This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The most critical vulnerability, CVE-2026-39828 (severity 7.48), could allow unauthorized command execution via SSH if the application acts as an SSH server with partial authentication callbacks, but KICS is a static analysis tool and likely does not expose SSH functionality, reducing the immediate risk. Multiple OpenSSL denial-of-service vulnerabilities (e.g., CVE-2025-69421) require processing attacker-controlled PKCS#12 files or non-default TLS configurations, which are uncommon in KICS's typical use. While the high volume of vulnerabilities (155 total, 37 with severity ≥6) warrants caution, the image's reputation and the context-specific exploitability of top findings suggest that with careful network isolation and input validation, the risk can be managed.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-39828 | HIGH7.48 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.25.4 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-69421 | MEDIUM6.38 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28386 | MEDIUM6.38 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-69421 | MEDIUM6.38 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28386 | MEDIUM6.38 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34986 | MEDIUM6.38 | github.com/go-jose/go-jose/v4 v4.1.2 fixed in 4.1.4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4660 | MEDIUM6.38 | github.com/hashicorp/go-getter v1.8.1 fixed in 1.8.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33748 | MEDIUM6.38 | github.com/moby/buildkit v0.26.0 fixed in 0.28.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-29181 | MEDIUM6.38 | go.opentelemetry.io/otel v1.38.0 fixed in 1.41.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.46.0 fixed in 0.53.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61729 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.8, 1.26.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61728 | MEDIUM6.38 | stdlib v1.25.4 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39883 | MEDIUM5.95 | go.opentelemetry.io/otel/sdk v1.38.0 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39821 | MEDIUM5.58 | golang.org/x/net v0.46.0 fixed in 0.55.0 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM5.52 | glibc 2.42-r4 fixed in 2.43-r4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | glibc-locale-posix 2.42-r4 fixed in 2.43-r4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | ld-linux 2.42-r4 fixed in 2.43-r4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4437 | MEDIUM5.52 | libcrypt1 2.42-r4 fixed in 2.43-r4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libssl3 3.6.0-r3 fixed in 3.6.1-r3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-35469 | MEDIUM5.52 | github.com/moby/spdystream v0.5.0 fixed in 0.5.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61727 | MEDIUM5.52 | stdlib v1.25.4 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.25.4 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-11187 | MEDIUM5.18 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-11187 | MEDIUM5.18 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.25.4 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-61726 | MEDIUM5.1 | stdlib v1.25.4 fixed in 1.24.12, 1.25.6 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-15281 | MEDIUM5.02 | glibc 2.42-r4 fixed in 2.42-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-15281 | MEDIUM5.02 | glibc-locale-posix 2.42-r4 fixed in 2.42-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-15281 | MEDIUM5.02 | ld-linux 2.42-r4 fixed in 2.42-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-15281 | MEDIUM5.02 | libcrypt1 2.42-r4 fixed in 2.42-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-15468 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-66199 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-15468 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-66199 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-15469 | MEDIUM4.67 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-15469 | MEDIUM4.67 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.3.1-r51 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.25.4 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.25.4 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0915 | MEDIUM4.5 | glibc 2.42-r4 fixed in 2.42-r6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | glibc 2.42-r4 fixed in 2.43-r6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0915 | MEDIUM4.5 | glibc-locale-posix 2.42-r4 fixed in 2.42-r6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | glibc-locale-posix 2.42-r4 fixed in 2.43-r6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0915 | MEDIUM4.5 | ld-linux 2.42-r4 fixed in 2.42-r6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | ld-linux 2.42-r4 fixed in 2.43-r6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0915 | MEDIUM4.5 | libcrypt1 2.42-r4 fixed in 2.42-r6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-4046 | MEDIUM4.5 | libcrypt1 2.42-r4 fixed in 2.43-r6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47914 | MEDIUM4.5 | golang.org/x/crypto v0.43.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58181 | MEDIUM4.5 | golang.org/x/crypto v0.43.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.25.4 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.25.4 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc 2.42-r4 fixed in 2.43-r7 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc 2.42-r4 fixed in 2.43-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc-locale-posix 2.42-r4 fixed in 2.43-r7 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc-locale-posix 2.42-r4 fixed in 2.43-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | ld-linux 2.42-r4 fixed in 2.43-r7 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | ld-linux 2.42-r4 fixed in 2.43-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | libcrypt1 2.42-r4 fixed in 2.43-r7 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | libcrypt1 2.42-r4 fixed in 2.43-r7 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-15467 | MEDIUM4.06 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 48.7% High Exploitation Risk | Post-Exploit |
| CVE-2025-15467 | MEDIUM4.06 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 48.7% High Exploitation Risk | Post-Exploit |
| CVE-2025-68160 | MEDIUM4 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68160 | MEDIUM4 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-39810 | LOW3.98 | busybox 1.37.0-r50 fixed in 1.37.0-r58 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-35206 | LOW3.74 | helm.sh/helm/v3 v3.19.0 fixed in 3.20.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-26157 | LOW3.57 | busybox 1.37.0-r50 fixed in 1.37.0-r58 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-26158 | LOW3.57 | busybox 1.37.0-r50 fixed in 1.37.0-r58 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-68119 | LOW3.42 | git-lfs 3.7.1-r0 fixed in 3.7.1-r3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-4438 | LOW3.4 | glibc 2.42-r4 fixed in 2.43-r4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | glibc-locale-posix 2.42-r4 fixed in 2.43-r4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | ld-linux 2.42-r4 fixed in 2.43-r4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libcrypt1 2.42-r4 fixed in 2.43-r4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libcrypto3 3.6.0-r3 fixed in 3.6.1-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libssl3 3.6.0-r3 fixed in 3.6.1-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68121 | LOW3.06 | git-lfs 3.7.1-r0 fixed in 3.7.1-r4 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-33747 | LOW3 | github.com/moby/buildkit v0.26.0 fixed in 0.28.1 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-33186 | LOW2.78 | google.golang.org/grpc v1.76.0 fixed in 1.79.3 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-60876 | LOW2.75 | busybox 1.37.0-r50 fixed in 1.37.0-r52 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-47914 | LOW2.7 | git-lfs 3.7.1-r0 fixed in 3.7.1-r1 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-58181 | LOW2.7 | git-lfs 3.7.1-r0 fixed in 3.7.1-r1 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-61730 | LOW2.7 | git-lfs 3.7.1-r0 fixed in 3.7.1-r3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-27140 | LOW2.69 | git-lfs 3.7.1-r0 fixed in 3.7.1-r14 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-61731 | LOW2.63 | git-lfs 3.7.1-r0 fixed in 3.7.1-r3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-0861 | LOW2.48 | glibc 2.42-r4 fixed in 2.42-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-0861 | LOW2.48 | glibc-locale-posix 2.42-r4 fixed in 2.42-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-0861 | LOW2.48 | ld-linux 2.42-r4 fixed in 2.42-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-0861 | LOW2.48 | libcrypt1 2.42-r4 fixed in 2.42-r6 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libcrypto3 3.6.0-r3 fixed in 3.6.2-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libssl3 3.6.0-r3 fixed in 3.6.2-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-61726 | LOW2.29 | git-lfs 3.7.1-r0 fixed in 3.7.1-r3 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-32280 | LOW2.29 | git-lfs 3.7.1-r0 fixed in 3.7.1-r14 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-32281 | LOW2.29 | git-lfs 3.7.1-r0 fixed in 3.7.1-r14 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-32283 | LOW2.29 | git-lfs 3.7.1-r0 fixed in 3.7.1-r14 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-33814 | LOW2.29 | git-lfs 3.7.1-r0 fixed in 3.7.1-r12 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-61732 | LOW2.26 | git-lfs 3.7.1-r0 fixed in 3.7.1-r4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-27139 | LOW2.12 | stdlib v1.25.4 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32631 | NONE0 | git 2.51.2-r0 fixed in 2.54.0-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-35188 | NONE0 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42765 | NONE0 | libcrypto3 3.6.0-r3 fixed in 3.6.3-r0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-35188 | NONE0 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42765 | NONE0 | libssl3 3.6.0-r3 fixed in 3.6.3-r0 | 0.4% Theoretical Threat | Not Applicable |
| GHSA-xmrv-pmrh-hhx2 | NONE0 | github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 fixed in 1.7.8 | — | Not Applicable |
| GHSA-xmrv-pmrh-hhx2 | NONE0 | github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 fixed in 1.97.3 | — | Not Applicable |
| CVE-2026-46680 | NONE0 | github.com/containerd/containerd v1.7.29 fixed in 1.7.32 | — | Not Applicable |
| CVE-2026-53488 | NONE0 | github.com/containerd/containerd v1.7.29 fixed in 1.7.33 | — | Not Applicable |
| CVE-2026-47262 | NONE0 | github.com/containerd/containerd v1.7.29 fixed in 1.7.33 | — | Not Applicable |
| CVE-2026-24051 | NONE0 | go.opentelemetry.io/otel/sdk v1.38.0 fixed in 1.40.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39827 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39835 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-46597 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39831 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39832 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39833 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39834 | NONE0 | golang.org/x/crypto v0.43.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-25680 | NONE0 | golang.org/x/net v0.46.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-25681 | NONE0 | golang.org/x/net v0.46.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-27136 | NONE0 | golang.org/x/net v0.46.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42502 | NONE0 | golang.org/x/net v0.46.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42506 | NONE0 | golang.org/x/net v0.46.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.37.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.25.4 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.25.4 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.25.4 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |