This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit TLS certificate validation bypass during session resumption (CVE-2025-68121) or achieve remote command execution via crafted SSH Git URLs (CVE-2026-45570). These vulnerabilities are partially mitigated by requiring non-default configurations (TLS cloning, SSH transport with malicious paths) and can be further contained by network policies and restricting Git sources. Note that the highest severity findings are all under 7.0, and the image has a high community reputation, but the volume of medium-severity issues demands remediation before use in production.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.25.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-15558 | MEDIUM6.8 | github.com/docker/cli v29.1.5+incompatible fixed in 29.2.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-40200 | MEDIUM6.63 | musl 1.2.5-r21 fixed in 1.2.5-r23 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45570 | MEDIUM6.53 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.19.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-28388 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45022 | MEDIUM6.38 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.19.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-29181 | MEDIUM6.38 | go.opentelemetry.io/otel v1.38.0 fixed in 1.41.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.50.0 fixed in 0.53.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.8, 1.26.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27137 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.26.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-29181 | MEDIUM6.38 | go.opentelemetry.io/otel v1.36.0 fixed in 1.41.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.47.0 fixed in 0.53.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61726 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.24.12, 1.25.6 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.8, 1.26.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.9, 1.26.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61728 | MEDIUM6.38 | stdlib v1.25.5 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-41506 | MEDIUM6.29 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.18.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39821 | MEDIUM5.58 | golang.org/x/net v0.50.0 fixed in 0.55.0 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-33810 | MEDIUM5.58 | stdlib v1.26.0 fixed in 1.26.2 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-39821 | MEDIUM5.58 | golang.org/x/net v0.47.0 fixed in 0.55.0 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-2673 | MEDIUM5.52 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-35469 | MEDIUM5.52 | github.com/moby/spdystream v0.5.0 fixed in 0.5.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.26.0 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.25.5 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.26.0 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.25.5 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl 1.2.5-r21 fixed in 1.2.5-r22 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.26.0 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.25.5 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.26.0 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.25.5 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27141 | MEDIUM4.5 | golang.org/x/net v0.50.0 fixed in 0.51.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.26.0 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.25.5 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.25.5 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34165 | MEDIUM4.25 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.17.1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40200 | LOW3.98 | musl-utils 1.2.5-r21 fixed in 1.2.5-r23 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-35206 | LOW3.74 | helm.sh/helm/v4 v4.1.1 fixed in 4.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32952 | LOW3.6 | github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 fixed in 0.1.1 | 1.0% Low-Moderate Risk | Post-ExploitContext importance: MEDIUM |
| CVE-2026-45446 | LOW3.15 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27138 | LOW3.15 | stdlib v1.26.0 fixed in 1.26.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | LOW3 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1229 | LOW3 | github.com/cloudflare/circl v1.6.1 fixed in 1.6.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-6042 | LOW2.8 | musl-utils 1.2.5-r21 fixed in 1.2.5-r22 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-33186 | LOW2.78 | google.golang.org/grpc v1.78.0 fixed in 1.79.3 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-39828 | LOW2.69 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-35204 | LOW2.63 | helm.sh/helm/v4 v4.1.1 fixed in 4.1.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-22184 | LOW2.39 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-35205 | LOW2.39 | helm.sh/helm/v4 v4.1.1 fixed in 4.1.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-33762 | LOW2.38 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.17.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27139 | LOW2.12 | stdlib v1.26.0 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27139 | LOW2.12 | stdlib v1.25.5 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44973 | NONE0 | github.com/go-git/go-billy/v5 v5.7.0 fixed in 5.9.0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-44740 | NONE0 | github.com/go-git/go-billy/v5 v5.7.0 fixed in 5.9.0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-45571 | NONE0 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.19.1 | 0.3% Theoretical Threat | Not Applicable |
| GHSA-w5pp-99ch-qj29 | NONE0 | github.com/go-git/go-git/v5 v5.16.5 fixed in 5.19.1 | — | Not Applicable |
| CVE-2026-39827 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39835 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-46597 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39831 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39832 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39833 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39834 | NONE0 | golang.org/x/crypto v0.48.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-25680 | NONE0 | golang.org/x/net v0.50.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-25681 | NONE0 | golang.org/x/net v0.50.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-27136 | NONE0 | golang.org/x/net v0.50.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42502 | NONE0 | golang.org/x/net v0.50.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42506 | NONE0 | golang.org/x/net v0.50.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.41.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.26.0 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.26.0 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.26.0 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-25680 | NONE0 | golang.org/x/net v0.47.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-25681 | NONE0 | golang.org/x/net v0.47.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-27136 | NONE0 | golang.org/x/net v0.47.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42502 | NONE0 | golang.org/x/net v0.47.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42506 | NONE0 | golang.org/x/net v0.47.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.38.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.25.5 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.25.5 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.25.5 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |