk	Directly Exposed
CVE-2024-56171	CRITICAL9.8	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2017-15095	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2	8.4% Low-Moderate Risk	Directly Exposed
CVE-2018-11307	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.7.9.4, 2.8.11.2, 2.9.6	5.7% Low-Moderate Risk	Directly Exposed
CVE-2018-14719	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.7, 2.8.11.3, 2.7.9.5	9.7% Low-Moderate Risk	Directly Exposed
CVE-2019-14379	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6	8.0% Low-Moderate Risk	Directly Exposed
CVE-2019-16335	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-16942	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.7% Low-Moderate Risk	Directly Exposed
CVE-2019-16943	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-17267	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10, 2.8.11.5	4.6% Low-Moderate Risk	Directly Exposed
CVE-2019-17531	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.3% Low-Moderate Risk	Directly Exposed
CVE-2019-20330	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2	8.6% Low-Moderate Risk	Directly Exposed
CVE-2019-14892	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.6.7.3, 2.8.11.5, 2.9.10	5.4% Low-Moderate Risk	Directly Exposed
CVE-2019-14379	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6	8.0% Low-Moderate Risk	Directly Exposed
CVE-2019-16335	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-16942	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.7% Low-Moderate Risk	Directly Exposed
CVE-2019-16943	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-17267	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10, 2.8.11.5	4.6% Low-Moderate Risk	Directly Exposed
CVE-2019-17531	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.3% Low-Moderate Risk	Directly Exposed
CVE-2019-20330	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2	8.6% Low-Moderate Risk	Directly Exposed
CVE-2019-14892	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.6.7.3, 2.8.11.5, 2.9.10	5.4% Low-Moderate Risk	Directly Exposed
CVE-2019-14379	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6	8.0% Low-Moderate Risk	Directly Exposed
CVE-2019-16335	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-16942	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.7% Low-Moderate Risk	Directly Exposed
CVE-2019-16943	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-17267	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10, 2.8.11.5	4.6% Low-Moderate Risk	Directly Exposed
CVE-2019-17531	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.3% Low-Moderate Risk	Directly Exposed
CVE-2019-20330	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2	8.6% Low-Moderate Risk	Directly Exposed
CVE-2020-9546	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	4.6% Low-Moderate Risk	Directly Exposed
CVE-2019-14892	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.3, 2.8.11.5, 2.9.10	5.4% Low-Moderate Risk	Directly Exposed
CVE-2019-14893	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10	4.0% Low-Moderate Risk	Directly Exposed
CVE-2019-14379	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6	8.0% Low-Moderate Risk	Directly Exposed
CVE-2019-16335	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-16942	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.7% Low-Moderate Risk	Directly Exposed
CVE-2019-16943	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-17267	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10, 2.8.11.5	4.6% Low-Moderate Risk	Directly Exposed
CVE-2019-17531	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3	5.3% Low-Moderate Risk	Directly Exposed
CVE-2019-20330	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2	8.6% Low-Moderate Risk	Directly Exposed
CVE-2020-9546	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	4.6% Low-Moderate Risk	Directly Exposed
CVE-2019-14892	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.6.7.3, 2.8.11.5, 2.9.10	5.4% Low-Moderate Risk	Directly Exposed
CVE-2019-14893	CRITICAL9.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10	4.0% Low-Moderate Risk	Directly Exposed
CVE-2021-37404	CRITICAL9.8	org.apache.hadoop:hadoop-common 2.7.7 fixed in 3.3.2, 3.2.3, 2.10.2	2.9% Low-Moderate Risk	Directly Exposed
CVE-2022-25168	CRITICAL9.8	org.apache.hadoop:hadoop-common 2.7.7 fixed in 2.10.2, 3.2.4, 3.3.3	3.3% Low-Moderate Risk	Directly Exposed
CVE-2022-26612	CRITICAL9.8	org.apache.hadoop:hadoop-common 2.7.7 fixed in 3.2.3, 2.10.2, 3.3.3	4.1% Low-Moderate Risk	Directly Exposed
CVE-2023-34478	CRITICAL9.8	org.apache.shiro:shiro-web 1.10.0 fixed in 1.12.0, 2.0.0-alpha-3	1.5% Low-Moderate Risk	Directly Exposed
CVE-2019-10202	CRITICAL9.8	org.codehaus.jackson:jackson-mapper-asl 1.9.13 No fix yet	5.2% Low-Moderate Risk	Directly Exposed
CVE-2021-4104	CRITICAL9.75	log4j:log4j 1.2.17 No fix yet	81.1% Actively Exploited	Directly Exposed
CVE-2015-2080	CRITICAL9.75	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.9.v20150224	74.9% Actively Exploited	Directly Exposed
CVE-2021-28165	CRITICAL9.75	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.39, 10.0.2, 11.0.2	53.9% Actively Exploited	Directly Exposed
CVE-2025-27363	CRITICAL9.31	libfreetype6 2.10.1-2ubuntu0.3 fixed in 2.10.1-2ubuntu0.4	23.4% High Exploitation Risk	Directly Exposed
CVE-2020-35728	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	12.5% High Exploitation Risk	Directly Exposed
CVE-2020-36179	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	20.9% High Exploitation Risk	Directly Exposed
CVE-2020-36184	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	10.4% High Exploitation Risk	Directly Exposed
CVE-2020-36188	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	10.9% High Exploitation Risk	Directly Exposed
CVE-2020-35728	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	12.5% High Exploitation Risk	Directly Exposed
CVE-2020-36179	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	20.9% High Exploitation Risk	Directly Exposed
CVE-2020-36184	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	10.4% High Exploitation Risk	Directly Exposed
CVE-2020-36188	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	10.9% High Exploitation Risk	Directly Exposed
CVE-2020-35728	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	12.5% High Exploitation Risk	Directly Exposed
CVE-2020-36179	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	20.9% High Exploitation Risk	Directly Exposed
CVE-2020-36184	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	10.4% High Exploitation Risk	Directly Exposed
CVE-2020-36188	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	10.9% High Exploitation Risk	Directly Exposed
CVE-2020-35728	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	12.5% High Exploitation Risk	Directly Exposed
CVE-2020-36179	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	20.9% High Exploitation Risk	Directly Exposed
CVE-2020-36184	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	10.4% High Exploitation Risk	Directly Exposed
CVE-2020-36188	CRITICAL9.31	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	10.9% High Exploitation Risk	Directly Exposed
CVE-2020-7692	CRITICAL9.1	com.google.oauth-client:google-oauth-client 1.23.0 fixed in 1.31.0	1.6% Low-Moderate Risk	Directly Exposed
CVE-2020-7692	CRITICAL9.1	com.google.oauth-client:google-oauth-client 1.30.5 fixed in 1.31.0	1.6% Low-Moderate Risk	Directly Exposed
CVE-2019-20444	CRITICAL9.1	io.netty:netty 3.10.6.Final fixed in 4.0.0	8.7% Low-Moderate Risk	Directly Exposed
CVE-2023-44981	CRITICAL9.1	org.apache.zookeeper:zookeeper 3.5.5 fixed in 3.7.2, 3.8.3, 3.9.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2023-44981	CRITICAL9.1	org.apache.zookeeper:zookeeper 3.5.7 fixed in 3.7.2, 3.8.3, 3.9.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2023-44981	CRITICAL9.1	org.apache.zookeeper:zookeeper 3.6.3 fixed in 3.7.2, 3.8.3, 3.9.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2020-10673	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.4, 2.6.7.4	8.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10673	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.4, 2.6.7.4	8.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10672	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10673	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4, 2.6.7.4	8.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10968	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.6% Low-Moderate Risk	Directly Exposed
CVE-2020-10969	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.5% Low-Moderate Risk	Directly Exposed
CVE-2020-11111	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.5% Low-Moderate Risk	Directly Exposed
CVE-2020-11112	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.6% Low-Moderate Risk	Directly Exposed
CVE-2020-11113	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	6.2% Low-Moderate Risk	Directly Exposed
CVE-2020-10672	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10673	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4, 2.6.7.4	8.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10968	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.6% Low-Moderate Risk	Directly Exposed
CVE-2020-10969	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.5% Low-Moderate Risk	Directly Exposed
CVE-2020-11111	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.5% Low-Moderate Risk	Directly Exposed
CVE-2020-11112	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.6% Low-Moderate Risk	Directly Exposed
CVE-2020-11113	HIGH8.8	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	6.2% Low-Moderate Risk	Directly Exposed
CVE-2025-48734	HIGH8.8	commons-beanutils:commons-beanutils 1.9.4 fixed in 1.11.0	1.5% Low-Moderate Risk	Directly Exposed
CVE-2024-47561	HIGH8.8	org.apache.avro:avro 1.11.1 fixed in 1.11.4	3.3% Low-Moderate Risk	Directly Exposed
CVE-2020-9492	HIGH8.8	org.apache.hadoop:hadoop-common 2.7.7 fixed in 3.2.2, 3.1.4, 2.10.1	4.4% Low-Moderate Risk	Directly Exposed
CVE-2021-33036	HIGH8.8	org.apache.hadoop:hadoop-yarn-server-common 2.7.7 fixed in 2.10.2, 3.2.3, 3.3.2	3.2% Low-Moderate Risk	Directly Exposed
CVE-2023-4759	HIGH8.8	org.eclipse.jgit:org.eclipse.jgit 4.5.4.201711221230-r fixed in 6.6.1.202309021850-r, 5.13.3.202401111512-r	1.9% Low-Moderate Risk	Directly Exposed
CVE-2019-12086	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3	21.9% High Exploitation Risk	Directly Exposed
CVE-2019-14439	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3	10.8% High Exploitation Risk	Directly Exposed
CVE-2019-12086	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3	21.9% High Exploitation Risk	Directly Exposed
CVE-2019-14439	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3	10.8% High Exploitation Risk	Directly Exposed
CVE-2020-25649	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.6.7.4, 2.9.10.7, 2.10.5.1	17.6% High Exploitation Risk	Directly Exposed
CVE-2019-12086	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3	21.9% High Exploitation Risk	Directly Exposed
CVE-2019-14439	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3	10.8% High Exploitation Risk	Directly Exposed
CVE-2020-25649	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.4, 2.9.10.7, 2.10.5.1	17.6% High Exploitation Risk	Directly Exposed
CVE-2019-14439	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3	10.8% High Exploitation Risk	Directly Exposed
CVE-2020-25649	HIGH8.62	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.6.7.4, 2.9.10.7, 2.10.5.1	17.6% High Exploitation Risk	Directly Exposed
CVE-2022-40152	HIGH8.62	com.fasterxml.woodstox:woodstox-core 5.3.0 fixed in 6.4.0, 5.4.0	19.5% High Exploitation Risk	Directly Exposed
CVE-2022-25647	HIGH8.62	com.google.code.gson:gson 2.8.5 fixed in 2.8.9	12.0% High Exploitation Risk	Directly Exposed
CVE-2019-12402	HIGH8.62	org.apache.commons:commons-compress 1.18 fixed in 1.19	16.2% High Exploitation Risk	Directly Exposed
CVE-2021-35515	HIGH8.62	org.apache.commons:commons-compress 1.18 fixed in 1.21	11.9% High Exploitation Risk	Directly Exposed
CVE-2021-35516	HIGH8.62	org.apache.commons:commons-compress 1.18 fixed in 1.21	12.7% High Exploitation Risk	Directly Exposed
CVE-2021-35517	HIGH8.62	org.apache.commons:commons-compress 1.18 fixed in 1.21	10.9% High Exploitation Risk	Directly Exposed
CVE-2021-36090	HIGH8.62	org.apache.commons:commons-compress 1.18 fixed in 1.21	13.3% High Exploitation Risk	Directly Exposed
CVE-2019-10172	HIGH8.62	org.codehaus.jackson:jackson-mapper-asl 1.9.13 No fix yet	17.0% High Exploitation Risk	Directly Exposed
CVE-2021-33813	HIGH8.62	org.jdom:jdom 1.1 No fix yet	19.4% High Exploitation Risk	Directly Exposed
CVE-2017-18640	HIGH8.62	org.yaml:snakeyaml 1.15 fixed in 1.26	26.7% High Exploitation Risk	Directly Exposed
CVE-2017-18640	HIGH8.62	org.yaml:snakeyaml 1.9 fixed in 1.26	26.7% High Exploitation Risk	Directly Exposed
CVE-2026-27727	HIGH8.33	com.mchange:mchange-commons-java 0.2.15 fixed in 0.4.0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42581	HIGH8.33	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-41409	HIGH8.33	org.apache.mina:mina-core 2.0.7 fixed in 2.0.28, 2.1.11, 2.2.6	0.5% Theoretical Threat	Directly Exposed
CVE-2026-41635	HIGH8.33	org.apache.mina:mina-core 2.0.7 fixed in 2.0.28, 2.1.11, 2.2.6	0.6% Theoretical Threat	Directly Exposed
CVE-2025-66034	HIGH8.33	fonttools 4.53.1 fixed in 4.60.2	0.5% Theoretical Threat	Directly Exposed
CVE-2018-5968	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.8.11.1, 2.9.4, 2.7.9.5	7.0% Low-Moderate Risk	Directly Exposed
CVE-2020-10650	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.4	3.3% Low-Moderate Risk	Directly Exposed
CVE-2020-24616	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.6	9.3% Low-Moderate Risk	Directly Exposed
CVE-2020-24750	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.6.7.5, 2.9.10.6	7.3% Low-Moderate Risk	Directly Exposed
CVE-2020-35490	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	7.7% Low-Moderate Risk	Directly Exposed
CVE-2020-35491	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	9.5% Low-Moderate Risk	Directly Exposed
CVE-2020-36180	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36181	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36182	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36183	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2020-36185	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36186	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36187	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36189	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2021-20190	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.10.7, 2.6.7.5	7.5% Low-Moderate Risk	Directly Exposed
CVE-2020-10650	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.4	3.3% Low-Moderate Risk	Directly Exposed
CVE-2020-24616	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.6	9.3% Low-Moderate Risk	Directly Exposed
CVE-2020-24750	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.6.7.5, 2.9.10.6	7.3% Low-Moderate Risk	Directly Exposed
CVE-2020-35490	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	7.7% Low-Moderate Risk	Directly Exposed
CVE-2020-35491	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	9.5% Low-Moderate Risk	Directly Exposed
CVE-2020-36180	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36181	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36182	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36183	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2020-36185	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36186	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36187	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36189	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2021-20190	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.10.7, 2.6.7.5	7.5% Low-Moderate Risk	Directly Exposed
CVE-2020-10650	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.3% Low-Moderate Risk	Directly Exposed
CVE-2020-11619	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	3.6% Low-Moderate Risk	Directly Exposed
CVE-2020-11620	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4	5.6% Low-Moderate Risk	Directly Exposed
CVE-2020-14060	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5	8.5% Low-Moderate Risk	Directly Exposed
CVE-2020-14061	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5	4.4% Low-Moderate Risk	Directly Exposed
CVE-2020-14062	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5	8.0% Low-Moderate Risk	Directly Exposed
CVE-2020-14195	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5	4.5% Low-Moderate Risk	Directly Exposed
CVE-2020-24616	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.6	9.3% Low-Moderate Risk	Directly Exposed
CVE-2020-24750	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.5, 2.9.10.6	7.3% Low-Moderate Risk	Directly Exposed
CVE-2020-35490	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	7.7% Low-Moderate Risk	Directly Exposed
CVE-2020-35491	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	9.5% Low-Moderate Risk	Directly Exposed
CVE-2020-36180	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36181	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36182	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36183	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2020-36185	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36186	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36187	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36189	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2021-20190	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.7, 2.6.7.5	7.5% Low-Moderate Risk	Directly Exposed
CVE-2020-10650	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.3% Low-Moderate Risk	Directly Exposed
CVE-2020-11619	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	3.6% Low-Moderate Risk	Directly Exposed
CVE-2020-11620	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.4	5.6% Low-Moderate Risk	Directly Exposed
CVE-2020-14060	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.5	8.5% Low-Moderate Risk	Directly Exposed
CVE-2020-14061	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.5	4.4% Low-Moderate Risk	Directly Exposed
CVE-2020-14062	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.5	8.0% Low-Moderate Risk	Directly Exposed
CVE-2020-14195	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.5	4.5% Low-Moderate Risk	Directly Exposed
CVE-2020-24616	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.6	9.3% Low-Moderate Risk	Directly Exposed
CVE-2020-24750	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.6.7.5, 2.9.10.6	7.3% Low-Moderate Risk	Directly Exposed
CVE-2020-35490	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	7.7% Low-Moderate Risk	Directly Exposed
CVE-2020-35491	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	9.5% Low-Moderate Risk	Directly Exposed
CVE-2020-36180	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36181	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36182	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	5.0% Low-Moderate Risk	Directly Exposed
CVE-2020-36183	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2020-36185	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36186	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36187	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8	5.2% Low-Moderate Risk	Directly Exposed
CVE-2020-36189	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.8, 2.6.7.5	4.9% Low-Moderate Risk	Directly Exposed
CVE-2021-20190	HIGH8.1	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.10.7, 2.6.7.5	7.5% Low-Moderate Risk	Directly Exposed
CVE-2020-35213	HIGH8.1	io.atomix:atomix 3.0.0-rc5 No fix yet	1.2% Low-Moderate Risk	Directly Exposed
CVE-2019-7611	HIGH8.1	org.elasticsearch:elasticsearch 2.4.3 fixed in 5.6.15, 6.6.1	2.1% Low-Moderate Risk	Directly Exposed
CVE-2023-50447	HIGH8.1	Pillow 9.2.0 fixed in 10.2.0	1.7% Low-Moderate Risk	Directly Exposed
CVE-2019-17195	HIGH8	com.nimbusds:nimbus-jose-jwt 4.41.1 fixed in 7.9	11.0% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2019-20445	HIGH8	io.netty:netty 3.10.6.Final fixed in 4.0.0	13.5% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2019-20445	HIGH8	io.netty:netty-handler 4.1.27.Final fixed in 4.1.45	13.5% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-42584	HIGH7.73	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.13.Final, 4.1.133.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-2332	HIGH7.73	org.eclipse.jetty:jetty-http 9.4.50.v20221201 fixed in 12.1.7, 12.0.33	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2332	HIGH7.73	org.eclipse.jetty:jetty-http 9.4.52.v20230823 fixed in 12.1.7, 12.0.33	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58782	HIGH7.7	org.apache.jackrabbit:jackrabbit-jcr-commons 1.6.5 fixed in 2.22.2	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-25638	HIGH7.57	dnsjava:dnsjava 2.1.7 fixed in 3.6.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45490	HIGH7.5	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7	1.7% Low-Moderate Risk	Directly Exposed
CVE-2023-25193	HIGH7.5	libharfbuzz0b 2.6.4-1ubuntu4.2 fixed in 2.6.4-1ubuntu4.3	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-27113	HIGH7.5	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.9	1.0% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.12.6.1 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.12.6.1 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.12.7 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.12.7 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2020-36518	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.1 fixed in 2.13.2.1, 2.12.6.1	4.9% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.1 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.1 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.2.2 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.2.2 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.3 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.13.3 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2018-12022	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.7.9.4, 2.8.11.2, 2.9.6	7.3% Low-Moderate Risk	Directly Exposed
CVE-2020-36518	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.13.2.1, 2.12.6.1	4.9% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2020-36518	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.13.2.1, 2.12.6.1	4.9% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2020-36518	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.13.2.1, 2.12.6.1	4.9% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2020-36518	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.13.2.1, 2.12.6.1	4.9% Low-Moderate Risk	Directly Exposed
CVE-2022-42003	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.12.7.1, 2.13.4.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-42004	HIGH7.5	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.12.7.1, 2.13.4	2.7% Low-Moderate Risk	Directly Exposed
CVE-2020-28491	HIGH7.5	com.fasterxml.jackson.dataformat:jackson-dataformat-cbor 2.8.1 fixed in 2.11.4, 2.12.1	3.1% Low-Moderate Risk	Directly Exposed
CVE-2024-7254	HIGH7.5	com.google.protobuf:protobuf-java 3.17.1 fixed in 3.25.5, 4.27.5, 4.28.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-3171	HIGH7.5	com.google.protobuf:protobuf-java 3.17.1 fixed in 3.21.7, 3.20.3, 3.19.6, 3.16.3	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-7254	HIGH7.5	com.google.protobuf:protobuf-java 3.21.7 fixed in 3.25.5, 4.27.5, 4.28.2	2.8% Low-Moderate Risk	Directly Exposed
CVE-2023-46120	HIGH7.5	com.rabbitmq:amqp-client 5.5.3 fixed in 5.18.0	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-3635	HIGH7.5	com.squareup.okio:okio 1.15.0 fixed in 3.4.0, 1.17.6	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-3635	HIGH7.5	com.squareup.okio:okio 1.17.3 fixed in 3.4.0, 1.17.6	1.1% Low-Moderate Risk	Directly Exposed
CVE-2020-35211	HIGH7.5	io.atomix:atomix 3.0.0-rc5 No fix yet	1.0% Low-Moderate Risk	Directly Exposed
CVE-2021-37136	HIGH7.5	io.netty:netty 3.10.6.Final fixed in 4.0.0	5.7% Low-Moderate Risk	Directly Exposed
CVE-2021-37137	HIGH7.5	io.netty:netty 3.10.6.Final fixed in 4.0.0	6.3% Low-Moderate Risk	Directly Exposed
CVE-2021-37136	HIGH7.5	io.netty:netty-codec 4.1.27.Final fixed in 4.1.68.Final	5.7% Low-Moderate Risk	Directly Exposed
CVE-2021-37137	HIGH7.5	io.netty:netty-codec 4.1.27.Final fixed in 4.1.68.Final	6.3% Low-Moderate Risk	Directly Exposed
CVE-2021-37136	HIGH7.5	io.netty:netty-codec 4.1.45.Final fixed in 4.1.68.Final	5.7% Low-Moderate Risk	Directly Exposed
CVE-2021-37137	HIGH7.5	io.netty:netty-codec 4.1.45.Final fixed in 4.1.68.Final	6.3% Low-Moderate Risk	Directly Exposed
CVE-2021-37136	HIGH7.5	io.netty:netty-codec 4.1.51.Final fixed in 4.1.68.Final	5.7% Low-Moderate Risk	Directly Exposed
CVE-2021-37137	HIGH7.5	io.netty:netty-codec 4.1.51.Final fixed in 4.1.68.Final	6.3% Low-Moderate Risk	Directly Exposed
CVE-2020-11612	HIGH7.5	io.netty:netty-handler 4.1.27.Final fixed in 4.1.46	9.4% Low-Moderate Risk	Directly Exposed
CVE-2020-11612	HIGH7.5	io.netty:netty-handler 4.1.45.Final fixed in 4.1.46	9.4% Low-Moderate Risk	Directly Exposed
CVE-2023-26464	HIGH7.5	log4j:log4j 1.2.17 fixed in 2.0	1.9% Low-Moderate Risk	Directly Exposed
CVE-2021-31684	HIGH7.5	net.minidev:json-smart 1.3.2 fixed in 1.3.3, 2.4.4	2.3% Low-Moderate Risk	Directly Exposed
CVE-2023-1370	HIGH7.5	net.minidev:json-smart 1.3.2 fixed in 2.4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-1370	HIGH7.5	net.minidev:json-smart 2.4.7 fixed in 2.4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-39410	HIGH7.5	org.apache.avro:avro 1.11.1 fixed in 1.11.3	1.8% Low-Moderate Risk	Directly Exposed
CVE-2015-3250	HIGH7.5	org.apache.directory.api:api-ldap-model 1.0.0-M20 fixed in 1.0.0-M31	5.1% Low-Moderate Risk	Directly Exposed
CVE-2017-7669	HIGH7.5	org.apache.hadoop:hadoop-common 2.7.7 fixed in 2.8.1, 3.0.0-alpha3	1.8% Low-Moderate Risk	Directly Exposed
CVE-2021-39239	HIGH7.5	org.apache.jena:jena-core 3.12.0 fixed in 4.2.0	4.0% Low-Moderate Risk	Directly Exposed
CVE-2019-0231	HIGH7.5	org.apache.mina:mina-core 2.0.7 fixed in 2.0.21, 2.1.1	2.2% Low-Moderate Risk	Directly Exposed
CVE-2020-13949	HIGH7.5	org.apache.thrift:libthrift 0.13.0 fixed in 0.14.0	6.8% Low-Moderate Risk	Directly Exposed
CVE-2017-7656	HIGH7.5	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.3.24.v20180605, 9.4.11.v20180605	6.4% Low-Moderate Risk	Directly Exposed
CVE-2017-9735	HIGH7.5	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.6.v20170531, 9.3.20.v20170531, 9.2.22.v20170606	5.8% Low-Moderate Risk	Directly Exposed
CVE-2023-31418	HIGH7.5	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.13, 8.9.0	1.2% Low-Moderate Risk	Directly Exposed
CVE-2021-37714	HIGH7.5	org.jsoup:jsoup 1.10.3 fixed in 1.14.2	6.9% Low-Moderate Risk	Directly Exposed
CVE-2021-37714	HIGH7.5	org.jsoup:jsoup 1.11.3 fixed in 1.14.2	6.9% Low-Moderate Risk	Directly Exposed
CVE-2021-37714	HIGH7.5	org.jsoup:jsoup 1.8.1 fixed in 1.14.2	6.9% Low-Moderate Risk	Directly Exposed
CVE-2022-25857	HIGH7.5	org.yaml:snakeyaml 1.15 fixed in 1.31	2.1% Low-Moderate Risk	Directly Exposed
CVE-2022-25857	HIGH7.5	org.yaml:snakeyaml 1.28 fixed in 1.31	2.1% Low-Moderate Risk	Directly Exposed
CVE-2022-25857	HIGH7.5	org.yaml:snakeyaml 1.9 fixed in 1.31	2.1% Low-Moderate Risk	Directly Exposed
CVE-2022-45199	HIGH7.5	Pillow 9.2.0 fixed in 9.3.0	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-44271	HIGH7.5	Pillow 9.2.0 fixed in 10.0.0	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-3651	HIGH7.5	idna 3.4 fixed in 3.7	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-52804	HIGH7.5	tornado 6.4.1 fixed in 6.4.2	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-67030	HIGH7.48	org.codehaus.plexus:plexus-utils 3.2.1 fixed in 4.0.3, 3.6.1	0.7% Theoretical Threat	Directly Exposed
CVE-2024-56201	HIGH7.48	Jinja2 3.1.4 fixed in 3.1.5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-27516	HIGH7.48	Jinja2 3.1.4 fixed in 3.1.6	0.5% Theoretical Threat	Directly Exposed
CVE-2024-12797	HIGH7.4	cryptography 42.0.2 fixed in 44.0.1	2.4% Low-Moderate Risk	Directly Exposed
CVE-2026-23949	HIGH7.31	jaraco.context 5.3.0 fixed in 6.1.0	0.5% Theoretical Threat	Directly Exposed
CVE-2024-52533	HIGH7	libglib2.0-0 2.64.6-1~ubuntu20.04.7 fixed in 2.64.6-1~ubuntu20.04.8	1.3% Low-Moderate Risk	Directly Exposed
CVE-2020-35214	MEDIUM6.88	io.atomix:atomix 3.0.0-rc5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM6.88	io.netty:netty-handler 4.1.27.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM6.88	io.netty:netty-handler 4.1.45.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM6.88	io.netty:netty-handler 4.1.51.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM6.88	io.netty:netty-handler 4.1.75.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM6.88	io.netty:netty-handler 4.1.79.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27830	MEDIUM6.8	com.mchange:c3p0 0.9.5.4 fixed in 0.12.0	0.3% Theoretical Threat	Directly Exposed
CVE-2019-12384	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	45.2% High Exploitation Risk	Directly Exposed
CVE-2019-12814	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.4.0 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	11.0% High Exploitation Risk	Directly Exposed
CVE-2019-12384	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	45.2% High Exploitation Risk	Directly Exposed
CVE-2019-12814	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.7.9.5 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	11.0% High Exploitation Risk	Directly Exposed
CVE-2019-12384	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	45.2% High Exploitation Risk	Directly Exposed
CVE-2019-12814	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	11.0% High Exploitation Risk	Directly Exposed
CVE-2019-12384	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	45.2% High Exploitation Risk	Directly Exposed
CVE-2019-12814	MEDIUM6.79	com.fasterxml.jackson.core:jackson-databind 2.9.9 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	11.0% High Exploitation Risk	Directly Exposed
CVE-2016-5725	MEDIUM6.79	com.jcraft:jsch 0.1.53 fixed in 0.1.54	24.1% High Exploitation Risk	Directly Exposed
CVE-2021-21295	MEDIUM6.79	io.netty:netty 3.10.6.Final fixed in 4.0.0	18.9% High Exploitation Risk	Directly Exposed
CVE-2025-54920	MEDIUM6.7	org.apache.spark:spark-core_2.12 3.4.1 fixed in 3.5.7	5.3% Low-Moderate Risk	Directly Exposed
CVE-2022-49043	MEDIUM6.63	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-24928	MEDIUM6.54	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.9	0.4% Theoretical Threat	Directly Exposed
CVE-2020-12668	MEDIUM6.5	com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.5.4	1.8% Low-Moderate Risk	Directly Exposed
CVE-2021-37533	MEDIUM6.5	commons-net:commons-net 3.1 fixed in 3.9.0	1.9% Low-Moderate Risk	Directly Exposed
CVE-2021-37533	MEDIUM6.5	commons-net:commons-net 3.3 fixed in 3.9.0	1.9% Low-Moderate Risk	Directly Exposed
CVE-2021-37533	MEDIUM6.5	commons-net:commons-net 3.6 fixed in 3.9.0	1.9% Low-Moderate Risk	Directly Exposed
CVE-2021-43797	MEDIUM6.5	io.netty:netty 3.10.6.Final fixed in 4.0.0	2.7% Low-Moderate Risk	Directly Exposed
CVE-2023-34462	MEDIUM6.5	io.netty:netty-handler 4.1.27.Final fixed in 4.1.94.Final	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-34462	MEDIUM6.5	io.netty:netty-handler 4.1.45.Final fixed in 4.1.94.Final	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-34462	MEDIUM6.5	io.netty:netty-handler 4.1.51.Final fixed in 4.1.94.Final	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-34462	MEDIUM6.5	io.netty:netty-handler 4.1.75.Final fixed in 4.1.94.Final	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-34462	MEDIUM6.5	io.netty:netty-handler 4.1.79.Final fixed in 4.1.94.Final	2.5% Low-Moderate Risk	Directly Exposed
CVE-2021-41973	MEDIUM6.5	org.apache.mina:mina-core 2.0.7 fixed in 2.1.5, 2.0.22	4.3% Low-Moderate Risk	Directly Exposed
CVE-2023-46749	MEDIUM6.5	org.apache.shiro:shiro-core 1.10.0 fixed in 1.13.0, 2.0.0-alpha4	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-29857	MEDIUM6.5	org.bouncycastle:bcprov-jdk15on 1.70 fixed in 1.78	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-8184	MEDIUM6.5	org.eclipse.jetty:jetty-server 9.4.50.v20221201 fixed in 12.0.9, 10.0.24, 11.0.24, 9.4.56	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-8184	MEDIUM6.5	org.eclipse.jetty:jetty-server 9.4.52.v20230823 fixed in 12.0.9, 10.0.24, 11.0.24, 9.4.56	1.0% Low-Moderate Risk	Directly Exposed
CVE-2020-7019	MEDIUM6.5	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.9.0, 6.8.12	1.2% Low-Moderate Risk	Directly Exposed
CVE-2021-22144	MEDIUM6.5	org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.17, 7.13.3	1.7% Low-Moderate Risk	Directly Exposed
CVE-2022-38749	MEDIUM6.5	org.yaml:snakeyaml 1.15 fixed in 1.31	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-38751	MEDIUM6.5	org.yaml:snakeyaml 1.15 fixed in 1.31	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-38752	MEDIUM6.5	org.yaml:snakeyaml 1.15 fixed in 1.32	2.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41854	MEDIUM6.5	org.yaml:snakeyaml 1.15 fixed in 1.32	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-38749	MEDIUM6.5	org.yaml:snakeyaml 1.28 fixed in 1.31	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-38751	MEDIUM6.5	org.yaml:snakeyaml 1.28 fixed in 1.31	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-38752	MEDIUM6.5	org.yaml:snakeyaml 1.28 fixed in 1.32	2.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41854	MEDIUM6.5	org.yaml:snakeyaml 1.28 fixed in 1.32	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-38749	MEDIUM6.5	org.yaml:snakeyaml 1.9 fixed in 1.31	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-38751	MEDIUM6.5	org.yaml:snakeyaml 1.9 fixed in 1.31	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-38752	MEDIUM6.5	org.yaml:snakeyaml 1.9 fixed in 1.32	2.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41854	MEDIUM6.5	org.yaml:snakeyaml 1.9 fixed in 1.32	1.5% Low-Moderate Risk	Directly Exposed
CVE-2025-32414	MEDIUM6.38	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.10	0.3% Theoretical Threat	Directly Exposed
CVE-2025-32415	MEDIUM6.38	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.10	0.5% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.1.3 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.10.1 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.12.6 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.13.1 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.13.2 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.13.3 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.4.0 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.7.4 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.7.9 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.8.1 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.9.8 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-52999	MEDIUM6.38	com.fasterxml.jackson.core:jackson-core 2.9.9 fixed in 2.15.0	0.6% Theoretical Threat	Directly Exposed
CVE-2022-3509	MEDIUM6.38	com.google.protobuf:protobuf-java 3.17.1 fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7	0.6% Theoretical Threat	Directly Exposed
CVE-2022-3510	MEDIUM6.38	com.google.protobuf:protobuf-java 3.17.1 fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7	0.5% Theoretical Threat	Directly Exposed
CVE-2023-52428	MEDIUM6.38	com.nimbusds:nimbus-jose-jwt 4.41.1 fixed in 9.37.2	0.8% Theoretical Threat	Directly Exposed
CVE-2023-52428	MEDIUM6.38	com.nimbusds:nimbus-jose-jwt 9.13 fixed in 9.37.2	0.8% Theoretical Threat	Directly Exposed
CVE-2023-52428	MEDIUM6.38	com.nimbusds:nimbus-jose-jwt 9.8.1 fixed in 9.37.2	0.8% Theoretical Threat	Directly Exposed
CVE-2021-0341	MEDIUM6.38	com.squareup.okhttp3:okhttp 3.12.12 fixed in 4.9.2	0.9% Theoretical Threat	Directly Exposed
CVE-2021-0341	MEDIUM6.38	com.squareup.okhttp3:okhttp 3.13.1 fixed in 4.9.2	0.9% Theoretical Threat	Directly Exposed
CVE-2020-35209	MEDIUM6.38	io.atomix:atomix 3.0.0-rc5 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2025-58057	MEDIUM6.38	io.netty:netty-codec 4.1.27.Final fixed in 4.1.125.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58057	MEDIUM6.38	io.netty:netty-codec 4.1.45.Final fixed in 4.1.125.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58057	MEDIUM6.38	io.netty:netty-codec 4.1.51.Final fixed in 4.1.125.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58057	MEDIUM6.38	io.netty:netty-codec 4.1.75.Final fixed in 4.1.125.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58057	MEDIUM6.38	io.netty:netty-codec 4.1.79.Final fixed in 4.1.125.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33870	MEDIUM6.38	io.netty:netty-codec-http 4.1.79.Final fixed in 4.1.132.Final, 4.2.10.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42585	MEDIUM6.38	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.13.Final, 4.1.133.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2025-58056	MEDIUM6.38	io.netty:netty-codec-http 4.1.79.Final fixed in 4.1.125.Final, 4.2.5.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2025-55163	MEDIUM6.38	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.2.4.Final, 4.1.124.Final	0.9% Theoretical Threat	Directly Exposed
CVE-2026-33871	MEDIUM6.38	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.1.132.Final, 4.2.11.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-48043	MEDIUM6.38	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.1.135.Final, 4.2.15.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.27.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.27.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.45.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.45.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.51.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.51.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.75.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.75.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.79.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.79.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42578	MEDIUM6.38	io.netty:netty-handler-proxy 4.1.79.Final fixed in 4.1.133.Final, 4.2.13.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34479	MEDIUM6.38	org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34480	MEDIUM6.38	org.apache.logging.log4j:log4j-core 2.17.1 fixed in 2.25.4	0.9% Theoretical Threat	Directly Exposed
CVE-2026-34480	MEDIUM6.38	org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4	0.9% Theoretical Threat	Directly Exposed
CVE-2026-5588	MEDIUM6.38	org.bouncycastle:bcpkix-jdk15on 1.70 fixed in 1.84	0.3% Theoretical Threat	Directly Exposed
CVE-2024-9823	MEDIUM6.38	org.eclipse.jetty:jetty-servlets 9.4.50.v20221201 fixed in 9.4.54, 10.0.18, 11.0.18	0.9% Theoretical Threat	Directly Exposed
CVE-2024-23444	MEDIUM6.38	org.elasticsearch:elasticsearch 2.4.3 fixed in 8.13.0, 7.17.23	0.2% Theoretical Threat	Directly Exposed
CVE-2024-43709	MEDIUM6.38	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.21, 8.13.3	0.6% Theoretical Threat	Directly Exposed
CVE-2024-52979	MEDIUM6.38	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.25, 8.16.0	0.5% Theoretical Threat	Directly Exposed
CVE-2024-21634	MEDIUM6.38	software.amazon.ion:ion-java 1.0.2 fixed in 1.10.5	0.8% Theoretical Threat	Directly Exposed
CVE-2025-6176	MEDIUM6.38	Brotli 1.0.9 fixed in 1.2.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69534	MEDIUM6.38	Markdown 3.6 fixed in 3.8.1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-26130	MEDIUM6.38	cryptography 42.0.2 fixed in 42.0.4	0.8% Theoretical Threat	Directly Exposed
CVE-2023-1428	MEDIUM6.38	grpcio 1.51.1 fixed in 1.53.0	0.4% Theoretical Threat	Directly Exposed
CVE-2023-33953	MEDIUM6.38	grpcio 1.51.1 fixed in 1.53.2, 1.54.3, 1.55.2, 1.56.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0994	MEDIUM6.38	protobuf 4.21.12 fixed in 6.33.5, 5.29.6	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47287	MEDIUM6.38	tornado 6.4.1 fixed in 6.5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-31958	MEDIUM6.38	tornado 6.4.1 fixed in 6.5.5	0.4% Theoretical Threat	Directly Exposed
CVE-2025-66418	MEDIUM6.38	urllib3 2.1.0 fixed in 2.6.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-66471	MEDIUM6.38	urllib3 2.1.0 fixed in 2.6.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-21441	MEDIUM6.38	urllib3 2.1.0 fixed in 2.6.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-66418	MEDIUM6.38	urllib3 2.2.2 fixed in 2.6.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-66471	MEDIUM6.38	urllib3 2.2.2 fixed in 2.6.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-21441	MEDIUM6.38	urllib3 2.2.2 fixed in 2.6.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-21587	MEDIUM6.29	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04	0.7% Theoretical Threat	Directly Exposed
CVE-2025-21587	MEDIUM6.29	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04	0.7% Theoretical Threat	Directly Exposed
CVE-2021-22573	MEDIUM6.21	com.google.oauth-client:google-oauth-client 1.23.0 fixed in 1.33.3	0.3% Theoretical Threat	Directly Exposed
CVE-2021-22573	MEDIUM6.21	com.google.oauth-client:google-oauth-client 1.30.5 fixed in 1.33.3	0.3% Theoretical Threat	Directly Exposed
CVE-2026-43869	MEDIUM6.21	org.apache.thrift:libthrift 0.13.0 fixed in 0.23.0	0.3% Theoretical Threat	Directly Exposed
CVE-2024-34062	MEDIUM6.21	tqdm 4.65.0 fixed in 4.66.3	0.4% Theoretical Threat	Directly Exposed
CVE-2024-13009	MEDIUM6.12	org.eclipse.jetty:jetty-server 9.4.50.v20221201 fixed in 9.4.57.v20241219	0.4% Theoretical Threat	Directly Exposed
CVE-2024-13009	MEDIUM6.12	org.eclipse.jetty:jetty-server 9.4.52.v20230823 fixed in 9.4.57.v20241219	0.4% Theoretical Threat	Directly Exposed
CVE-2023-46750	MEDIUM6.1	org.apache.shiro:shiro-web 1.10.0 fixed in 1.13.0, 2.0.0-alpha-4	1.5% Low-Moderate Risk	Directly Exposed
CVE-2019-10241	MEDIUM6.1	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411	9.6% Low-Moderate Risk	Directly Exposed
CVE-2022-36033	MEDIUM6.1	org.jsoup:jsoup 1.10.3 fixed in 1.15.3	1.2% Low-Moderate Risk	Directly Exposed
CVE-2022-36033	MEDIUM6.1	org.jsoup:jsoup 1.11.3 fixed in 1.15.3	1.2% Low-Moderate Risk	Directly Exposed
CVE-2015-6748	MEDIUM6.1	org.jsoup:jsoup 1.8.1 fixed in 1.8.3	2.2% Low-Moderate Risk	Directly Exposed
CVE-2022-36033	MEDIUM6.1	org.jsoup:jsoup 1.8.1 fixed in 1.15.3	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 18.0 fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 19.0 fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 20.0 fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 22.0 fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 24.1.1-jre fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 25.0-jre fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 30.1.1-jre fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 31.1-android fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	libc-bin 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.18	0.4% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	libc6 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.18	0.4% Theoretical Threat	Directly Exposed
CVE-2024-50602	MEDIUM5.9	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.8	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libgssapi-krb5-2 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libk5crypto3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libkrb5-3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libkrb5support0 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2018-10237	MEDIUM5.9	com.google.guava:guava 18.0 fixed in 24.1.1-android	5.1% Low-Moderate Risk	Directly Exposed
CVE-2018-10237	MEDIUM5.9	com.google.guava:guava 19.0 fixed in 24.1.1-android	5.1% Low-Moderate Risk	Directly Exposed
CVE-2018-10237	MEDIUM5.9	com.google.guava:guava 20.0 fixed in 24.1.1-android	5.1% Low-Moderate Risk	Directly Exposed
CVE-2018-10237	MEDIUM5.9	com.google.guava:guava 22.0 fixed in 24.1.1-android	5.1% Low-Moderate Risk	Directly Exposed
CVE-2021-21409	MEDIUM5.9	io.netty:netty 3.10.6.Final fixed in 4.0.0	4.9% Low-Moderate Risk	Directly Exposed
CVE-2019-7614	MEDIUM5.9	org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.2, 7.2.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-23944	MEDIUM5.61	org.apache.zookeeper:zookeeper 3.6.3 fixed in 3.8.4, 3.9.2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libgssapi-krb5-2 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libk5crypto3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libkrb5-3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libkrb5support0 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2020-35210	MEDIUM5.52	io.atomix:atomix 3.0.0-rc5 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2020-35215	MEDIUM5.52	io.atomix:atomix 3.0.0-rc5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2025-67735	MEDIUM5.52	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.8.Final, 4.1.129.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41417	MEDIUM5.52	io.netty:netty-codec-http 4.1.79.Final fixed in 4.1.133.Final, 4.2.13.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42580	MEDIUM5.52	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11143	MEDIUM5.52	org.eclipse.jetty:jetty-http 9.4.50.v20221201 fixed in 12.0.31, 12.1.5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-11143	MEDIUM5.52	org.eclipse.jetty:jetty-http 9.4.52.v20230823 fixed in 12.0.31, 12.1.5	0.2% Theoretical Threat	Directly Exposed
CVE-2023-49921	MEDIUM5.52	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.16, 8.11.2	0.5% Theoretical Threat	Directly Exposed
CVE-2026-26007	MEDIUM5.52	cryptography 42.0.2 fixed in 46.0.5	0.2% Theoretical Threat	Directly Exposed
CVE-2024-37891	MEDIUM5.52	urllib3 2.1.0 fixed in 1.26.19, 2.2.2	1.0% Theoretical Threat	Directly Exposed
CVE-2024-34459	MEDIUM5.5	libxml2 2.9.10+dfsg-5ubuntu0.20.04.7 fixed in 2.9.10+dfsg-5ubuntu0.20.04.8	2.3% Low-Moderate Risk	Directly Exposed
CVE-2021-21290	MEDIUM5.5	io.netty:netty 3.10.6.Final fixed in 4.0.0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2021-27807	MEDIUM5.5	org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.23	3.0% Low-Moderate Risk	Directly Exposed
CVE-2021-27906	MEDIUM5.5	org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.23	3.3% Low-Moderate Risk	Directly Exposed
CVE-2021-31811	MEDIUM5.5	org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.24	3.4% Low-Moderate Risk	Directly Exposed
CVE-2021-31812	MEDIUM5.5	org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.24	3.1% Low-Moderate Risk	Directly Exposed
CVE-2024-56326	MEDIUM5.35	Jinja2 3.1.4 fixed in 3.1.5	0.5% Theoretical Threat	Directly Exposed
CVE-2024-12243	MEDIUM5.3	libgnutls30 3.6.13-2ubuntu1.11 fixed in 3.6.13-2ubuntu1.12	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-12133	MEDIUM5.3	libtasn1-6 4.16.0-2 fixed in 4.16.0-2ubuntu0.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2018-18893	MEDIUM5.3	com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.4.6	1.8% Low-Moderate Risk	Directly Exposed
CVE-2024-29025	MEDIUM5.3	io.netty:netty-codec-http 4.1.79.Final fixed in 4.1.108.Final	1.4% Low-Moderate Risk	Directly Exposed
CVE-2025-27553	MEDIUM5.3	org.apache.commons:commons-vfs2 2.6.0 fixed in 2.10.0	1.2% Low-Moderate Risk	Directly Exposed
CVE-2020-13956	MEDIUM5.3	org.apache.httpcomponents:httpclient 4.5 fixed in 4.5.13, 5.0.3	8.7% Low-Moderate Risk	Directly Exposed
CVE-2023-40167	MEDIUM5.3	org.eclipse.jetty:jetty-http 9.4.50.v20221201 fixed in 9.4.52, 10.0.16, 11.0.16, 12.0.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2019-10247	MEDIUM5.3	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418	5.8% Low-Moderate Risk	Directly Exposed
CVE-2023-26048	MEDIUM5.3	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.51.v20230217, 10.0.14, 11.0.14	3.3% Low-Moderate Risk	Directly Exposed
CVE-2023-26049	MEDIUM5.3	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2023-26048	MEDIUM5.3	org.eclipse.jetty:jetty-server 9.4.50.v20221201 fixed in 9.4.51.v20230217, 10.0.14, 11.0.14	3.3% Low-Moderate Risk	Directly Exposed
CVE-2023-26049	MEDIUM5.3	org.eclipse.jetty:jetty-server 9.4.50.v20221201 fixed in 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2025-4949	MEDIUM5.3	org.eclipse.jgit:org.eclipse.jgit 4.5.4.201711221230-r fixed in 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r	1.1% Low-Moderate Risk	Directly Exposed
CVE-2021-22135	MEDIUM5.3	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.11.2, 6.8.15	1.2% Low-Moderate Risk	Directly Exposed
CVE-2021-22137	MEDIUM5.3	org.elasticsearch:elasticsearch 2.4.3 fixed in 7.11.2, 6.8.15	1.1% Low-Moderate Risk	Directly Exposed
CVE-2025-57804	MEDIUM5.3	h2 4.1.0 fixed in 4.3.0	1.6% Low-Moderate Risk	Directly Exposed
CVE-2021-33430	MEDIUM5.3	numpy 1.19.5 fixed in 1.21	1.1% Low-Moderate Risk	Directly Exposed
CVE-2021-34141	MEDIUM5.3	numpy 1.19.5 fixed in 1.22	1.6% Low-Moderate Risk	Directly Exposed
CVE-2018-3824	MEDIUM5.18	org.elasticsearch:elasticsearch 2.4.3 fixed in 5.6.9, 6.2.4	0.9% Theoretical Threat	Directly Exposed
CVE-2026-23528	MEDIUM5.18	distributed 2023.2.0 fixed in 2026.1.0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-50181	MEDIUM5.18	urllib3 2.1.0 fixed in 2.5.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-50181	MEDIUM5.18	urllib3 2.2.2 fixed in 2.5.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-50182	MEDIUM5.18	urllib3 2.2.2 fixed in 2.5.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libgssapi-krb5-2 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libk5crypto3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libkrb5-3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libkrb5support0 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2020-35216	MEDIUM5.02	io.atomix:atomix 3.0.0-rc5 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2026-34477	MEDIUM5.02	org.apache.logging.log4j:log4j-core 2.17.1 fixed in 2.25.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34477	MEDIUM5.02	org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4	0.4% Theoretical Threat	Directly Exposed
CVE-2024-30171	MEDIUM5.02	org.bouncycastle:bcprov-jdk15on 1.70 fixed in 1.78	0.9% Theoretical Threat	Directly Exposed
CVE-2024-28219	MEDIUM5.02	Pillow 9.2.0 fixed in 10.3.0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-53864	MEDIUM4.93	com.nimbusds:nimbus-jose-jwt 4.41.1 fixed in 10.0.2, 9.37.4	0.8% Theoretical Threat	Directly Exposed
CVE-2025-53864	MEDIUM4.93	com.nimbusds:nimbus-jose-jwt 9.13 fixed in 10.0.2, 9.37.4	0.8% Theoretical Threat	Directly Exposed
CVE-2025-53864	MEDIUM4.93	com.nimbusds:nimbus-jose-jwt 9.8.1 fixed in 10.0.2, 9.37.4	0.8% Theoretical Threat	Directly Exposed
CVE-2020-7021	MEDIUM4.9	org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.14, 7.10.0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2025-30698	MEDIUM4.76	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04	0.5% Theoretical Threat	Directly Exposed
CVE-2025-30698	MEDIUM4.76	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04	0.5% Theoretical Threat	Directly Exposed
CVE-2024-35195	MEDIUM4.76	requests 2.31.0 fixed in 2.32.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-0395	MEDIUM4.67	libc-bin 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.17	0.3% Theoretical Threat	Directly Exposed
CVE-2025-0395	MEDIUM4.67	libc6 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.17	0.3% Theoretical Threat	Directly Exposed
CVE-2025-29088	MEDIUM4.67	libsqlite3-0 3.31.1-4ubuntu0.6 fixed in 3.31.1-4ubuntu0.7	0.2% Theoretical Threat	Directly Exposed
CVE-2024-47535	MEDIUM4.67	io.netty:netty-common 4.1.27.Final fixed in 4.1.115.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2025-25193	MEDIUM4.67	io.netty:netty-common 4.1.27.Final fixed in 4.1.118.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2024-47535	MEDIUM4.67	io.netty:netty-common 4.1.45.Final fixed in 4.1.115.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2025-25193	MEDIUM4.67	io.netty:netty-common 4.1.45.Final fixed in 4.1.118.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2024-47535	MEDIUM4.67	io.netty:netty-common 4.1.51.Final fixed in 4.1.115.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2025-25193	MEDIUM4.67	io.netty:netty-common 4.1.51.Final fixed in 4.1.118.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2024-47535	MEDIUM4.67	io.netty:netty-common 4.1.75.Final fixed in 4.1.115.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2025-25193	MEDIUM4.67	io.netty:netty-common 4.1.75.Final fixed in 4.1.118.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2024-47535	MEDIUM4.67	io.netty:netty-common 4.1.79.Final fixed in 4.1.115.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2025-25193	MEDIUM4.67	io.netty:netty-common 4.1.79.Final fixed in 4.1.118.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2024-25710	MEDIUM4.67	org.apache.commons:commons-compress 1.18 fixed in 1.26.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-25710	MEDIUM4.67	org.apache.commons:commons-compress 1.21 fixed in 1.26.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-26308	MEDIUM4.67	org.apache.commons:commons-compress 1.21 fixed in 1.26.0	0.9% Theoretical Threat	Directly Exposed
CVE-2021-28168	MEDIUM4.67	org.glassfish.jersey.core:jersey-common 2.30 fixed in 2.34, 3.0.2	0.9% Theoretical Threat	Directly Exposed
CVE-2022-38750	MEDIUM4.67	org.yaml:snakeyaml 1.15 fixed in 1.31	1.0% Theoretical Threat	Directly Exposed
CVE-2022-38750	MEDIUM4.67	org.yaml:snakeyaml 1.28 fixed in 1.31	1.0% Theoretical Threat	Directly Exposed
CVE-2022-38750	MEDIUM4.67	org.yaml:snakeyaml 1.9 fixed in 1.31	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42308	MEDIUM4.67	Pillow 9.2.0 fixed in 12.2.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42310	MEDIUM4.67	Pillow 9.2.0 fixed in 12.2.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-25645	MEDIUM4.67	requests 2.31.0 fixed in 2.33.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-25645	MEDIUM4.67	requests 2.32.3 fixed in 2.33.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-21883	MEDIUM4.59	bokeh 2.4.3 fixed in 3.8.2	0.2% Theoretical Threat	Directly Exposed
CVE-2019-17571	MEDIUM4.58	log4j:log4j 1.2.17 No fix yet	69.1% Actively Exploited	Post-Exploit
CVE-2022-23305	MEDIUM4.58	log4j:log4j 1.2.17 No fix yet	67.5% Actively Exploited	Post-Exploit
CVE-2026-50020	MEDIUM4.5	io.netty:netty-codec-http 4.1.79.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-47244	MEDIUM4.5	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-50560	MEDIUM4.5	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2024-52279	MEDIUM4.5	org.apache.zeppelin:zeppelin-jdbc 0.11.2 fixed in 0.12.0	0.9% Theoretical Threat	Directly Exposed
CVE-2024-51775	MEDIUM4.5	org.apache.zeppelin:zeppelin-shell 0.11.2 fixed in 0.12.0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-8916	MEDIUM4.5	org.bouncycastle:bcpkix-jdk15on 1.70 fixed in 1.79	0.4% Theoretical Threat	Directly Exposed
CVE-2023-33201	MEDIUM4.5	org.bouncycastle:bcprov-jdk15on 1.70 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2024-34447	MEDIUM4.5	org.bouncycastle:bcprov-jdk15on 1.70 fixed in 1.78	0.8% Theoretical Threat	Directly Exposed
CVE-2024-6763	MEDIUM4.5	org.eclipse.jetty:jetty-http 8.2.0.v20160908 fixed in 12.0.12	1.0% Theoretical Threat	Directly Exposed
CVE-2024-6763	MEDIUM4.5	org.eclipse.jetty:jetty-http 9.4.50.v20221201 fixed in 12.0.12	1.0% Theoretical Threat	Directly Exposed
CVE-2024-6763	MEDIUM4.5	org.eclipse.jetty:jetty-http 9.4.52.v20230823 fixed in 12.0.12	1.0% Theoretical Threat	Directly Exposed
CVE-2026-34073	MEDIUM4.5	cryptography 42.0.2 fixed in 46.0.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45409	MEDIUM4.5	idna 3.4 fixed in 3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45409	MEDIUM4.5	idna 3.8 fixed in 3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2025-4565	MEDIUM4.5	protobuf 4.21.12 fixed in 4.25.8, 5.29.5, 6.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2024-47081	MEDIUM4.5	requests 2.31.0 fixed in 2.32.4	0.8% Theoretical Threat	Directly Exposed
CVE-2024-47081	MEDIUM4.5	requests 2.32.3 fixed in 2.32.4	0.8% Theoretical Threat	Directly Exposed
CVE-2026-35536	MEDIUM4.5	tornado 6.4.1 fixed in 6.5.5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-44431	MEDIUM4.5	urllib3 2.1.0 fixed in 2.7.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-44431	MEDIUM4.5	urllib3 2.2.2 fixed in 2.7.0	0.3% Theoretical Threat	Directly Exposed
CVE-2024-29131	MEDIUM4.4	org.apache.commons:commons-configuration2 2.1.1 fixed in 2.10.1	2.1% Low-Moderate Risk	Directly Exposed
CVE-2024-29133	MEDIUM4.4	org.apache.commons:commons-configuration2 2.1.1 fixed in 2.10.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2024-29131	MEDIUM4.4	org.apache.commons:commons-configuration2 2.8.0 fixed in 2.10.1	2.1% Low-Moderate Risk	Directly Exposed
CVE-2024-29133	MEDIUM4.4	org.apache.commons:commons-configuration2 2.8.0 fixed in 2.10.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2025-4373	MEDIUM4.08	libglib2.0-0 2.64.6-1~ubuntu20.04.7 fixed in 2.64.6-1~ubuntu20.04.9	0.4% Theoretical Threat	Directly Exposed
CVE-2024-21235	MEDIUM4.08	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	0.9% Theoretical Threat	Directly Exposed
CVE-2025-21502	MEDIUM4.08	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.26+4-1ubuntu1~20.04	0.9% Theoretical Threat	Directly Exposed
CVE-2025-30691	MEDIUM4.08	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04	0.5% Theoretical Threat	Directly Exposed
CVE-2024-21235	MEDIUM4.08	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	0.9% Theoretical Threat	Directly Exposed
CVE-2025-21502	MEDIUM4.08	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.26+4-1ubuntu1~20.04	0.9% Theoretical Threat	Directly Exposed
CVE-2025-30691	MEDIUM4.08	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04	0.5% Theoretical Threat	Directly Exposed
CVE-2025-68161	MEDIUM4.08	org.apache.logging.log4j:log4j-core 2.17.1 fixed in 2.25.3	0.7% Theoretical Threat	Directly Exposed
CVE-2025-68161	MEDIUM4.08	org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.3	0.7% Theoretical Threat	Directly Exposed
CVE-2024-52046	MEDIUM4.06	org.apache.mina:mina-core 2.0.7 fixed in 2.2.4, 2.1.10, 2.0.27	23.9% High Exploitation Risk	Post-Exploit
CVE-2024-13176	MEDIUM4	libssl1.1 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24	0.6% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.7	libssl1.1 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24	6.0% Low-Moderate Risk	Directly Exposed
CVE-2024-21208	LOW3.7	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-21217	LOW3.7	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-21208	LOW3.7	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-21217	LOW3.7	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	1.2% Low-Moderate Risk	Directly Exposed
CVE-2025-48924	LOW3.7	org.apache.commons:commons-lang3 3.14.0 fixed in 3.18.0	2.2% Low-Moderate Risk	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.1.3 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.10.1 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.12.6 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.4.0 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.7.4 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.7.9 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.8.1 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.9.8 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49128	LOW3.4	com.fasterxml.jackson.core:jackson-core 2.9.9 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-epoll 4.1.27.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-epoll 4.1.45.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-epoll 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-kqueue 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2025-46392	LOW3.3	commons-configuration:commons-configuration 1.6 No fix yet	1.7% Low-Moderate Risk	Directly Exposed
CVE-2024-6345	LOW3.17	setuptools 68.2.2 fixed in 70.0.0	1.8% Low-Moderate Risk	Post-Exploit
CVE-2025-47273	LOW3.17	setuptools 68.2.2 fixed in 78.1.1	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-47273	LOW3.17	setuptools 73.0.1 fixed in 78.1.1	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-21210	LOW3.15	openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	0.8% Theoretical Threat	Directly Exposed
CVE-2024-21210	LOW3.15	openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04 fixed in 11.0.25+9-1ubuntu1~20.04	0.8% Theoretical Threat	Directly Exposed
CVE-2023-36479	LOW3.1	org.eclipse.jetty:jetty-servlets 9.4.50.v20221201 fixed in 9.4.52, 10.0.16, 11.0.16	1.0% Low-Moderate Risk	Directly Exposed
CVE-2021-34428	LOW2.98	org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.41, 10.0.3, 11.0.3	1.0% Theoretical Threat	Directly Exposed
CVE-2026-6357	LOW2.96	pip 23.3.1 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-6357	LOW2.96	pip 24.2 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-24049	LOW2.8	wheel 0.41.2 fixed in 0.46.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-24049	LOW2.8	wheel 0.43.0 fixed in 0.46.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-24049	LOW2.8	wheel 0.44.0 fixed in 0.46.2	0.3% Theoretical Threat	Post-Exploit
CVE-2020-8908	LOW2.8	com.google.guava:guava 18.0 fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 19.0 fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 20.0 fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 22.0 fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 24.1.1-jre fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 25.0-jre fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 30.1.1-jre fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 31.1-android fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2026-4539	LOW2.8	Pygments 2.18.0 fixed in 2.20.0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-8869	LOW2.7	pip 23.3.1 fixed in 25.3	0.4% Theoretical Threat	Post-Exploit
CVE-2025-8869	LOW2.7	pip 24.2 fixed in 25.3	0.4% Theoretical Threat	Post-Exploit
CVE-2020-7020	LOW2.63	org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.13, 7.9.2	1.0% Theoretical Threat	Directly Exposed
CVE-2026-3219	LOW2.55	pip 23.3.1 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-3219	LOW2.55	pip 24.2 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2025-30258	LOW2.4	gpgv 2.2.19-3ubuntu2.2 fixed in 2.2.19-3ubuntu2.4	0.2% Theoretical Threat	Post-Exploit
CVE-2024-13176	LOW2.4	openssl 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24	0.6% Theoretical Threat	Post-Exploit
CVE-2022-2047	LOW2.29	org.eclipse.jetty:jetty-http 8.2.0.v20160908 fixed in 9.4.47, 10.0.10, 11.0.10	0.9% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW2.22	openssl 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24	6.0% Low-Moderate Risk	Post-Exploit
CVE-2026-23901	LOW2.12	org.apache.shiro:shiro-core 1.10.0 fixed in 2.1.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1703	LOW1.99	pip 23.3.1 fixed in 26.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-1703	LOW1.99	pip 24.2 fixed in 26.0	0.4% Theoretical Threat	Post-Exploit
CVE-2024-47175	NONE0	libcups2 2.3.1-9ubuntu1.8 fixed in 2.3.1-9ubuntu1.9	73.1% Actively Exploited	Not Applicable
CVE-2024-3596	NONE0	krb5-locales 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Not Applicable
CVE-2024-52533	NONE0	libglib2.0-data 2.64.6-1~ubuntu20.04.7 fixed in 2.64.6-1~ubuntu20.04.8	1.3% Low-Moderate Risk	Not Applicable
CVE-2025-4802	NONE0	locales 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.18	0.4% Theoretical Threat	Not Applicable
CVE-2025-24528	NONE0	krb5-locales 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Not Applicable
CVE-2025-3576	NONE0	krb5-locales 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Not Applicable
CVE-2024-26458	NONE0	krb5-locales 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Not Applicable
CVE-2024-26461	NONE0	krb5-locales 1.17-6ubuntu4.7 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Not Applicable
CVE-2025-0395	NONE0	locales 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.17	0.3% Theoretical Threat	Not Applicable
CVE-2025-4373	NONE0	libglib2.0-data 2.64.6-1~ubuntu20.04.7 fixed in 2.64.6-1~ubuntu20.04.9	0.4% Theoretical Threat	Not Applicable
CVE-2025-48924	NONE0	commons-lang:commons-lang 2.6 No fix yet	2.2% Low-Moderate Risk	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.1.3 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.10.1 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.12.6 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.13.1 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.13.2 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.13.3 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.4.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.7.4 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.7.9 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.8.1 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.9.8 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.9.9 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-25526	NONE0	com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.8.3, 2.7.6	0.9% Theoretical Threat	Not Applicable
CVE-2026-25526	NONE0	com.hubspot.jinjava:jinjava 2.5.4 fixed in 2.8.3, 2.7.6	0.9% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec 4.1.27.Final fixed in 4.1.133.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec 4.1.45.Final fixed in 4.1.133.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec 4.1.51.Final fixed in 4.1.133.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec 4.1.75.Final fixed in 4.1.133.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec 4.1.79.Final fixed in 4.1.133.Final	0.4% Theoretical Threat	Not Applicable
GHSA-xpw8-rcwv-8f8p	NONE0	io.netty:netty-codec-http2 4.1.79.Final fixed in 4.1.100.Final	—	Not Applicable
CVE-2026-45205	NONE0	org.apache.commons:commons-configuration2 2.8.0 fixed in 2.15.0	0.5% Theoretical Threat	Not Applicable
CVE-2025-30474	NONE0	org.apache.commons:commons-vfs2 2.6.0 fixed in 2.10.0	0.7% Theoretical Threat	Not Applicable
CVE-2024-23454	NONE0	org.apache.hadoop:hadoop-common 2.7.7 fixed in 3.4.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-49268	NONE0	org.apache.shiro:shiro-core 1.10.0 fixed in 2.2.1, 3.0.0-alpha-2	—	Not Applicable
CVE-2025-55039	NONE0	org.apache.spark:spark-network-common_2.12 3.4.1 fixed in 3.4.4, 3.5.2	0.2% Theoretical Threat	Not Applicable
CVE-2024-41169	NONE0	org.apache.zeppelin:zeppelin-interpreter 0.11.2 fixed in 0.12.0	0.6% Theoretical Threat	Not Applicable
CVE-2024-41169	NONE0	org.apache.zeppelin:zeppelin-server 0.11.2 fixed in 0.12.0	0.6% Theoretical Threat	Not Applicable
CVE-2024-41177	NONE0	org.apache.zeppelin:zeppelin-web 0.11.2 fixed in 0.12.0	0.6% Theoretical Threat	Not Applicable
GHSA-58qw-p7qm-5rvh	NONE0	org.eclipse.jetty:jetty-xml 9.4.43.v20210629 fixed in 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823	—	Not Applicable
GHSA-2r2c-cx56-8933	NONE0	org.jline:jline-remote-telnet 3.16.0 fixed in 4.2.1	—	Not Applicable
GHSA-47qp-hqvx-6r3f	NONE0	org.jline:jline-remote-telnet 3.16.0 fixed in 4.2.1	—	Not Applicable
GHSA-2r2c-cx56-8933	NONE0	org.jline:jline-remote-telnet 3.9.0 fixed in 4.2.1	—	Not Applicable
GHSA-47qp-hqvx-6r3f	NONE0	org.jline:jline-remote-telnet 3.9.0 fixed in 4.2.1	—	Not Applicable
GHSA-gj48-438w-jh9v	NONE0	bleach 6.1.0 fixed in 6.4.0	—	Not Applicable
GHSA-8rfp-98v4-mmr6	NONE0	bleach 6.1.0 fixed in 6.4.0	—	Not Applicable
GHSA-537c-gmf6-5ccf	NONE0	cryptography 42.0.2 fixed in 48.0.1	—	Not Applicable
GHSA-h4gh-qq45-vh27	NONE0	cryptography 42.0.2 fixed in 43.0.1	—	Not Applicable
CVE-2026-33310	NONE0	intake 2.0.6 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2025-30167	NONE0	jupyter_core 5.7.2 fixed in 5.8.1	0.1% Theoretical Threat	Not Applicable
CVE-2026-49853	NONE0	tornado 6.4.1 fixed in 6.5.6	—	Not Applicable
CVE-2026-49855	NONE0	tornado 6.4.1 fixed in 6.5.6	—	Not Applicable
GHSA-78cv-mqj4-43f7	NONE0	tornado 6.4.1 fixed in 6.5.5	—	Not Applicable
GHSA-pw6j-qg29-8w7f	NONE0	tornado 6.4.1 fixed in 6.5.7	—	Not Applicable
CVE-2026-49854	NONE0	tornado 6.4.1 fixed in 6.5.6	—	Not Applicable