Vulnerability Reportcheckmarx/kics:v2.1.14

checkmarx/kics:v2.1.14

DIGESTsha256:2fe5248ddf05efa9131634cd660ebe72803aea5ae485fdd44ab18ccab2a04b45

Executive Summary

Threat ScoreCAUTION• Contains 38 exposed vulnerabilities with severity ≥6.0 (max 6.8), far exceeding the threshold for CAUTION.• Notable CVEs include CVE-2025-68121 (TLS session resumption bypass, severity 6.8) requiring non-default config mutation; and multiple OpenSSL DoS vulnerabilities (e.g., CVE-2025-69421, CVE-2026-28386) requiring specific conditions.• Image is from a popular community publisher (9M+ pulls) and pinned by digest, increasing trust, but vulnerability density remains high.• No high-severity (≥7.0) exposed vulnerabilities found, but the volume of medium-severity issues increases the attack surface.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (9M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The image has 38 exposed medium-severity vulnerabilities, the most impactful being CVE-2025-68121, which could allow TLS certificate validation bypass if the application uses a non-default TLS configuration. Multiple OpenSSL CVEs (e.g., CVE-2025-69421) can lead to denial of service via malformed cryptographic files, a relevant concern for a static analysis tool processing untrusted inputs. Importantly, these vulnerabilities often require specific, non-default conditions (e.g., TLS Config mutation, AVX-512 hardware, delta CRL processing) to be exploitable, and the container's role as a static analysis tool limits exposure. Nonetheless, the high volume of vulnerabilities necessitates targeted remediation and strict input validation.

Vulnerabilities

Vulnerability Log

207 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.25.1 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28386	MEDIUM6.38	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28386	MEDIUM6.38	libssl3 3.5.2-r1 fixed in 3.6.2-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.2-r1 fixed in 3.6.2-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.2-r1 fixed in 3.6.2-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.2-r1 fixed in 3.6.2-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.0.5 fixed in 4.1.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4660	MEDIUM6.38	github.com/hashicorp/go-getter v1.7.9 fixed in 1.8.6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33748	MEDIUM6.38	github.com/moby/buildkit v0.22.0 fixed in 0.28.1	0.5% Theoretical Threat	Directly Exposed
CVE-2025-47913	MEDIUM6.38	golang.org/x/crypto v0.41.0 fixed in 0.43.0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39829	MEDIUM6.38	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39830	MEDIUM6.38	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	golang.org/x/net v0.42.0 fixed in 0.53.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.25.1 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM6.38	stdlib v1.25.1 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58183	MEDIUM6.38	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61728	MEDIUM6.38	stdlib v1.25.1 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42508	MEDIUM6.29	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-46595	MEDIUM6.03	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.35.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9231	MEDIUM5.9	libcrypto3 3.5.2-r1 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9231	MEDIUM5.9	libssl3 3.5.2-r1 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libcrypto3 3.5.2-r1 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libssl3 3.5.2-r1 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-39821	MEDIUM5.58	golang.org/x/net v0.42.0 fixed in 0.55.0	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-4437	MEDIUM5.52	glibc 2.42-r0 fixed in 2.43-r4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-locale-posix 2.42-r0 fixed in 2.43-r4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	ld-linux 2.42-r0 fixed in 2.43-r4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	libcrypt1 2.42-r0 fixed in 2.43-r4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.2-r1 fixed in 3.6.1-r3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.2-r1 fixed in 3.6.1-r3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-35469	MEDIUM5.52	github.com/moby/spdystream v0.5.0 fixed in 0.5.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.25.1 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc 2.42-r0 fixed in 2.42-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc-locale-posix 2.42-r0 fixed in 2.42-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	ld-linux 2.42-r0 fixed in 2.42-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	libcrypt1 2.42-r0 fixed in 2.42-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.2-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r51 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-64329	MEDIUM4.67	github.com/containerd/containerd v1.7.28 fixed in 1.7.29	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.25.1 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc 2.42-r0 fixed in 2.42-r6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc 2.42-r0 fixed in 2.43-r6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc-locale-posix 2.42-r0 fixed in 2.42-r6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-locale-posix 2.42-r0 fixed in 2.43-r6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	ld-linux 2.42-r0 fixed in 2.42-r6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	ld-linux 2.42-r0 fixed in 2.43-r6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	libcrypt1 2.42-r0 fixed in 2.42-r6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	libcrypt1 2.42-r0 fixed in 2.43-r6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.41.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.41.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-46598	MEDIUM4.5	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-47911	MEDIUM4.5	golang.org/x/net v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58190	MEDIUM4.5	golang.org/x/net v0.42.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.25.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.42-r0 fixed in 2.43-r7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.42-r0 fixed in 2.43-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-locale-posix 2.42-r0 fixed in 2.43-r7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-locale-posix 2.42-r0 fixed in 2.43-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	ld-linux 2.42-r0 fixed in 2.43-r7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	ld-linux 2.42-r0 fixed in 2.43-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libcrypt1 2.42-r0 fixed in 2.43-r7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libcrypt1 2.42-r0 fixed in 2.43-r7	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.2-r1 fixed in 3.6.1-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2023-39810	LOW3.98	busybox 1.37.0-r50 fixed in 1.37.0-r58	0.7% Theoretical Threat	Post-Exploit
CVE-2026-26157	LOW3.57	busybox 1.37.0-r50 fixed in 1.37.0-r58	0.7% Theoretical Threat	Post-Exploit
CVE-2026-26158	LOW3.57	busybox 1.37.0-r50 fixed in 1.37.0-r58	0.2% Theoretical Threat	Post-Exploit
CVE-2025-68119	LOW3.42	git-lfs 3.7.0-r2 fixed in 3.7.1-r3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4438	LOW3.4	glibc 2.42-r0 fixed in 2.43-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-locale-posix 2.42-r0 fixed in 2.43-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	ld-linux 2.42-r0 fixed in 2.43-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	libcrypt1 2.42-r0 fixed in 2.43-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libcrypto3 3.5.2-r1 fixed in 3.6.1-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.2-r1 fixed in 3.6.1-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	libcrypto3 3.5.2-r1 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-9232	LOW3.1	libssl3 3.5.2-r1 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-68121	LOW3.06	git-lfs 3.7.0-r2 fixed in 3.7.1-r4	0.8% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.2-r1 fixed in 3.6.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-33747	LOW3	github.com/moby/buildkit v0.22.0 fixed in 0.28.1	0.5% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.2-r1 fixed in 3.6.3-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33186	LOW2.78	google.golang.org/grpc v1.72.1 fixed in 1.79.3	0.5% Theoretical Threat	Post-Exploit
CVE-2025-60876	LOW2.75	busybox 1.37.0-r50 fixed in 1.37.0-r52	0.3% Theoretical Threat	Post-Exploit
CVE-2025-47914	LOW2.7	git-lfs 3.7.0-r2 fixed in 3.7.1-r1	0.5% Theoretical Threat	Post-Exploit
CVE-2025-58181	LOW2.7	git-lfs 3.7.0-r2 fixed in 3.7.1-r1	0.5% Theoretical Threat	Post-Exploit
CVE-2025-61730	LOW2.7	git-lfs 3.7.0-r2 fixed in 3.7.1-r3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27140	LOW2.69	git-lfs 3.7.0-r2 fixed in 3.7.1-r14	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39828	LOW2.69	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-61731	LOW2.63	git-lfs 3.7.0-r2 fixed in 3.7.1-r3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-0861	LOW2.48	glibc 2.42-r0 fixed in 2.42-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2026-0861	LOW2.48	glibc-locale-posix 2.42-r0 fixed in 2.42-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2026-0861	LOW2.48	ld-linux 2.42-r0 fixed in 2.42-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2026-0861	LOW2.48	libcrypt1 2.42-r0 fixed in 2.42-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.2-r1 fixed in 3.6.2-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.2-r1 fixed in 3.6.2-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2024-25621	LOW2.39	github.com/containerd/containerd v1.7.28 fixed in 1.7.29	0.1% Theoretical Threat	Post-Exploit
CVE-2025-61726	LOW2.29	git-lfs 3.7.0-r2 fixed in 3.7.1-r3	0.8% Theoretical Threat	Post-Exploit
CVE-2026-32280	LOW2.29	git-lfs 3.7.0-r2 fixed in 3.7.1-r14	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32281	LOW2.29	git-lfs 3.7.0-r2 fixed in 3.7.1-r14	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32283	LOW2.29	git-lfs 3.7.0-r2 fixed in 3.7.1-r14	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	git-lfs 3.7.0-r2 fixed in 3.7.1-r12	0.6% Theoretical Threat	Post-Exploit
CVE-2025-61732	LOW2.26	git-lfs 3.7.0-r2 fixed in 3.7.1-r4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-35206	LOW2.24	helm.sh/helm/v3 v3.19.0 fixed in 3.20.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.25.1 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32631	NONE0	git 2.51.0-r1 fixed in 2.54.0-r0	0.3% Theoretical Threat	Not Applicable
CVE-2026-35188	NONE0	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42765	NONE0	libcrypto3 3.5.2-r1 fixed in 3.6.3-r0	0.4% Theoretical Threat	Not Applicable
CVE-2026-35188	NONE0	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42765	NONE0	libssl3 3.5.2-r1 fixed in 3.6.3-r0	0.4% Theoretical Threat	Not Applicable
CVE-2026-46680	NONE0	github.com/containerd/containerd v1.7.28 fixed in 1.7.32	—	Not Applicable
CVE-2026-53488	NONE0	github.com/containerd/containerd v1.7.28 fixed in 1.7.33	—	Not Applicable
CVE-2026-47262	NONE0	github.com/containerd/containerd v1.7.28 fixed in 1.7.33	—	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.35.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39827	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.41.0 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.42.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.42.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.42.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.42.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.42.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.35.0 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable