Vulnerability Reportgoharbor/harbor-core:v2.14.1

goharbor/harbor-core:v2.14.1goharbor/harbor-core:v2.14.1-rc2

DIGESTsha256:9c16d47ff207e7c83ba4b411eb02f6d919948118d8824b0d359711edeca55823

Executive Summary

Threat ScoreDANGEROUS• One critical vulnerability CVE-2025-15467 (CVSS 8.0) in openssl-libs could allow remote code execution via crafted CMS messages.• 26 high-severity (≥6.0) vulnerabilities are exposed on the attack surface, increasing the likelihood of exploitation.• A total of 103 exposed vulnerabilities indicates a significant patch backlog despite the image's popularity (27M+ pulls).• The image is pinned by digest, meaning it will not receive automatic updates to fix these flaws.

75/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (27M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2025-15467 to achieve remote code execution or cause a denial of service. Note that this vulnerability requires processing of crafted CMS messages, which may not be a default operation for Harbor core, but the potential impact is severe. Additionally, over 100 vulnerabilities are present, many of which are high severity, making this image unsuitable for deployment until all critical issues are remediated.

Vulnerabilities

Vulnerability Log

180 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-15467	HIGH8	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	48.7% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-68121	MEDIUM6.8	stdlib v1.24.10 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41889	MEDIUM6.66	github.com/jackc/pgx/v4 v4.18.3 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45447	MEDIUM6.48	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-45186	MEDIUM6.38	expat-libs 2.7.3-1.ph5 fixed in 2.8.1-1.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-35172	MEDIUM6.38	github.com/distribution/distribution v2.8.2+incompatible No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.0.5 fixed in 4.1.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32286	MEDIUM6.38	github.com/jackc/pgproto3/v2 v2.3.3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.24.10 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-61729	MEDIUM6.38	stdlib v1.24.10 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32280	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33186	MEDIUM6.18	google.golang.org/grpc v1.69.4 fixed in 1.79.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32952	MEDIUM6	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 fixed in 0.1.1	1.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.35.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc 2.36-20.ph5 fixed in 2.36-23.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-libs 2.36-20.ph5 fixed in 2.36-23.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41888	MEDIUM5.52	github.com/distribution/distribution v2.8.2+incompatible No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.24.10 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.24.10 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.24.10 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM5.1	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-15281	MEDIUM5.02	glibc 2.36-20.ph5 fixed in 2.36-22.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc-libs 2.36-20.ph5 fixed in 2.36-22.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.7% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2781	MEDIUM5	nss-libs 3.78-11.ph5 fixed in 3.78-12.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	expat-libs 2.7.3-1.ph5 fixed in 2.7.5-1.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	expat-libs 2.7.3-1.ph5 fixed in 2.7.5-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	expat-libs 2.7.3-1.ph5 fixed in 2.7.5-1.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.13-4.ph5 fixed in 1.3.2-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.24.10 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45445	MEDIUM4.64	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.24.10 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc 2.36-20.ph5 fixed in 2.36-22.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc 2.36-20.ph5 fixed in 2.36-23.1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc-libs 2.36-20.ph5 fixed in 2.36-22.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-libs 2.36-20.ph5 fixed in 2.36-23.1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.4.0-5.ph5 fixed in 5.4.0-6.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.40.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.40.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.24.10 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.36-20.ph5 fixed in 2.43-3.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.36-20.ph5 fixed in 2.43-3.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-libs 2.36-20.ph5 fixed in 2.43-3.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-libs 2.36-20.ph5 fixed in 2.43-3.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-0861	MEDIUM4.13	glibc 2.36-20.ph5 fixed in 2.36-22.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0861	MEDIUM4.13	glibc-libs 2.36-20.ph5 fixed in 2.36-22.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM4.13	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-6020	LOW3.98	Linux-PAM 1.5.3-10.ph5 fixed in 1.5.3-11.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-25210	LOW3.98	expat-libs 2.7.3-1.ph5 fixed in 2.7.4-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-61728	LOW3.83	stdlib v1.24.10 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-5773	LOW3.82	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW3.82	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW3.77	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69419	LOW3.77	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-35206	LOW3.74	helm.sh/helm/v3 v3.18.5 fixed in 3.20.2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-13034	LOW3.47	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW3.47	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2025-13034	LOW3.47	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW3.47	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4438	LOW3.4	glibc 2.36-20.ph5 fixed in 2.36-23.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-libs 2.36-20.ph5 fixed in 2.36-23.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2025-14524	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34181	LOW3.21	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42768	LOW3.21	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41080	LOW3.15	expat-libs 2.7.3-1.ph5 fixed in 2.8.0-1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-10966	LOW3.01	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-10966	LOW3.01	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69420	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-31790	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	1.0% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15468	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2025-66199	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-22796	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15469	LOW2.8	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-22795	LOW2.8	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	sqlite-libs 3.43.2-5.ph5 fixed in 3.43.2-6.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7598	LOW2.78	libssh2 1.11.0-4.ph5 fixed in 1.11.1-3.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7009	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7009	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33540	LOW2.63	github.com/distribution/distribution v2.8.2+incompatible No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	LOW2.55	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2025-15558	LOW2.45	github.com/docker/cli v27.1.1+incompatible fixed in 29.2.0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-68160	LOW2.4	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.9% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	expat-libs 2.7.3-1.ph5 fixed in 2.7.4-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27139	LOW2.12	stdlib v1.24.10 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW2.04	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	ncurses-libs 6.5-1.ph5 fixed in 6.5-2.ph5	0.4% Theoretical Threat	Not Applicable
BDSA-2026-9096	NONE0	curl 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	—	Not Applicable
BDSA-2026-9096	NONE0	curl-libs 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	—	Not Applicable
BDSA-2026-9020	NONE0	libssh2 1.11.0-4.ph5 fixed in 1.11.1-3.ph5	—	Not Applicable
CVE-2026-42765	NONE0	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Not Applicable
CVE-2026-42765	NONE0	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Not Applicable
CVE-2025-24358	NONE0	github.com/gorilla/csrf v1.7.2 fixed in 1.7.3	0.3% Theoretical Threat	Not Applicable
CVE-2025-47909	NONE0	github.com/gorilla/csrf v1.7.2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 fixed in 1.43.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.35.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.10 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.10 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.10 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.10 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable