This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution through template injection (CVE-2025-59340) or YAML deserialization (CVE-2022-1471), bypass authentication via request smuggling, or compromise data integrity through multiple other flaws. All top vulnerabilities are remotely exploitable with no authentication required, and the image exposes 381 vulnerabilities with a maximum severity of 10.0. No compensating controls fully eliminate these risks; the only remedy is to rebuild the image with patched dependencies.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-59340 | CRITICAL10 | com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.8.1, 2.7.5 | 2.3% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2025-59340 | CRITICAL10 | com.hubspot.jinjava:jinjava 2.5.4 fixed in 2.8.1, 2.7.5 | 2.3% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2017-7657 | CRITICAL10 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.25.v20180606, 9.3.24.v20180605 | 16.2% High Exploitation Risk | Directly ExposedContext importance: HIGH |
| CVE-2017-7658 | CRITICAL10 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.25.v20180606, 9.3.24.v20180605, 9.4.11.v20180605 | 21.0% High Exploitation Risk | Directly ExposedContext importance: HIGH |
| CVE-2022-1471 | CRITICAL10 | org.yaml:snakeyaml 1.15 fixed in 2.0 | 99.6% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2022-1471 | CRITICAL10 | org.yaml:snakeyaml 1.27 fixed in 2.0 | 99.6% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2022-1471 | CRITICAL10 | org.yaml:snakeyaml 1.9 fixed in 2.0 | 99.6% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2023-47248 | CRITICAL10 | pyarrow 9.0.0 fixed in 14.0.1 | 18.3% High Exploitation Risk | Directly ExposedContext importance: HIGH |
| CVE-2019-20445 | CRITICAL10 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 13.5% High Exploitation Risk | Directly ExposedContext importance: HIGH |
| CVE-2023-4863 | CRITICAL10 | Pillow 9.2.0 fixed in 10.0.1 | 99.7% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2024-56171 | CRITICAL9.8 | libxml2 2.9.10+dfsg-5ubuntu0.20.04.8 fixed in 2.9.10+dfsg-5ubuntu0.20.04.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2019-16335 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10, 2.8.11.5, 2.6.7.3 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2019-16942 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3 | 5.7% Low-Moderate Risk | Directly Exposed |
| CVE-2019-16943 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2019-17267 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10, 2.8.11.5 | 4.6% Low-Moderate Risk | Directly Exposed |
| CVE-2019-17531 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.1, 2.8.11.5, 2.6.7.3 | 5.3% Low-Moderate Risk | Directly Exposed |
| CVE-2019-20330 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 | 8.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-9546 | CRITICAL9.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 4.6% Low-Moderate Risk | Directly Exposed |
| CVE-2021-4104 | CRITICAL9.75 | log4j:log4j 1.2.17 No fix yet | 81.1% Actively Exploited | Directly Exposed |
| CVE-2015-2080 | CRITICAL9.75 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.9.v20150224 | 74.9% Actively Exploited | Directly Exposed |
| CVE-2021-28165 | CRITICAL9.75 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.39, 10.0.2, 11.0.2 | 53.9% Actively Exploited | Directly Exposed |
| CVE-2025-27363 | CRITICAL9.31 | libfreetype6 2.10.1-2ubuntu0.3 fixed in 2.10.1-2ubuntu0.4 | 23.4% High Exploitation Risk | Directly Exposed |
| CVE-2020-35728 | CRITICAL9.31 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 12.5% High Exploitation Risk | Directly Exposed |
| CVE-2020-36179 | CRITICAL9.31 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 20.9% High Exploitation Risk | Directly Exposed |
| CVE-2020-36184 | CRITICAL9.31 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 10.4% High Exploitation Risk | Directly Exposed |
| CVE-2020-36188 | CRITICAL9.31 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 10.9% High Exploitation Risk | Directly Exposed |
| CVE-2020-7692 | CRITICAL9.1 | com.google.oauth-client:google-oauth-client 1.23.0 fixed in 1.31.0 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-7692 | CRITICAL9.1 | com.google.oauth-client:google-oauth-client 1.30.5 fixed in 1.31.0 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2019-20444 | CRITICAL9.1 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 8.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-44981 | CRITICAL9.1 | org.apache.zookeeper:zookeeper 3.5.5 fixed in 3.7.2, 3.8.3, 3.9.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-44981 | CRITICAL9.1 | org.apache.zookeeper:zookeeper 3.6.3 fixed in 3.7.2, 3.8.3, 3.9.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2020-10672 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-10673 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4, 2.6.7.4 | 8.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-10968 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-10969 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.5% Low-Moderate Risk | Directly Exposed |
| CVE-2020-11111 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.5% Low-Moderate Risk | Directly Exposed |
| CVE-2020-11112 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-11113 | HIGH8.8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 6.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-48734 | HIGH8.8 | commons-beanutils:commons-beanutils 1.9.4 fixed in 1.11.0 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2024-47561 | HIGH8.8 | org.apache.avro:avro 1.11.2 fixed in 1.11.4 | 3.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-4759 | HIGH8.8 | org.eclipse.jgit:org.eclipse.jgit 4.5.4.201711221230-r fixed in 6.6.1.202309021850-r, 5.13.3.202401111512-r | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2019-12086 | HIGH8.62 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 | 21.9% High Exploitation Risk | Directly Exposed |
| CVE-2019-14439 | HIGH8.62 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 | 10.8% High Exploitation Risk | Directly Exposed |
| CVE-2020-25649 | HIGH8.62 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.4, 2.9.10.7, 2.10.5.1 | 17.6% High Exploitation Risk | Directly Exposed |
| CVE-2019-12402 | HIGH8.62 | org.apache.commons:commons-compress 1.18 fixed in 1.19 | 16.2% High Exploitation Risk | Directly Exposed |
| CVE-2021-35515 | HIGH8.62 | org.apache.commons:commons-compress 1.18 fixed in 1.21 | 11.9% High Exploitation Risk | Directly Exposed |
| CVE-2021-35516 | HIGH8.62 | org.apache.commons:commons-compress 1.18 fixed in 1.21 | 12.7% High Exploitation Risk | Directly Exposed |
| CVE-2021-35517 | HIGH8.62 | org.apache.commons:commons-compress 1.18 fixed in 1.21 | 10.9% High Exploitation Risk | Directly Exposed |
| CVE-2021-36090 | HIGH8.62 | org.apache.commons:commons-compress 1.18 fixed in 1.21 | 13.3% High Exploitation Risk | Directly Exposed |
| CVE-2019-10172 | HIGH8.62 | org.codehaus.jackson:jackson-mapper-asl 1.9.13 No fix yet | 17.0% High Exploitation Risk | Directly Exposed |
| CVE-2021-33813 | HIGH8.62 | org.jdom:jdom 1.1 No fix yet | 19.4% High Exploitation Risk | Directly Exposed |
| CVE-2017-18640 | HIGH8.62 | org.yaml:snakeyaml 1.15 fixed in 1.26 | 26.7% High Exploitation Risk | Directly Exposed |
| CVE-2017-18640 | HIGH8.62 | org.yaml:snakeyaml 1.9 fixed in 1.26 | 26.7% High Exploitation Risk | Directly Exposed |
| CVE-2026-27727 | HIGH8.33 | com.mchange:mchange-commons-java 0.2.15 fixed in 0.4.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-41409 | HIGH8.33 | org.apache.mina:mina-core 2.0.7 fixed in 2.0.28, 2.1.11, 2.2.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41635 | HIGH8.33 | org.apache.mina:mina-core 2.0.7 fixed in 2.0.28, 2.1.11, 2.2.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-66034 | HIGH8.33 | fonttools 4.56.0 fixed in 4.60.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2020-10650 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.3% Low-Moderate Risk | Directly Exposed |
| CVE-2020-11619 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 3.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-11620 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-14060 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5 | 8.5% Low-Moderate Risk | Directly Exposed |
| CVE-2020-14061 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5 | 4.4% Low-Moderate Risk | Directly Exposed |
| CVE-2020-14062 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5 | 8.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-14195 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.5 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2020-24616 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.6 | 9.3% Low-Moderate Risk | Directly Exposed |
| CVE-2020-24750 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.5, 2.9.10.6 | 7.3% Low-Moderate Risk | Directly Exposed |
| CVE-2020-35490 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 7.7% Low-Moderate Risk | Directly Exposed |
| CVE-2020-35491 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 9.5% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36180 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 5.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36181 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 5.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36182 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 5.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36183 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36185 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 5.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36186 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 5.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36187 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8 | 5.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36189 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.8, 2.6.7.5 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-20190 | HIGH8.1 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.7, 2.6.7.5 | 7.5% Low-Moderate Risk | Directly Exposed |
| CVE-2019-7611 | HIGH8.1 | org.elasticsearch:elasticsearch 2.4.3 fixed in 5.6.15, 6.6.1 | 2.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-50447 | HIGH8.1 | Pillow 9.2.0 fixed in 10.2.0 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2019-14540 | HIGH8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10, 2.8.11.5, 2.6.7.3 | 10.7% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2020-8840 | HIGH8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 | 26.6% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2020-9547 | HIGH8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7 | 18.7% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2020-9548 | HIGH8 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10.4, 2.8.11.6, 2.7.9.7 | 18.3% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2019-17571 | HIGH8 | log4j:log4j 1.2.17 No fix yet | 69.1% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2022-23305 | HIGH8 | log4j:log4j 1.2.17 No fix yet | 67.5% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2024-52046 | HIGH8 | org.apache.mina:mina-core 2.0.7 fixed in 2.2.4, 2.1.10, 2.0.27 | 23.9% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-23307 | HIGH8 | log4j:log4j 1.2.17 No fix yet | 52.5% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2022-23302 | HIGH8 | log4j:log4j 1.2.17 No fix yet | 61.8% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2019-14379 | HIGH7.84 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.2, 2.8.11.4, 2.7.9.6 | 8.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2019-14892 | HIGH7.84 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.6.7.3, 2.8.11.5, 2.9.10 | 5.4% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2019-14893 | HIGH7.84 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.10 | 4.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2019-10202 | HIGH7.84 | org.codehaus.jackson:jackson-mapper-asl 1.9.13 No fix yet | 5.2% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42584 | HIGH7.73 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2332 | HIGH7.73 | org.eclipse.jetty:jetty-http 9.4.52.v20230823 fixed in 12.1.7, 12.0.33 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2332 | HIGH7.73 | org.eclipse.jetty:jetty-http 9.4.54.v20240208 fixed in 12.1.7, 12.0.33 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58782 | HIGH7.7 | org.apache.jackrabbit:jackrabbit-jcr-commons 1.6.5 fixed in 2.22.2 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2025-27113 | HIGH7.5 | libxml2 2.9.10+dfsg-5ubuntu0.20.04.8 fixed in 2.9.10+dfsg-5ubuntu0.20.04.9 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-36518 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.13.2.1, 2.12.6.1 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2022-42003 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.12.7.1, 2.13.4.2 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-42004 | HIGH7.5 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.12.7.1, 2.13.4 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-7254 | HIGH7.5 | com.google.protobuf:protobuf-java 3.21.7 fixed in 3.25.5, 4.27.5, 4.28.2 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-46120 | HIGH7.5 | com.rabbitmq:amqp-client 5.5.3 fixed in 5.18.0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3635 | HIGH7.5 | com.squareup.okio:okio 1.15.0 fixed in 3.4.0, 1.17.6 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3635 | HIGH7.5 | com.squareup.okio:okio 1.17.3 fixed in 3.4.0, 1.17.6 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37136 | HIGH7.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 5.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37137 | HIGH7.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 6.3% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37136 | HIGH7.5 | io.netty:netty-codec 4.1.51.Final fixed in 4.1.68.Final | 5.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37137 | HIGH7.5 | io.netty:netty-codec 4.1.51.Final fixed in 4.1.68.Final | 6.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-26464 | HIGH7.5 | log4j:log4j 1.2.17 fixed in 2.0 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2023-39410 | HIGH7.5 | org.apache.avro:avro 1.11.2 fixed in 1.11.3 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2015-3250 | HIGH7.5 | org.apache.directory.api:api-ldap-model 1.0.0-M20 fixed in 1.0.0-M31 | 5.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-39239 | HIGH7.5 | org.apache.jena:jena-core 3.12.0 fixed in 4.2.0 | 4.0% Low-Moderate Risk | Directly Exposed |
| CVE-2019-0231 | HIGH7.5 | org.apache.mina:mina-core 2.0.7 fixed in 2.0.21, 2.1.1 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-13949 | HIGH7.5 | org.apache.thrift:libthrift 0.13.0 fixed in 0.14.0 | 6.8% Low-Moderate Risk | Directly Exposed |
| CVE-2017-7656 | HIGH7.5 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.3.24.v20180605, 9.4.11.v20180605 | 6.4% Low-Moderate Risk | Directly Exposed |
| CVE-2017-9735 | HIGH7.5 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.6.v20170531, 9.3.20.v20170531, 9.2.22.v20170606 | 5.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-31418 | HIGH7.5 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.13, 8.9.0 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37714 | HIGH7.5 | org.jsoup:jsoup 1.10.3 fixed in 1.14.2 | 6.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37714 | HIGH7.5 | org.jsoup:jsoup 1.11.3 fixed in 1.14.2 | 6.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37714 | HIGH7.5 | org.jsoup:jsoup 1.8.1 fixed in 1.14.2 | 6.9% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25857 | HIGH7.5 | org.yaml:snakeyaml 1.15 fixed in 1.31 | 2.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25857 | HIGH7.5 | org.yaml:snakeyaml 1.27 fixed in 1.31 | 2.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25857 | HIGH7.5 | org.yaml:snakeyaml 1.9 fixed in 1.31 | 2.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-45199 | HIGH7.5 | Pillow 9.2.0 fixed in 9.3.0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-44271 | HIGH7.5 | Pillow 9.2.0 fixed in 10.0.0 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-3651 | HIGH7.5 | idna 3.4 fixed in 3.7 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-67030 | HIGH7.48 | org.codehaus.plexus:plexus-utils 3.2.1 fixed in 4.0.3, 3.6.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-27516 | HIGH7.48 | Jinja2 3.1.5 fixed in 3.1.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-12797 | HIGH7.4 | cryptography 42.0.2 fixed in 44.0.1 | 2.4% Low-Moderate Risk | Directly Exposed |
| CVE-2026-44249 | MEDIUM6.88 | io.netty:netty-handler 4.1.51.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM6.88 | io.netty:netty-handler 4.1.75.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM6.88 | io.netty:netty-handler 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27830 | MEDIUM6.8 | com.mchange:c3p0 0.9.5.4 fixed in 0.12.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2019-12384 | MEDIUM6.79 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 | 45.2% High Exploitation Risk | Directly Exposed |
| CVE-2019-12814 | MEDIUM6.79 | com.fasterxml.jackson.core:jackson-databind 2.9.8 fixed in 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 | 11.0% High Exploitation Risk | Directly Exposed |
| CVE-2016-5725 | MEDIUM6.79 | com.jcraft:jsch 0.1.53 fixed in 0.1.54 | 24.1% High Exploitation Risk | Directly Exposed |
| CVE-2021-21295 | MEDIUM6.79 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 18.9% High Exploitation Risk | Directly Exposed |
| CVE-2025-54920 | MEDIUM6.7 | org.apache.spark:spark-core_2.12 3.5.3 fixed in 3.5.7 | 5.3% Low-Moderate Risk | Directly Exposed |
| CVE-2025-24928 | MEDIUM6.54 | libxml2 2.9.10+dfsg-5ubuntu0.20.04.8 fixed in 2.9.10+dfsg-5ubuntu0.20.04.9 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2020-12668 | MEDIUM6.5 | com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.5.4 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2021-37533 | MEDIUM6.5 | commons-net:commons-net 3.3 fixed in 3.9.0 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2021-43797 | MEDIUM6.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34462 | MEDIUM6.5 | io.netty:netty-handler 4.1.51.Final fixed in 4.1.94.Final | 2.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34462 | MEDIUM6.5 | io.netty:netty-handler 4.1.75.Final fixed in 4.1.94.Final | 2.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34462 | MEDIUM6.5 | io.netty:netty-handler 4.1.87.Final fixed in 4.1.94.Final | 2.5% Low-Moderate Risk | Directly Exposed |
| CVE-2021-41973 | MEDIUM6.5 | org.apache.mina:mina-core 2.0.7 fixed in 2.1.5, 2.0.22 | 4.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29857 | MEDIUM6.5 | org.bouncycastle:bcprov-jdk15on 1.70 fixed in 1.78 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-8184 | MEDIUM6.5 | org.eclipse.jetty:jetty-server 9.4.52.v20230823 fixed in 12.0.9, 10.0.24, 11.0.24, 9.4.56 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-8184 | MEDIUM6.5 | org.eclipse.jetty:jetty-server 9.4.54.v20240208 fixed in 12.0.9, 10.0.24, 11.0.24, 9.4.56 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2020-7019 | MEDIUM6.5 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.9.0, 6.8.12 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2021-22144 | MEDIUM6.5 | org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.17, 7.13.3 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38749 | MEDIUM6.5 | org.yaml:snakeyaml 1.15 fixed in 1.31 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38751 | MEDIUM6.5 | org.yaml:snakeyaml 1.15 fixed in 1.31 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38752 | MEDIUM6.5 | org.yaml:snakeyaml 1.15 fixed in 1.32 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41854 | MEDIUM6.5 | org.yaml:snakeyaml 1.15 fixed in 1.32 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38749 | MEDIUM6.5 | org.yaml:snakeyaml 1.27 fixed in 1.31 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38751 | MEDIUM6.5 | org.yaml:snakeyaml 1.27 fixed in 1.31 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38752 | MEDIUM6.5 | org.yaml:snakeyaml 1.27 fixed in 1.32 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41854 | MEDIUM6.5 | org.yaml:snakeyaml 1.27 fixed in 1.32 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38749 | MEDIUM6.5 | org.yaml:snakeyaml 1.9 fixed in 1.31 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38751 | MEDIUM6.5 | org.yaml:snakeyaml 1.9 fixed in 1.31 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-38752 | MEDIUM6.5 | org.yaml:snakeyaml 1.9 fixed in 1.32 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41854 | MEDIUM6.5 | org.yaml:snakeyaml 1.9 fixed in 1.32 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2025-32414 | MEDIUM6.38 | libxml2 2.9.10+dfsg-5ubuntu0.20.04.8 fixed in 2.9.10+dfsg-5ubuntu0.20.04.10 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-32415 | MEDIUM6.38 | libxml2 2.9.10+dfsg-5ubuntu0.20.04.8 fixed in 2.9.10+dfsg-5ubuntu0.20.04.10 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.9.8 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2021-0341 | MEDIUM6.38 | com.squareup.okhttp3:okhttp 3.12.12 fixed in 4.9.2 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2021-0341 | MEDIUM6.38 | com.squareup.okhttp3:okhttp 3.13.1 fixed in 4.9.2 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-58057 | MEDIUM6.38 | io.netty:netty-codec 4.1.51.Final fixed in 4.1.125.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-58057 | MEDIUM6.38 | io.netty:netty-codec 4.1.75.Final fixed in 4.1.125.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-58057 | MEDIUM6.38 | io.netty:netty-codec 4.1.87.Final fixed in 4.1.125.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-58056 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.1.125.Final, 4.2.5.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-55163 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.2.4.Final, 4.1.124.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.1.132.Final, 4.2.11.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.51.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.51.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.75.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.75.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.1.87.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34479 | MEDIUM6.38 | org.apache.logging.log4j:log4j-1.2-api 2.20.0 fixed in 2.25.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.17.1 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.20.0 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk15on 1.70 fixed in 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-23444 | MEDIUM6.38 | org.elasticsearch:elasticsearch 2.4.3 fixed in 8.13.0, 7.17.23 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-43709 | MEDIUM6.38 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.21, 8.13.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-52979 | MEDIUM6.38 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.25, 8.16.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-21634 | MEDIUM6.38 | software.amazon.ion:ion-java 1.0.2 fixed in 1.10.5 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-6176 | MEDIUM6.38 | Brotli 1.0.9 fixed in 1.2.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-69534 | MEDIUM6.38 | Markdown 3.6 fixed in 3.8.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-26130 | MEDIUM6.38 | cryptography 42.0.2 fixed in 42.0.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2023-33953 | MEDIUM6.38 | grpcio 1.47.1 fixed in 1.53.2, 1.54.3, 1.55.2, 1.56.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0994 | MEDIUM6.38 | protobuf 4.21.12 fixed in 6.33.5, 5.29.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-47287 | MEDIUM6.38 | tornado 6.4.2 fixed in 6.5 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-31958 | MEDIUM6.38 | tornado 6.4.2 fixed in 6.5.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-66418 | MEDIUM6.38 | urllib3 2.1.0 fixed in 2.6.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66471 | MEDIUM6.38 | urllib3 2.1.0 fixed in 2.6.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-21441 | MEDIUM6.38 | urllib3 2.1.0 fixed in 2.6.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66418 | MEDIUM6.38 | urllib3 2.3.0 fixed in 2.6.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66471 | MEDIUM6.38 | urllib3 2.3.0 fixed in 2.6.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-21441 | MEDIUM6.38 | urllib3 2.3.0 fixed in 2.6.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-21587 | MEDIUM6.29 | openjdk-11-jre-headless 11.0.26+4-1ubuntu1~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2021-22573 | MEDIUM6.21 | com.google.oauth-client:google-oauth-client 1.23.0 fixed in 1.33.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2021-22573 | MEDIUM6.21 | com.google.oauth-client:google-oauth-client 1.30.5 fixed in 1.33.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-43869 | MEDIUM6.21 | org.apache.thrift:libthrift 0.13.0 fixed in 0.23.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-13009 | MEDIUM6.12 | org.eclipse.jetty:jetty-server 9.4.52.v20230823 fixed in 9.4.57.v20241219 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-13009 | MEDIUM6.12 | org.eclipse.jetty:jetty-server 9.4.54.v20240208 fixed in 9.4.57.v20241219 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2019-10241 | MEDIUM6.1 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 | 9.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-36033 | MEDIUM6.1 | org.jsoup:jsoup 1.10.3 fixed in 1.15.3 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-36033 | MEDIUM6.1 | org.jsoup:jsoup 1.11.3 fixed in 1.15.3 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2015-6748 | MEDIUM6.1 | org.jsoup:jsoup 1.8.1 fixed in 1.8.3 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-36033 | MEDIUM6.1 | org.jsoup:jsoup 1.8.1 fixed in 1.15.3 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 18.0 fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 19.0 fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 20.0 fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 24.1.1-jre fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 25.0-jre fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-2976 | MEDIUM6.03 | com.google.guava:guava 31.1-android fixed in 32.0.0-android | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-4802 | MEDIUM5.95 | libc-bin 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.18 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-4802 | MEDIUM5.95 | libc6 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.18 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libgssapi-krb5-2 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libk5crypto3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5-3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5support0 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2018-10237 | MEDIUM5.9 | com.google.guava:guava 18.0 fixed in 24.1.1-android | 5.1% Low-Moderate Risk | Directly Exposed |
| CVE-2018-10237 | MEDIUM5.9 | com.google.guava:guava 19.0 fixed in 24.1.1-android | 5.1% Low-Moderate Risk | Directly Exposed |
| CVE-2018-10237 | MEDIUM5.9 | com.google.guava:guava 20.0 fixed in 24.1.1-android | 5.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-21409 | MEDIUM5.9 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 4.9% Low-Moderate Risk | Directly Exposed |
| CVE-2019-7614 | MEDIUM5.9 | org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.2, 7.2.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-23944 | MEDIUM5.61 | org.apache.zookeeper:zookeeper 3.6.3 fixed in 3.8.4, 3.9.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libgssapi-krb5-2 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libk5crypto3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libkrb5-3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libkrb5support0 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-67735 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.8.Final, 4.1.129.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-11143 | MEDIUM5.52 | org.eclipse.jetty:jetty-http 9.4.52.v20230823 fixed in 12.0.31, 12.1.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-11143 | MEDIUM5.52 | org.eclipse.jetty:jetty-http 9.4.54.v20240208 fixed in 12.0.31, 12.1.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-49921 | MEDIUM5.52 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.17.16, 8.11.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-26007 | MEDIUM5.52 | cryptography 42.0.2 fixed in 46.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-37891 | MEDIUM5.52 | urllib3 2.1.0 fixed in 1.26.19, 2.2.2 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2021-21290 | MEDIUM5.5 | io.netty:netty 3.10.6.Final fixed in 4.0.0 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2021-27807 | MEDIUM5.5 | org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.23 | 3.0% Low-Moderate Risk | Directly Exposed |
| CVE-2021-27906 | MEDIUM5.5 | org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.23 | 3.3% Low-Moderate Risk | Directly Exposed |
| CVE-2021-31811 | MEDIUM5.5 | org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.24 | 3.4% Low-Moderate Risk | Directly Exposed |
| CVE-2021-31812 | MEDIUM5.5 | org.apache.pdfbox:pdfbox 2.0.16 fixed in 2.0.24 | 3.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12243 | MEDIUM5.3 | libgnutls30 3.6.13-2ubuntu1.11 fixed in 3.6.13-2ubuntu1.12 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12133 | MEDIUM5.3 | libtasn1-6 4.16.0-2 fixed in 4.16.0-2ubuntu0.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2018-18893 | MEDIUM5.3 | com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.4.6 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29025 | MEDIUM5.3 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.1.108.Final | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2025-27553 | MEDIUM5.3 | org.apache.commons:commons-vfs2 2.6.0 fixed in 2.10.0 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-13956 | MEDIUM5.3 | org.apache.httpcomponents:httpclient 4.5 fixed in 4.5.13, 5.0.3 | 8.7% Low-Moderate Risk | Directly Exposed |
| CVE-2019-10247 | MEDIUM5.3 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 | 5.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-26048 | MEDIUM5.3 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.51.v20230217, 10.0.14, 11.0.14 | 3.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-26049 | MEDIUM5.3 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2025-4949 | MEDIUM5.3 | org.eclipse.jgit:org.eclipse.jgit 4.5.4.201711221230-r fixed in 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-22135 | MEDIUM5.3 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.11.2, 6.8.15 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2021-22137 | MEDIUM5.3 | org.elasticsearch:elasticsearch 2.4.3 fixed in 7.11.2, 6.8.15 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-57804 | MEDIUM5.3 | h2 4.2.0 fixed in 4.3.0 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2021-33430 | MEDIUM5.3 | numpy 1.19.5 fixed in 1.21 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-34141 | MEDIUM5.3 | numpy 1.19.5 fixed in 1.22 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2018-3824 | MEDIUM5.18 | org.elasticsearch:elasticsearch 2.4.3 fixed in 5.6.9, 6.2.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-23528 | MEDIUM5.18 | distributed 2023.2.0 fixed in 2026.1.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-50181 | MEDIUM5.18 | urllib3 2.1.0 fixed in 2.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-50181 | MEDIUM5.18 | urllib3 2.3.0 fixed in 2.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-50182 | MEDIUM5.18 | urllib3 2.3.0 fixed in 2.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libgssapi-krb5-2 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libgssapi-krb5-2 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libk5crypto3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libk5crypto3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libkrb5-3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5-3 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libkrb5support0 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5support0 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.17.1 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.20.0 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-30171 | MEDIUM5.02 | org.bouncycastle:bcprov-jdk15on 1.70 fixed in 1.78 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-28219 | MEDIUM5.02 | Pillow 9.2.0 fixed in 10.3.0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2025-53864 | MEDIUM4.93 | com.nimbusds:nimbus-jose-jwt 9.37.2 fixed in 10.0.2, 9.37.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2020-7021 | MEDIUM4.9 | org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.14, 7.10.0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2025-30698 | MEDIUM4.76 | openjdk-11-jre-headless 11.0.26+4-1ubuntu1~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-35195 | MEDIUM4.76 | requests 2.31.0 fixed in 2.32.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-0395 | MEDIUM4.67 | libc-bin 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.17 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-0395 | MEDIUM4.67 | libc6 2.31-0ubuntu9.16 fixed in 2.31-0ubuntu9.17 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-29088 | MEDIUM4.67 | libsqlite3-0 3.31.1-4ubuntu0.6 fixed in 3.31.1-4ubuntu0.7 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-47535 | MEDIUM4.67 | io.netty:netty-common 4.1.51.Final fixed in 4.1.115.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-25193 | MEDIUM4.67 | io.netty:netty-common 4.1.51.Final fixed in 4.1.118.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-47535 | MEDIUM4.67 | io.netty:netty-common 4.1.75.Final fixed in 4.1.115.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-25193 | MEDIUM4.67 | io.netty:netty-common 4.1.75.Final fixed in 4.1.118.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-47535 | MEDIUM4.67 | io.netty:netty-common 4.1.87.Final fixed in 4.1.115.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-25193 | MEDIUM4.67 | io.netty:netty-common 4.1.87.Final fixed in 4.1.118.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-25710 | MEDIUM4.67 | org.apache.commons:commons-compress 1.18 fixed in 1.26.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-25710 | MEDIUM4.67 | org.apache.commons:commons-compress 1.21 fixed in 1.26.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-26308 | MEDIUM4.67 | org.apache.commons:commons-compress 1.21 fixed in 1.26.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2023-42503 | MEDIUM4.67 | org.apache.commons:commons-compress 1.23.0 fixed in 1.24.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-25710 | MEDIUM4.67 | org.apache.commons:commons-compress 1.23.0 fixed in 1.26.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-26308 | MEDIUM4.67 | org.apache.commons:commons-compress 1.23.0 fixed in 1.26.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2021-28168 | MEDIUM4.67 | org.glassfish.jersey.core:jersey-common 2.30 fixed in 2.34, 3.0.2 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2022-38750 | MEDIUM4.67 | org.yaml:snakeyaml 1.15 fixed in 1.31 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2022-38750 | MEDIUM4.67 | org.yaml:snakeyaml 1.27 fixed in 1.31 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2022-38750 | MEDIUM4.67 | org.yaml:snakeyaml 1.9 fixed in 1.31 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42308 | MEDIUM4.67 | Pillow 9.2.0 fixed in 12.2.0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42310 | MEDIUM4.67 | Pillow 9.2.0 fixed in 12.2.0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-25645 | MEDIUM4.67 | requests 2.31.0 fixed in 2.33.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-25645 | MEDIUM4.67 | requests 2.32.3 fixed in 2.33.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-21883 | MEDIUM4.59 | bokeh 2.4.3 fixed in 3.8.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-8916 | MEDIUM4.5 | org.bouncycastle:bcpkix-jdk15on 1.70 fixed in 1.79 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-33201 | MEDIUM4.5 | org.bouncycastle:bcprov-jdk15on 1.70 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-34447 | MEDIUM4.5 | org.bouncycastle:bcprov-jdk15on 1.70 fixed in 1.78 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-6763 | MEDIUM4.5 | org.eclipse.jetty:jetty-http 8.2.0.v20160908 fixed in 12.0.12 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2024-6763 | MEDIUM4.5 | org.eclipse.jetty:jetty-http 9.4.52.v20230823 fixed in 12.0.12 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2024-6763 | MEDIUM4.5 | org.eclipse.jetty:jetty-http 9.4.54.v20240208 fixed in 12.0.12 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-34073 | MEDIUM4.5 | cryptography 42.0.2 fixed in 46.0.6 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45409 | MEDIUM4.5 | idna 3.10 fixed in 3.15 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45409 | MEDIUM4.5 | idna 3.4 fixed in 3.15 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-4565 | MEDIUM4.5 | protobuf 4.21.12 fixed in 4.25.8, 5.29.5, 6.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-47081 | MEDIUM4.5 | requests 2.31.0 fixed in 2.32.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-47081 | MEDIUM4.5 | requests 2.32.3 fixed in 2.32.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-35536 | MEDIUM4.5 | tornado 6.4.2 fixed in 6.5.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44431 | MEDIUM4.5 | urllib3 2.1.0 fixed in 2.7.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44431 | MEDIUM4.5 | urllib3 2.3.0 fixed in 2.7.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-4373 | MEDIUM4.08 | libglib2.0-0 2.64.6-1~ubuntu20.04.8 fixed in 2.64.6-1~ubuntu20.04.9 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-4373 | MEDIUM4.08 | libglib2.0-data 2.64.6-1~ubuntu20.04.8 fixed in 2.64.6-1~ubuntu20.04.9 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-30691 | MEDIUM4.08 | openjdk-11-jre-headless 11.0.26+4-1ubuntu1~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.17.1 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.20.0 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | libssl1.1 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-9143 | LOW3.7 | libssl1.1 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.14.0 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-49128 | LOW3.4 | com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.13.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-49128 | LOW3.4 | com.fasterxml.jackson.core:jackson-core 2.9.8 fixed in 2.13.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.1.96.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-kqueue 4.1.96.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-6345 | LOW3.17 | setuptools 68.2.2 fixed in 70.0.0 | 1.8% Low-Moderate Risk | Post-Exploit |
| CVE-2025-47273 | LOW3.17 | setuptools 68.2.2 fixed in 78.1.1 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-47273 | LOW3.17 | setuptools 75.8.0 fixed in 78.1.1 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2021-34428 | LOW2.98 | org.eclipse.jetty:jetty-server 8.2.0.v20160908 fixed in 9.4.41, 10.0.3, 11.0.3 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-6357 | LOW2.96 | pip 23.3.1 fixed in 26.1 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-6357 | LOW2.96 | pip 25.0 fixed in 26.1 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-30698 | LOW2.86 | openjdk-11-jdk-headless 11.0.26+4-1ubuntu1~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-24049 | LOW2.8 | wheel 0.41.2 fixed in 0.46.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-24049 | LOW2.8 | wheel 0.43.0 fixed in 0.46.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-24049 | LOW2.8 | wheel 0.45.1 fixed in 0.46.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 18.0 fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 19.0 fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 20.0 fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 24.1.1-jre fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 25.0-jre fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2020-8908 | LOW2.8 | com.google.guava:guava 31.1-android fixed in 32.0.0-android | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-4539 | LOW2.8 | Pygments 2.19.1 fixed in 2.20.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-8869 | LOW2.7 | pip 23.3.1 fixed in 25.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-8869 | LOW2.7 | pip 25.0 fixed in 25.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2020-7020 | LOW2.63 | org.elasticsearch:elasticsearch 2.4.3 fixed in 6.8.13, 7.9.2 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-3219 | LOW2.55 | pip 23.3.1 fixed in 26.1 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-3219 | LOW2.55 | pip 25.0 fixed in 26.1 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-30691 | LOW2.45 | openjdk-11-jdk-headless 11.0.26+4-1ubuntu1~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2024-13176 | LOW2.4 | openssl 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2022-2047 | LOW2.29 | org.eclipse.jetty:jetty-http 8.2.0.v20160908 fixed in 9.4.47, 10.0.10, 11.0.10 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-21587 | LOW2.26 | openjdk-11-jdk-headless 11.0.26+4-1ubuntu1~20.04 fixed in 11.0.27+6~us1-0ubuntu1~20.04 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2024-9143 | LOW2.22 | openssl 1.1.1f-1ubuntu2.23 fixed in 1.1.1f-1ubuntu2.24 | 6.0% Low-Moderate Risk | Post-Exploit |
| CVE-2026-23901 | LOW2.12 | org.apache.shiro:shiro-core 1.13.0 fixed in 2.1.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-1703 | LOW1.99 | pip 23.3.1 fixed in 26.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-1703 | LOW1.99 | pip 25.0 fixed in 26.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-23949 | NONE0 | jaraco.context 5.3.0 fixed in 6.1.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2024-34062 | NONE0 | tqdm 4.65.0 fixed in 4.66.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-4802 | NONE0 | locales 2.31-0ubuntu9.17 fixed in 2.31-0ubuntu9.18 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-24528 | NONE0 | krb5-locales 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-3576 | NONE0 | krb5-locales 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-26458 | NONE0 | krb5-locales 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-26461 | NONE0 | krb5-locales 1.17-6ubuntu4.8 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Not Applicable |
| CVE-2025-30258 | NONE0 | gpgv 2.2.19-3ubuntu2.2 fixed in 2.2.19-3ubuntu2.4 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-48924 | NONE0 | commons-lang:commons-lang 2.6 No fix yet | 2.2% Low-Moderate Risk | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.12.7 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.9.8 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2026-25526 | NONE0 | com.hubspot.jinjava:jinjava 2.4.0 fixed in 2.8.3, 2.7.6 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2026-25526 | NONE0 | com.hubspot.jinjava:jinjava 2.5.4 fixed in 2.8.3, 2.7.6 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.51.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.75.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.87.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Not Applicable |
| GHSA-xpw8-rcwv-8f8p | NONE0 | io.netty:netty-codec-http2 4.1.87.Final fixed in 4.1.100.Final | — | Not Applicable |
| CVE-2026-45205 | NONE0 | org.apache.commons:commons-configuration2 2.10.1 fixed in 2.15.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-30474 | NONE0 | org.apache.commons:commons-vfs2 2.6.0 fixed in 2.10.0 | 0.7% Theoretical Threat | Not Applicable |
| CVE-2026-49268 | NONE0 | org.apache.shiro:shiro-core 1.13.0 fixed in 2.2.1, 3.0.0-alpha-2 | — | Not Applicable |
| GHSA-2r2c-cx56-8933 | NONE0 | org.jline:jline-remote-telnet 3.16.0 fixed in 4.2.1 | — | Not Applicable |
| GHSA-47qp-hqvx-6r3f | NONE0 | org.jline:jline-remote-telnet 3.16.0 fixed in 4.2.1 | — | Not Applicable |
| GHSA-gj48-438w-jh9v | NONE0 | bleach 6.2.0 fixed in 6.4.0 | — | Not Applicable |
| GHSA-8rfp-98v4-mmr6 | NONE0 | bleach 6.2.0 fixed in 6.4.0 | — | Not Applicable |
| GHSA-537c-gmf6-5ccf | NONE0 | cryptography 42.0.2 fixed in 48.0.1 | — | Not Applicable |
| GHSA-h4gh-qq45-vh27 | NONE0 | cryptography 42.0.2 fixed in 43.0.1 | — | Not Applicable |
| CVE-2026-33310 | NONE0 | intake 2.0.8 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-30167 | NONE0 | jupyter_core 5.7.2 fixed in 5.8.1 | 0.1% Theoretical Threat | Not Applicable |
| GHSA-6v7p-g79w-8964 | NONE0 | msgpack 1.1.0 fixed in 1.2.1 | — | Not Applicable |
| CVE-2026-49853 | NONE0 | tornado 6.4.2 fixed in 6.5.6 | — | Not Applicable |
| CVE-2026-49855 | NONE0 | tornado 6.4.2 fixed in 6.5.6 | — | Not Applicable |
| GHSA-78cv-mqj4-43f7 | NONE0 | tornado 6.4.2 fixed in 6.5.5 | — | Not Applicable |
| GHSA-pw6j-qg29-8w7f | NONE0 | tornado 6.4.2 fixed in 6.5.7 | — | Not Applicable |
| CVE-2026-49854 | NONE0 | tornado 6.4.2 fixed in 6.5.6 | — | Not Applicable |