Vulnerability Reportaquasec/trivy:0.69.0

aquasec/trivy:0.69.0

DIGESTsha256:33f816d414b9d582d25bb737ffa4a632ae34e222f7ec1b50252cef0ce2266006

Executive Summary

Threat ScoreCAUTION• 115 total vulnerabilities detected (33 with severity >=6), including several OpenSSL and musl vulnerabilities.• Highest severity is 6.63 (CVE-2026-40200), a musl qsort memory corruption that requires local access and large arrays.• Multiple OpenSSL NULL pointer dereference vulnerabilities (CVE-2025-69421, CVE-2026-28388) allow remote DoS in specific PKCS#12/CRL processing, which is not typical for Trivy.• Image is popular and pinned by digest (112M+ pulls), but lacks official/verified publisher status, increasing supply chain risk for unverified content.• Only 29 post-exploit findings (max severity 4.06) with low practical impact, as libraries are not actively used by Trivy for CMS parsing.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (112M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker exploiting CVE-2026-40200 could potentially execute arbitrary code locally under specific conditions (large qsort arrays), but this requires local access. The OpenSSL DoS vulnerabilities (CVE-2025-69421) are remote but require processing malformed PKCS#12 files or enabling delta CRL, which are not default operations for Trivy. Disabling delta CRL processing and CMS parsing would fully mitigate the OpenSSL vulnerabilities. Note that CVE-2026-40200 requires arrays exceeding millions of elements, making exploitation impractical in most environments.

Vulnerabilities

Vulnerability Log

144 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-40200	MEDIUM6.63	musl 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	nghttp2-libs 1.68.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly Exposed
CVE-2026-45022	MEDIUM6.38	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.19.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.1.3 fixed in 4.1.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4660	MEDIUM6.38	github.com/hashicorp/go-getter v1.8.3 fixed in 1.8.6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33748	MEDIUM6.38	github.com/moby/buildkit v0.26.2 fixed in 0.28.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-29181	MEDIUM6.38	go.opentelemetry.io/otel v1.38.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61728	MEDIUM6.38	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-41506	MEDIUM6.29	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.18.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42306	MEDIUM6.12	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.38.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-35469	MEDIUM5.52	github.com/moby/spdystream v0.5.0 fixed in 0.5.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-39984	MEDIUM4.67	github.com/sigstore/timestamp-authority/v2 v2.0.3 fixed in 2.0.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34165	MEDIUM4.25	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.17.1	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r21 fixed in 1.2.5-r23	0.1% Theoretical Threat	Post-Exploit
CVE-2026-35206	LOW3.74	helm.sh/helm/v3 v3.19.2 fixed in 3.20.2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-25934	LOW3.65	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.16.5	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68121	LOW3.06	stdlib v1.25.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1229	LOW3	github.com/cloudflare/circl v1.6.1 fixed in 1.6.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33747	LOW3	github.com/moby/buildkit v0.26.2 fixed in 0.28.1	0.5% Theoretical Threat	Post-Exploit
CVE-2026-45570	LOW2.94	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.19.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34040	LOW2.81	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	8.1% Low-Moderate Risk	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r21 fixed in 1.2.5-r22	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33186	LOW2.78	google.golang.org/grpc v1.78.0 fixed in 1.79.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-33997	LOW2.48	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15558	LOW2.45	github.com/docker/cli v29.1.1+incompatible fixed in 29.2.0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-25210	LOW2.39	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-33762	LOW2.38	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.17.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-24515	LOW2.12	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27139	LOW2.12	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1965	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW1.93	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.7% Theoretical Threat	Post-Exploit
GHSA-xmrv-pmrh-hhx2	NONE0	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 fixed in 1.7.8	—	Not Applicable
GHSA-xmrv-pmrh-hhx2	NONE0	github.com/aws/aws-sdk-go-v2/service/s3 v1.92.0 fixed in 1.97.3	—	Not Applicable
CVE-2026-46680	NONE0	github.com/containerd/containerd v1.7.29 fixed in 1.7.32	—	Not Applicable
CVE-2026-46680	NONE0	github.com/containerd/containerd/v2 v2.2.0 fixed in 2.0.9, 2.2.4, 2.3.1	—	Not Applicable
CVE-2026-41567	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-41568	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-44973	NONE0	github.com/go-git/go-billy/v5 v5.6.2 fixed in 5.9.0	0.3% Theoretical Threat	Not Applicable
CVE-2026-44740	NONE0	github.com/go-git/go-billy/v5 v5.6.2 fixed in 5.9.0	0.3% Theoretical Threat	Not Applicable
CVE-2026-45571	NONE0	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.19.1	0.3% Theoretical Threat	Not Applicable
GHSA-w5pp-99ch-qj29	NONE0	github.com/go-git/go-git/v5 v5.16.4 fixed in 5.19.1	—	Not Applicable
GHSA-pmwq-pjrm-6p5r	NONE0	github.com/in-toto/in-toto-golang v0.9.0 fixed in 0.11.0	—	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.38.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable