Vulnerability Reporthyness/spring-cloud-config-server:jdk19

hyness/spring-cloud-config-server:jdk19
DIGESTsha256:7dc32a746c9dfd2cca1001287581b1889d22d967866f9c6a42c7afac1d8a5f32

Executive Summary

Last scanned:

Threat Score
98/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit Netty HTTP request smuggling (CVE-2026-42581) or Tomcat vulnerabilities (CVE-2025-24813) to execute arbitrary code remotely, bypass access controls, and compromise the entire server. While some issues like CVE-2025-24813 require non-default configurations, many are directly exploitable without any special setup. The high number of critical flaws (33 with severity >=7) and the image's role as a web server make it extremely dangerous.

Vulnerabilities

Vulnerability Log

263 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-42581HIGH8.33
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-22257HIGH8.33
org.springframework.security:spring-security-core
6.0.2
fixed in 5.7.12, 5.8.11, 6.1.8, 6.2.3
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-56337HIGH8.1
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.2, 10.1.34, 9.0.98
8.9%
Low-Moderate Risk
Directly Exposed
CVE-2024-22259HIGH8.1
org.springframework:spring-web
6.0.7
fixed in 6.1.5, 6.0.18, 5.3.33
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-22262HIGH8.1
org.springframework:spring-web
6.0.7
fixed in 5.3.34, 6.0.19, 6.1.6
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-24813HIGH8
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.3, 10.1.35, 9.0.99
99.9%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-20873HIGH7.84
org.springframework.boot:spring-boot-actuator-autoconfigure
3.0.5
fixed in 3.0.6, 2.7.11, 2.6.15, 2.5.15
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-34040HIGH7.8
org.springframework.kafka:spring-kafka
3.0.5
fixed in 2.9.11, 3.0.10
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-28709HIGH7.8
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.0-M5, 10.1.8, 9.0.74
51.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2025-55752HIGH7.8
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.11, 10.1.45, 9.0.109
66.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-44487HIGH7.8
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94
100.0%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2026-42579HIGH7.73
io.netty:netty-codec-dns
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42584HIGH7.73
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-66614HIGH7.73
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.15, 10.1.50, 9.0.113
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-0464HIGH7.5
libssl1.1
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.22
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-46120HIGH7.5
com.rabbitmq:amqp-client
5.16.0
fixed in 5.18.0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-33871HIGH7.5
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.1.132.Final, 4.2.11.Final
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-34062HIGH7.5
io.projectreactor.netty:reactor-netty-http
1.1.5
fixed in 1.1.13, 1.0.39
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-46589HIGH7.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.0-M11, 10.1.16, 9.0.83, 8.5.96
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-34750HIGH7.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.0-M21, 10.1.25, 9.0.90
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-38286HIGH7.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.0-M21, 10.1.25, 9.0.90
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-48989HIGH7.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.10, 10.1.44, 9.0.108
3.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-23672HIGH7.5
org.apache.tomcat.embed:tomcat-embed-websocket
10.1.7
fixed in 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-34053HIGH7.5
org.springframework:spring-webmvc
6.0.7
fixed in 6.0.14
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-34455HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.4
fixed in 1.1.10.1
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-43642HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.4
fixed in 1.1.10.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-34453HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.4
fixed in 1.1.10.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-34454HIGH7.5
org.xerial.snappy:snappy-java
1.1.8.4
fixed in 1.1.10.1
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-41723HIGH7.5
golang.org/x/net
v0.2.0
fixed in 0.7.0
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-39325HIGH7.5
golang.org/x/net
v0.2.0
fixed in 0.17.0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2024-50379HIGH7.45
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.2, 10.1.34, 9.0.98
43.7%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-38821HIGH7.4
org.springframework.security:spring-security-web
6.0.2
fixed in 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2026-41293HIGH7.3
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2026-39821MEDIUM6.97
golang.org/x/net
v0.2.0
fixed in 0.55.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-24549MEDIUM6.9
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17
23.1%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-48988MEDIUM6.89
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.8, 10.1.42, 9.0.106
54.9%
Actively Exploited
Directly Exposed
CVE-2026-54512MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.14.2
fixed in 2.18.8, 3.1.4, 2.21.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-54513MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.14.2
fixed in 2.18.8, 2.21.4, 3.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-59250MEDIUM6.88
com.microsoft.sqlserver:mssql-jdbc
11.2.3
fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-59250MEDIUM6.88
com.microsoft.sqlserver:mssql-jdbc
11.2.3.jre17
fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44249MEDIUM6.88
io.netty:netty-handler
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-47838MEDIUM6.88
org.springframework.security:spring-security-web
6.0.2
fixed in 6.5.11
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-25681MEDIUM6.88
golang.org/x/net
v0.2.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27136MEDIUM6.88
golang.org/x/net
v0.2.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-34462MEDIUM6.5
io.netty:netty-handler
4.1.90.Final
fixed in 4.1.94.Final
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2026-43512MEDIUM6.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-46701MEDIUM6.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.105, 10.1.41, 11.0.7
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-29857MEDIUM6.5
org.bouncycastle:bcprov-jdk15on
1.69
fixed in 1.78
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-34055MEDIUM6.5
org.springframework.boot:spring-boot-actuator
3.0.5
fixed in 2.7.18, 3.0.13, 3.1.6
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-20863MEDIUM6.5
org.springframework:spring-expression
6.0.7
fixed in 6.0.8, 5.3.27, 5.2.24.RELEASE
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-6378MEDIUM6.38
ch.qos.logback:logback-classic
1.4.6
fixed in 1.3.12, 1.4.12, 1.2.13
0.9%
Theoretical Threat
Directly Exposed
CVE-2023-6378MEDIUM6.38
ch.qos.logback:logback-core
1.4.6
fixed in 1.3.12, 1.4.12, 1.2.13
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.13.2
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.14.2
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42583MEDIUM6.38
io.netty:netty-codec
4.1.90.Final
fixed in 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58057MEDIUM6.38
io.netty:netty-codec
4.1.90.Final
fixed in 4.1.125.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33870MEDIUM6.38
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.1.132.Final, 4.2.10.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-42585MEDIUM6.38
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-58056MEDIUM6.38
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.1.125.Final, 4.2.5.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-55163MEDIUM6.38
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.2.4.Final, 4.1.124.Final
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-48043MEDIUM6.38
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.1.135.Final, 4.2.15.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-45416MEDIUM6.38
io.netty:netty-handler
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50010MEDIUM6.38
io.netty:netty-handler
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42578MEDIUM6.38
io.netty:netty-handler-proxy
4.1.90.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.7%
Theoretical Threat
Directly Exposed
CVE-2023-34054MEDIUM6.38
io.projectreactor.netty:reactor-netty-core
1.1.5
fixed in 1.1.13, 1.0.39
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-24734MEDIUM6.38
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.18, 10.1.52, 9.0.115
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-5588MEDIUM6.38
org.bouncycastle:bcpkix-jdk15on
1.69
fixed in 1.84
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-66566MEDIUM6.38
org.lz4:lz4-java
1.8.0
No fix yet
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42198MEDIUM6.38
org.postgresql:postgresql
42.5.4
fixed in 42.7.11
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-20883MEDIUM6.38
org.springframework.boot:spring-boot-autoconfigure
3.0.5
fixed in 3.0.7, 2.7.12, 2.6.15, 2.5.15
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-22271MEDIUM6.38
org.springframework.cloud:spring-cloud-function-context
4.0.2
fixed in 4.0.8, 4.1.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-41249MEDIUM6.38
org.springframework:spring-core
6.0.7
fixed in 6.2.11
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-45338MEDIUM6.38
golang.org/x/net
v0.2.0
fixed in 0.33.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.2.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-22228MEDIUM6.29
org.springframework.security:spring-security-crypto
6.0.2
fixed in 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-41080MEDIUM6.1
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 8.5.93, 9.0.80, 10.1.13, 11.0.0-M11
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-41242MEDIUM5.9
org.springframework:spring-webmvc
6.0.7
fixed in 6.2.10
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-45673MEDIUM5.78
io.netty:netty-resolver-dns
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-35554MEDIUM5.78
org.apache.kafka:kafka-clients
3.3.2
fixed in 3.9.2, 4.0.2, 4.1.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-67735MEDIUM5.52
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.8.Final, 4.1.129.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41417MEDIUM5.52
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42580MEDIUM5.52
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42498MEDIUM5.52
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-55668MEDIUM5.52
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.8, 10.1.42, 9.0.106
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-12183MEDIUM5.52
org.lz4:lz4-java
1.8.0
fixed in 1.8.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-22732MEDIUM5.52
org.springframework.security:spring-security-web
6.0.2
fixed in 6.5.9, 7.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-41234MEDIUM5.52
org.springframework:spring-web
6.0.7
fixed in 6.2.8, 6.1.21
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-22737MEDIUM5.52
org.springframework:spring-webflux
6.0.7
fixed in 7.0.6, 6.2.17
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22737MEDIUM5.52
org.springframework:spring-webmvc
6.0.7
fixed in 7.0.6, 6.2.17
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.2.0
fixed in 0.38.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.2.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-11226MEDIUM5.44
ch.qos.logback:logback-core
1.4.6
fixed in 1.5.19, 1.3.16
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-43515MEDIUM5.4
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-20862MEDIUM5.35
org.springframework.security:spring-security-core
6.0.2
fixed in 5.7.8, 5.8.3, 6.0.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.22
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-0466MEDIUM5.3
libssl1.1
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.22
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-29025MEDIUM5.3
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.1.108.Final
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-31141MEDIUM5.3
org.apache.kafka:kafka-clients
3.3.2
fixed in 3.7.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-53506MEDIUM5.3
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.107, 10.1.43, 11.0.9
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2023-42795MEDIUM5.3
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 10.1.14, 9.0.81, 8.5.94, 11.0.0-M12
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-45648MEDIUM5.3
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94
5.8%
Low-Moderate Risk
Directly Exposed
CVE-2025-61795MEDIUM5.3
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.12, 10.1.47, 9.0.110
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-4949MEDIUM5.3
org.eclipse.jgit:org.eclipse.jgit
6.4.0.202211300538-r
fixed in 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-41717MEDIUM5.3
golang.org/x/net
v0.2.0
fixed in 0.4.0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2025-22227MEDIUM5.18
io.projectreactor.netty:reactor-netty-http
1.1.5
fixed in 1.3.0-M5, 1.2.8
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-3978MEDIUM5.18
golang.org/x/net
v0.2.0
fixed in 0.13.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.2.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-41909MEDIUM5.02
org.apache.sshd:sshd-common
2.9.2
fixed in 2.12.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-30171MEDIUM5.02
org.bouncycastle:bcprov-jdk15on
1.69
fixed in 1.78
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-12798MEDIUM4.67
ch.qos.logback:logback-core
1.4.6
fixed in 1.5.13, 1.3.15
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-47535MEDIUM4.67
io.netty:netty-common
4.1.90.Final
fixed in 4.1.115.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-25193MEDIUM4.67
io.netty:netty-common
4.1.90.Final
fixed in 4.1.118.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-33202MEDIUM4.67
org.bouncycastle:bcprov-jdk15on
1.69
fixed in 1.70
0.9%
Theoretical Threat
Directly Exposed
CVE-2023-20859MEDIUM4.67
org.springframework.vault:spring-vault-core
3.0.0
fixed in 3.0.2, 2.3.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34483MEDIUM4.59
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.116, 10.1.54, 11.0.21
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.2.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2022-1471MEDIUM4.58
org.yaml:snakeyaml
1.33
fixed in 2.0
99.6%
Actively Exploited
Post-Exploit
CVE-2026-54514MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.14.2
fixed in 2.18.8, 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54515MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.14.2
fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50020MEDIUM4.5
io.netty:netty-codec-http
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-47244MEDIUM4.5
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50560MEDIUM4.5
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-43513MEDIUM4.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-8916MEDIUM4.5
org.bouncycastle:bcpkix-jdk15on
1.69
fixed in 1.79
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-33201MEDIUM4.5
org.bouncycastle:bcprov-jdk15on
1.69
No fix yet
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-34447MEDIUM4.5
org.bouncycastle:bcprov-jdk15on
1.69
fixed in 1.78
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-34035MEDIUM4.5
org.springframework.security:spring-security-config
6.0.2
fixed in 5.8.5, 6.0.5, 6.1.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-38820MEDIUM4.5
org.springframework:spring-context
6.0.7
fixed in 6.1.14
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-38809MEDIUM4.5
org.springframework:spring-web
6.0.7
fixed in 5.3.38, 6.0.23, 6.1.12
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-38820MEDIUM4.5
org.springframework:spring-web
6.0.7
fixed in 6.1.14
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.2.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.2.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-35887MEDIUM4.3
org.apache.sshd:sshd-common
2.9.2
fixed in 2.9.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-35887MEDIUM4.3
org.apache.sshd:sshd-sftp
2.9.2
fixed in 2.9.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2026-1225MEDIUM4.25
ch.qos.logback:logback-core
1.4.6
fixed in 1.5.25
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-38827MEDIUM4.08
org.springframework.security:spring-security-core
6.0.2
fixed in 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-27817LOW3.79
org.apache.kafka:kafka-clients
3.3.2
fixed in 3.9.1
62.4%
Actively Exploited
Post-Exploit
CVE-2025-22870LOW3.74
golang.org/x/net
v0.2.0
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-52520LOW3.7
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.9, 10.1.43, 9.0.107
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-49125LOW3.7
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.8, 10.1.42, 9.0.106
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-24880LOW3.65
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.116, 10.1.52, 11.0.20
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25854LOW3.65
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.116, 10.1.53, 11.0.20
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-1597LOW3.53
org.postgresql:postgresql
42.5.4
fixed in 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2
4.8%
Low-Moderate Risk
Post-Exploit
CVE-2023-34034LOW3.53
org.springframework.security:spring-security-config
6.0.2
fixed in 5.6.12, 5.7.10, 5.8.5, 6.0.5, 6.1.2
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2024-38819LOW3.51
org.springframework:spring-webflux
6.0.7
fixed in 6.1.14
54.9%
Actively Exploited
Post-Exploit
CVE-2024-38819LOW3.51
org.springframework:spring-webmvc
6.0.7
fixed in 6.1.14
54.9%
Actively Exploited
Post-Exploit
CVE-2023-45288LOW3.51
golang.org/x/net
v0.2.0
fixed in 0.23.0
92.0%
Actively Exploited
Post-Exploit
CVE-2025-55754LOW3.5
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.11, 10.1.45, 9.0.109
9.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-epoll
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.1%
Theoretical Threat
Directly Exposed
CVE-2024-22243LOW3.4
org.springframework:spring-web
6.0.7
fixed in 6.1.4, 6.0.17, 5.3.32
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-4759LOW3.17
org.eclipse.jgit:org.eclipse.jgit
6.4.0.202211300538-r
fixed in 6.6.1.202309021850-r, 5.13.3.202401111512-r
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2026-43514LOW3.15
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-38816LOW3.1
org.springframework:spring-webflux
6.0.7
fixed in 6.1.13
14.7%
High Exploitation Risk
Post-Exploit
CVE-2024-38816LOW3.1
org.springframework:spring-webmvc
6.0.7
fixed in 6.1.13
14.7%
High Exploitation Risk
Post-Exploit
CVE-2026-45674LOW3.06
io.netty:netty-resolver-dns
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-47691LOW3.06
io.netty:netty-resolver-dns
4.1.90.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Post-Exploit
CVE-2023-2650LOW3.04
libssl1.1
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.23
73.5%
Actively Exploited
Post-Exploit
CVE-2023-2650LOW3.04
openssl
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.23
73.5%
Actively Exploited
Post-Exploit
CVE-2024-12801LOW2.8
ch.qos.logback:logback-core
1.4.6
fixed in 1.5.13, 1.3.15
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-0464LOW2.7
openssl
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.22
3.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-22735LOW2.21
org.springframework:spring-webflux
6.0.7
fixed in 7.0.6, 6.2.17
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22735LOW2.21
org.springframework:spring-webmvc
6.0.7
fixed in 7.0.6, 6.2.17
0.1%
Theoretical Threat
Directly Exposed
CVE-2023-0465LOW1.91
openssl
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.22
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-0466LOW1.91
openssl
1.1.1-1ubuntu2.1~18.04.21
fixed in 1.1.1-1ubuntu2.1~18.04.22
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2025-68121NONE0
stdlib
v1.18.8
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Not Applicable
CVE-2023-24538NONE0
stdlib
v1.18.8
fixed in 1.19.8, 1.20.3
2.3%
Low-Moderate Risk
Not Applicable
CVE-2023-24540NONE0
stdlib
v1.18.8
fixed in 1.19.9, 1.20.4
1.5%
Low-Moderate Risk
Not Applicable
CVE-2024-24790NONE0
stdlib
v1.18.8
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Not Applicable
CVE-2023-29403NONE0
stdlib
v1.18.8
fixed in 1.19.10, 1.20.5
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39822NONE0
stdlib
v1.18.8
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
Not Applicable
CVE-2022-41720NONE0
stdlib
v1.18.8
fixed in 1.18.9, 1.19.4
1.2%
Low-Moderate Risk
Not Applicable
CVE-2022-41722NONE0
stdlib
v1.18.8
fixed in 1.19.6, 1.20.1
1.7%
Low-Moderate Risk
Not Applicable
CVE-2022-41723NONE0
stdlib
v1.18.8
fixed in 1.19.6, 1.20.1
4.6%
Low-Moderate Risk
Not Applicable
CVE-2022-41724NONE0
stdlib
v1.18.8
fixed in 1.19.6, 1.20.1
1.1%
Low-Moderate Risk
Not Applicable
CVE-2022-41725NONE0
stdlib
v1.18.8
fixed in 1.19.6, 1.20.1
1.2%
Low-Moderate Risk
Not Applicable
CVE-2023-24534NONE0
stdlib
v1.18.8
fixed in 1.19.8, 1.20.3
1.9%
Low-Moderate Risk
Not Applicable
CVE-2023-24536NONE0
stdlib
v1.18.8
fixed in 1.19.8, 1.20.3
1.5%
Low-Moderate Risk
Not Applicable
CVE-2023-24537NONE0
stdlib
v1.18.8
fixed in 1.19.8, 1.20.3
1.4%
Low-Moderate Risk
Not Applicable
CVE-2023-39325NONE0
stdlib
v1.18.8
fixed in 1.20.10, 1.21.3
3.8%
Low-Moderate Risk
Not Applicable
CVE-2023-45283NONE0
stdlib
v1.18.8
fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5
2.8%
Low-Moderate Risk
Not Applicable
CVE-2023-45287NONE0
stdlib
v1.18.8
fixed in 1.20.0
1.3%
Low-Moderate Risk
Not Applicable
CVE-2023-45288NONE0
stdlib
v1.18.8
fixed in 1.21.9, 1.22.2
92.0%
Actively Exploited
Not Applicable
CVE-2024-34156NONE0
stdlib
v1.18.8
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Not Applicable
CVE-2025-61726NONE0
stdlib
v1.18.8
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Not Applicable
CVE-2025-61729NONE0
stdlib
v1.18.8
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Not Applicable
CVE-2026-25679NONE0
stdlib
v1.18.8
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.18.8
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Not Applicable
CVE-2026-32280NONE0
stdlib
v1.18.8
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Not Applicable
CVE-2026-32281NONE0
stdlib
v1.18.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32283NONE0
stdlib
v1.18.8
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Not Applicable
CVE-2026-33811NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-33814NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39820NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39836NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.18.8
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Not Applicable
CVE-2025-58183NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-61728NONE0
stdlib
v1.18.8
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Not Applicable
CVE-2023-24539NONE0
stdlib
v1.18.8
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Not Applicable
CVE-2023-29400NONE0
stdlib
v1.18.8
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Not Applicable
CVE-2025-47907NONE0
stdlib
v1.18.8
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Not Applicable
CVE-2025-4673NONE0
stdlib
v1.18.8
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Not Applicable
CVE-2023-29406NONE0
stdlib
v1.18.8
fixed in 1.19.11, 1.20.6
1.3%
Low-Moderate Risk
Not Applicable
CVE-2024-24785NONE0
stdlib
v1.18.8
fixed in 1.21.8, 1.22.1
0.8%
Theoretical Threat
Not Applicable
CVE-2025-47906NONE0
stdlib
v1.18.8
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Not Applicable
CVE-2025-61727NONE0
stdlib
v1.18.8
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-32282NONE0
stdlib
v1.18.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2023-39318NONE0
stdlib
v1.18.8
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Not Applicable
CVE-2023-39319NONE0
stdlib
v1.18.8
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Not Applicable
CVE-2026-32289NONE0
stdlib
v1.18.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2024-24783NONE0
stdlib
v1.18.8
fixed in 1.21.8, 1.22.1
0.7%
Theoretical Threat
Not Applicable
CVE-2024-24791NONE0
stdlib
v1.18.8
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Not Applicable
CVE-2024-34155NONE0
stdlib
v1.18.8
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Not Applicable
CVE-2024-34158NONE0
stdlib
v1.18.8
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Not Applicable
CVE-2024-45336NONE0
stdlib
v1.18.8
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Not Applicable
CVE-2024-24789NONE0
stdlib
v1.18.8
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-32288NONE0
stdlib
v1.18.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2024-24784NONE0
stdlib
v1.18.8
fixed in 1.21.8, 1.22.1
1.0%
Low-Moderate Risk
Not Applicable
CVE-2025-22871NONE0
stdlib
v1.18.8
fixed in 1.23.8, 1.24.2
0.7%
Theoretical Threat
Not Applicable
CVE-2026-27142NONE0
stdlib
v1.18.8
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39826NONE0
stdlib
v1.18.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2022-41717NONE0
stdlib
v1.18.8
fixed in 1.18.9, 1.19.4
5.6%
Low-Moderate Risk
Not Applicable
CVE-2023-24532NONE0
stdlib
v1.18.8
fixed in 1.19.7, 1.20.2
0.8%
Theoretical Threat
Not Applicable
CVE-2023-29409NONE0
stdlib
v1.18.8
fixed in 1.19.12, 1.20.7, 1.21.0-rc.4
1.3%
Low-Moderate Risk
Not Applicable
CVE-2023-39326NONE0
stdlib
v1.18.8
fixed in 1.20.12, 1.21.5
1.2%
Low-Moderate Risk
Not Applicable
CVE-2023-45284NONE0
stdlib
v1.18.8
fixed in 1.20.11, 1.21.4
0.9%
Theoretical Threat
Not Applicable
CVE-2023-45289NONE0
stdlib
v1.18.8
fixed in 1.21.8, 1.22.1
1.1%
Low-Moderate Risk
Not Applicable
CVE-2023-45290NONE0
stdlib
v1.18.8
fixed in 1.21.8, 1.22.1
1.2%
Low-Moderate Risk
Not Applicable
CVE-2025-22866NONE0
stdlib
v1.18.8
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-22873NONE0
stdlib
v1.18.8
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Not Applicable
CVE-2025-47912NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58185NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-58187NONE0
stdlib
v1.18.8
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58188NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58189NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-61723NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61724NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-61725NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61730NONE0
stdlib
v1.18.8
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42505NONE0
stdlib
v1.18.8
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.18.8
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58186NONE0
stdlib
v1.18.8
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-22870NONE0
stdlib
v1.18.8
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Not Applicable
CVE-2024-45341NONE0
stdlib
v1.18.8
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Not Applicable
CVE-2026-27139NONE0
stdlib
v1.18.8
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Not Applicable
CVE-2026-10532NONE0
ch.qos.logback:logback-core
1.4.6
fixed in 1.5.35
0.3%
Theoretical Threat
Not Applicable
CVE-2026-9828NONE0
ch.qos.logback:logback-core
1.4.6
fixed in 1.5.33
0.4%
Theoretical Threat
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.13.2
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.14.2
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-xpw8-rcwv-8f8pNONE0
io.netty:netty-codec-http2
4.1.90.Final
fixed in 4.1.100.Final
Not Applicable
CVE-2020-36843NONE0
net.i2p.crypto:eddsa
0.3.0
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-33558NONE0
org.apache.kafka:kafka-clients
3.3.2
fixed in 3.9.2, 4.0.1
0.5%
Theoretical Threat
Not Applicable
CVE-2026-41284NONE0
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 9.0.118, 10.1.55, 11.0.22
0.8%
Theoretical Threat
Not Applicable
CVE-2025-49124NONE0
org.apache.tomcat.embed:tomcat-embed-core
10.1.7
fixed in 11.0.8, 10.1.42, 9.0.106
0.3%
Theoretical Threat
Not Applicable
CVE-2026-22739NONE0
org.springframework.cloud:spring-cloud-config-server
4.0.2
fixed in 4.3.2, 5.0.2
1.2%
Low-Moderate Risk
Not Applicable
CVE-2025-22233NONE0
org.springframework:spring-context
6.0.7
fixed in 6.2.7, 6.1.20
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.2.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.18.8
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.3.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.