This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit critical XXE (CVE-2025-66516) to read sensitive files or make malicious requests to internal resources, or use HTTP request smuggling (CVE-2026-42581) to bypass security controls and hijack requests. Note that CVE-2024-37371 (Kerberos) is only relevant if Kerberos authentication is enabled. Despite being an official Docker image, the sheer volume and severity of exposed vulnerabilities make it unacceptable for production use.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-66516 | CRITICAL10 | org.apache.tika:tika-core 2.7.0 fixed in 3.2.2 | 79.8% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2025-66516 | CRITICAL10 | org.apache.tika:tika-parser-pdf-module 2.7.0 fixed in 3.2.2 | 79.8% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2025-54988 | CRITICAL9.4 | org.apache.tika:tika-parser-pdf-module 2.7.0 fixed in 3.2.2 | 3.0% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2024-7254 | HIGH7.5 | com.google.protobuf:protobuf-java 3.21.9 fixed in 3.25.5, 4.27.5, 4.28.2 | 2.8% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2025-24970 | HIGH7.5 | io.netty:netty-handler 4.1.94.Final fixed in 4.1.118.Final | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-1370 | HIGH7.5 | net.minidev:json-smart 2.4.8 fixed in 2.4.9 | 1.1% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2024-37371 | HIGH7.28 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-37371 | HIGH7.28 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-37371 | HIGH7.28 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-37371 | HIGH7.28 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44249 | MEDIUM6.88 | io.netty:netty-handler 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-29857 | MEDIUM6.5 | org.bouncycastle:bc-fips 1.0.2.4 fixed in 1.0.2.5 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29857 | MEDIUM6.5 | org.bouncycastle:bcprov-jdk18on 1.76 fixed in 1.78 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.13.4 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2023-52428 | MEDIUM6.38 | com.nimbusds:nimbus-jose-jwt 9.23 fixed in 9.37.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-7962 | MEDIUM6.38 | com.sun.mail:jakarta.mail 1.6.3 fixed in 1.6.8, 2.0.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-7962 | MEDIUM6.38 | com.sun.mail:jakarta.mail 1.6.4 fixed in 1.6.8, 2.0.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-58057 | MEDIUM6.38 | io.netty:netty-codec 4.1.94.Final fixed in 4.1.125.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-58056 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.1.125.Final, 4.2.5.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-55163 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.2.4.Final, 4.1.124.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.1.132.Final, 4.2.11.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.1.94.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45292 | MEDIUM6.38 | io.opentelemetry:opentelemetry-api 1.31.0 fixed in 1.62.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34479 | MEDIUM6.38 | org.apache.logging.log4j:log4j-1.2-api 2.19.0 fixed in 2.25.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.12.4 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-34480 | MEDIUM6.38 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk18on 1.76 fixed in 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-30172 | MEDIUM6.38 | org.bouncycastle:bcprov-jdk18on 1.76 fixed in 1.78 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-43709 | MEDIUM6.38 | org.elasticsearch:elasticsearch 8.13.0 fixed in 7.17.21, 8.13.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-52979 | MEDIUM6.38 | org.elasticsearch:elasticsearch 8.13.0 fixed in 7.17.25, 8.16.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-52981 | MEDIUM6.38 | org.elasticsearch:elasticsearch 8.13.0 fixed in 7.17.24, 8.15.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66566 | MEDIUM6.38 | org.lz4:lz4-java 1.8.0 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-37731 | MEDIUM6.29 | org.elasticsearch:elasticsearch 8.13.0 fixed in 8.19.8, 9.1.8, 9.2.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-4802 | MEDIUM5.95 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.18 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-4802 | MEDIUM5.95 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.18 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-5535 | MEDIUM5.9 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-4741 | MEDIUM5.6 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-67735 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.8.Final, 4.1.129.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.76 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-68384 | MEDIUM5.52 | org.elasticsearch.plugin:x-pack-security 8.13.0 fixed in 8.19.9, 9.1.9, 9.2.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-12183 | MEDIUM5.52 | org.lz4:lz4-java 1.8.0 fixed in 1.8.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-33600 | MEDIUM5.3 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33600 | MEDIUM5.3 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12243 | MEDIUM5.3 | libgnutls30 3.6.13-2ubuntu1.11 fixed in 3.6.13-2ubuntu1.12 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12133 | MEDIUM5.3 | libtasn1-6 4.16.0-2 fixed in 4.16.0-2ubuntu0.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29025 | MEDIUM5.3 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.1.108.Final | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-21742 | MEDIUM5.3 | org.apache.james:apache-mime4j-core 0.8.9 fixed in 0.8.10 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-22227 | MEDIUM5.18 | io.projectreactor.netty:reactor-netty-http 1.0.39 fixed in 1.3.0-M5, 1.2.8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.12.4 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34477 | MEDIUM5.02 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-30171 | MEDIUM5.02 | org.bouncycastle:bcprov-jdk18on 1.76 fixed in 1.78 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-53864 | MEDIUM4.93 | com.nimbusds:nimbus-jose-jwt 9.23 fixed in 10.0.2, 9.37.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-37727 | MEDIUM4.84 | org.elasticsearch:elasticsearch 8.13.0 fixed in 8.18.8, 8.19.5, 9.0.8, 9.1.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-2511 | MEDIUM4.81 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 54.0% Actively Exploited | Directly Exposed |
| CVE-2025-0395 | MEDIUM4.67 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.17 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-0395 | MEDIUM4.67 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.17 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-29088 | MEDIUM4.67 | libsqlite3-0 3.31.1-4ubuntu0.6 fixed in 3.31.1-4ubuntu0.7 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-47535 | MEDIUM4.67 | io.netty:netty-common 4.1.94.Final fixed in 4.1.115.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-25193 | MEDIUM4.67 | io.netty:netty-common 4.1.94.Final fixed in 4.1.118.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-25710 | MEDIUM4.67 | org.apache.commons:commons-compress 1.24.0 fixed in 1.26.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-26308 | MEDIUM4.67 | org.apache.commons:commons-compress 1.24.0 fixed in 1.26.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-8885 | MEDIUM4.5 | org.bouncycastle:bc-fips 1.0.2.4 fixed in 1.0.2.6, 2.0.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-8916 | MEDIUM4.5 | org.bouncycastle:bcpkix-jdk18on 1.76 fixed in 1.79 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-34447 | MEDIUM4.5 | org.bouncycastle:bcprov-jdk18on 1.76 fixed in 1.78 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-8885 | MEDIUM4.5 | org.bouncycastle:bcprov-jdk18on 1.76 fixed in 1.78 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-31672 | MEDIUM4.4 | org.apache.poi:poi-ooxml 5.2.3 fixed in 5.4.0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-47554 | MEDIUM4.3 | commons-io:commons-io 2.11.0 fixed in 2.14.0 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-68390 | MEDIUM4.17 | org.elasticsearch.plugin:x-pack-core 8.13.0 fixed in 8.19.8, 9.1.8, 9.2.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45674 | MEDIUM4.08 | io.netty:netty-resolver-dns 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Post-ExploitContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM4.08 | io.netty:netty-resolver-dns 4.1.94.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Post-ExploitContext importance: MEDIUM |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.12.4 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-68161 | MEDIUM4.08 | org.apache.logging.log4j:log4j-core 2.19.0 fixed in 2.25.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-33601 | MEDIUM4 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33601 | MEDIUM4 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-2511 | LOW3.85 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 54.0% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2024-3596 | LOW3.73 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-3596 | LOW3.73 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-3596 | LOW3.73 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-3596 | LOW3.73 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2026-42579 | LOW3.71 | io.netty:netty-codec-dns 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Post-ExploitContext importance: MEDIUM |
| CVE-2026-42584 | LOW3.71 | io.netty:netty-codec-http 4.1.94.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.3% Theoretical Threat | Post-ExploitContext importance: MEDIUM |
| CVE-2024-9143 | LOW3.7 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.12.0 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.9 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33602 | LOW3.4 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-33602 | LOW3.4 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-33599 | LOW2.74 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.3% Low-Moderate Risk | Post-Exploit |
| CVE-2024-33599 | LOW2.74 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.3% Low-Moderate Risk | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.23 | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.23 | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2024-13176 | LOW2.4 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2024-9143 | LOW2.22 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 6.0% Low-Moderate Risk | Post-Exploit |
| CVE-2024-11053 | LOW2.12 | curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.25 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-11053 | LOW2.12 | libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.25 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-5535 | LOW2.12 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 5.6% Low-Moderate Risk | Post-Exploit |
| CVE-2024-4741 | LOW2.02 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 2.9% Low-Moderate Risk | Post-Exploit |
| CVE-2024-8096 | LOW1.99 | curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.24 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2024-8096 | LOW1.99 | libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.24 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2025-30258 | NONE0 | gpgv 2.2.19-3ubuntu2.2 fixed in 2.2.19-3ubuntu2.4 | 0.2% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.13.4 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec 4.1.94.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Not Applicable |
| GHSA-xpw8-rcwv-8f8p | NONE0 | io.netty:netty-codec-http2 4.1.94.Final fixed in 4.1.100.Final | — | Not Applicable |
| CVE-2024-52980 | NONE0 | org.elasticsearch:elasticsearch 8.13.0 fixed in 8.15.1 | 0.4% Theoretical Threat | Not Applicable |