Vulnerability Reportgoharbor/harbor-core:v2.14.2

goharbor/harbor-core:v2.14.2goharbor/harbor-core:v2.14.2-rc2goharbor/harbor-core:v2.14.2-dev

DIGESTsha256:3966507a3a63e2eae2c03145f52120f86f7e72645b41e5a5783672d9a32db428

Executive Summary

Threat ScoreDANGEROUS• CVE-2026-33186 (severity 7.73) is an exposed, high-importance vulnerability enabling authorization bypass in gRPC; requires urgent patching.• Total of 84 exposed vulnerabilities, including 19 with severity ≥6.0, indicating a broad attack surface.• CVE-2025-61726 (severity 6.38) and CVE-2026-25679 (severity 6.38) are directly reachable via HTTP, leading to denial of service.

75/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (27M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could bypass gRPC authorization via malformed HTTP/2 paths (CVE-2026-33186), gaining unauthorized access to sensitive methods. Additionally, denial-of-service attacks through crafted query parameters (CVE-2025-61726) or malformed IPv6 URLs (CVE-2026-25679) are directly exploitable due to the container's exposed web surface. Note that some vulnerabilities (e.g., CVE-2026-41889) require non-default configurations, but the critical issues are reachable under default setups.

Vulnerabilities

Vulnerability Log

177 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33186	HIGH7.73	google.golang.org/grpc v1.69.4 fixed in 1.79.3	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-68121	MEDIUM6.8	stdlib v1.24.11 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-41889	MEDIUM6.66	github.com/jackc/pgx/v4 v4.18.3 No fix yet	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45186	MEDIUM6.38	expat-libs 2.7.3-1.ph5 fixed in 2.8.1-1.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-35172	MEDIUM6.38	github.com/distribution/distribution v2.8.2+incompatible No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.0.5 fixed in 4.1.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32286	MEDIUM6.38	github.com/jackc/pgproto3/v2 v2.3.3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.24.11 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32280	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.35.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc 2.36-20.ph5 fixed in 2.36-23.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-libs 2.36-20.ph5 fixed in 2.36-23.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41888	MEDIUM5.52	github.com/distribution/distribution v2.8.2+incompatible No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.24.11 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.24.11 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc 2.36-20.ph5 fixed in 2.36-22.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc-libs 2.36-20.ph5 fixed in 2.36-22.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.7% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	expat-libs 2.7.3-1.ph5 fixed in 2.7.5-1.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	expat-libs 2.7.3-1.ph5 fixed in 2.7.5-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	expat-libs 2.7.3-1.ph5 fixed in 2.7.5-1.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.13-5.ph5 fixed in 1.3.2-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.24.11 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.24.11 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc 2.36-20.ph5 fixed in 2.36-22.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc 2.36-20.ph5 fixed in 2.36-23.1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc-libs 2.36-20.ph5 fixed in 2.36-22.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-libs 2.36-20.ph5 fixed in 2.36-23.1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.4.0-5.ph5 fixed in 5.4.0-6.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.40.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.40.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.24.11 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.36-20.ph5 fixed in 2.43-3.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.36-20.ph5 fixed in 2.43-3.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-libs 2.36-20.ph5 fixed in 2.43-3.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-libs 2.36-20.ph5 fixed in 2.43-3.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5773	LOW3.82	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW3.82	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW3.82	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW3.77	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69419	LOW3.77	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-13034	LOW3.47	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW3.47	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2025-13034	LOW3.47	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW3.47	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4438	LOW3.4	glibc 2.36-20.ph5 fixed in 2.36-23.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-libs 2.36-20.ph5 fixed in 2.36-23.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Directly Exposed
CVE-2025-14524	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34181	LOW3.21	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42768	LOW3.21	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41080	LOW3.15	expat-libs 2.7.3-1.ph5 fixed in 2.8.0-1.ph5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-10966	LOW3.01	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-10966	LOW3.01	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-69420	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-31790	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	1.0% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15468	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.7% Theoretical Threat	Post-Exploit
CVE-2025-66199	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-22796	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-2781	LOW3	nss-libs 3.78-11.ph5 fixed in 3.78-12.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	curl 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2025-15469	LOW2.8	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-22795	LOW2.8	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	sqlite-libs 3.43.2-5.ph5 fixed in 3.43.2-6.ph5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7598	LOW2.78	libssh2 1.11.0-4.ph5 fixed in 1.11.1-3.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32952	LOW2.7	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 fixed in 0.1.1	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-4873	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7009	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.19.0-2.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7009	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl-libs 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33540	LOW2.63	github.com/distribution/distribution v2.8.2+incompatible No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	LOW2.55	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-0861	LOW2.48	glibc 2.36-20.ph5 fixed in 2.36-22.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-0861	LOW2.48	glibc-libs 2.36-20.ph5 fixed in 2.36-22.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.6% Theoretical Threat	Post-Exploit
CVE-2025-15558	LOW2.45	github.com/docker/cli v27.1.1+incompatible fixed in 29.2.0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl-libs 8.16.0-1.ph5 fixed in 8.18.0-1.ph5	0.4% Theoretical Threat	Post-Exploit
CVE-2025-68160	LOW2.4	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2026-25210	LOW2.39	expat-libs 2.7.3-1.ph5 fixed in 2.7.4-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28390	LOW2.29	openssl-libs 3.0.18-1.ph5 fixed in 3.0.18-3.ph5	0.8% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.24.11 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2026-35206	LOW2.24	helm.sh/helm/v3 v3.18.5 fixed in 3.20.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	expat-libs 2.7.3-1.ph5 fixed in 2.7.4-1.ph5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27139	LOW2.12	stdlib v1.24.11 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW2.04	openssl 3.0.18-1.ph5 fixed in 3.0.18-2.ph5	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	ncurses-libs 6.5-1.ph5 fixed in 6.5-2.ph5	0.4% Theoretical Threat	Not Applicable
BDSA-2026-9096	NONE0	curl 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	—	Not Applicable
BDSA-2026-9096	NONE0	curl-libs 8.16.0-1.ph5 fixed in 8.20.0-1.ph5	—	Not Applicable
BDSA-2026-9020	NONE0	libssh2 1.11.0-4.ph5 fixed in 1.11.1-3.ph5	—	Not Applicable
CVE-2026-42765	NONE0	openssl 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Not Applicable
CVE-2026-42765	NONE0	openssl-libs 3.0.18-1.ph5 fixed in 3.5.7-1.ph5	0.4% Theoretical Threat	Not Applicable
CVE-2025-24358	NONE0	github.com/gorilla/csrf v1.7.2 fixed in 1.7.3	0.3% Theoretical Threat	Not Applicable
CVE-2025-47909	NONE0	github.com/gorilla/csrf v1.7.2 No fix yet	0.2% Theoretical Threat	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 fixed in 1.43.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.35.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.11 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.11 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.11 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.11 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable