Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit Netty HTTP request smuggling (CVE-2026-42581) or Tomcat vulnerabilities (CVE-2025-24813) to execute arbitrary code remotely, bypass access controls, and compromise the entire server. While some issues like CVE-2025-24813 require non-default configurations, many are directly exploitable without any special setup. The high number of critical flaws (33 with severity >=7) and the image's role as a web server make it extremely dangerous.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-22257 | HIGH8.33 | org.springframework.security:spring-security-core 6.0.2 fixed in 5.7.12, 5.8.11, 6.1.8, 6.2.3 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-56337 | HIGH8.1 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.2, 10.1.34, 9.0.98 | 8.9% Low-Moderate Risk | Directly Exposed |
| CVE-2024-22259 | HIGH8.1 | org.springframework:spring-web 6.0.7 fixed in 6.1.5, 6.0.18, 5.3.33 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2024-22262 | HIGH8.1 | org.springframework:spring-web 6.0.7 fixed in 5.3.34, 6.0.19, 6.1.6 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-24813 | HIGH8 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.3, 10.1.35, 9.0.99 | 99.9% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2023-20873 | HIGH7.84 | org.springframework.boot:spring-boot-actuator-autoconfigure 3.0.5 fixed in 3.0.6, 2.7.11, 2.6.15, 2.5.15 | 1.1% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2023-34040 | HIGH7.8 | org.springframework.kafka:spring-kafka 3.0.5 fixed in 2.9.11, 3.0.10 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-28709 | HIGH7.8 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.0-M5, 10.1.8, 9.0.74 | 51.5% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2025-55752 | HIGH7.8 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.11, 10.1.45, 9.0.109 | 66.5% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2023-44487 | HIGH7.8 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 | 100.0% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42579 | HIGH7.73 | io.netty:netty-codec-dns 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42584 | HIGH7.73 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-66614 | HIGH7.73 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.15, 10.1.50, 9.0.113 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-0464 | HIGH7.5 | libssl1.1 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.22 | 3.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-46120 | HIGH7.5 | com.rabbitmq:amqp-client 5.16.0 fixed in 5.18.0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-33871 | HIGH7.5 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.1.132.Final, 4.2.11.Final | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34062 | HIGH7.5 | io.projectreactor.netty:reactor-netty-http 1.1.5 fixed in 1.1.13, 1.0.39 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-46589 | HIGH7.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-34750 | HIGH7.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.0-M21, 10.1.25, 9.0.90 | 4.6% Low-Moderate Risk | Directly Exposed |
| CVE-2024-38286 | HIGH7.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.0-M21, 10.1.25, 9.0.90 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2025-48989 | HIGH7.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.10, 10.1.44, 9.0.108 | 3.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-23672 | HIGH7.5 | org.apache.tomcat.embed:tomcat-embed-websocket 10.1.7 fixed in 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34053 | HIGH7.5 | org.springframework:spring-webmvc 6.0.7 fixed in 6.0.14 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34455 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.4 fixed in 1.1.10.1 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-43642 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.4 fixed in 1.1.10.4 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34453 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.4 fixed in 1.1.10.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34454 | HIGH7.5 | org.xerial.snappy:snappy-java 1.1.8.4 fixed in 1.1.10.1 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41723 | HIGH7.5 | golang.org/x/net v0.2.0 fixed in 0.7.0 | 4.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-39325 | HIGH7.5 | golang.org/x/net v0.2.0 fixed in 0.17.0 | 3.8% Low-Moderate Risk | Directly Exposed |
| CVE-2024-50379 | HIGH7.45 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.2, 10.1.34, 9.0.98 | 43.7% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-38821 | HIGH7.4 | org.springframework.security:spring-security-web 6.0.2 fixed in 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2026-41293 | HIGH7.3 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2026-39821 | MEDIUM6.97 | golang.org/x/net v0.2.0 fixed in 0.55.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-24549 | MEDIUM6.9 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 | 23.1% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-48988 | MEDIUM6.89 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.8, 10.1.42, 9.0.106 | 54.9% Actively Exploited | Directly Exposed |
| CVE-2026-54512 | MEDIUM6.88 | com.fasterxml.jackson.core:jackson-databind 2.14.2 fixed in 2.18.8, 3.1.4, 2.21.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-54513 | MEDIUM6.88 | com.fasterxml.jackson.core:jackson-databind 2.14.2 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-59250 | MEDIUM6.88 | com.microsoft.sqlserver:mssql-jdbc 11.2.3 fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-59250 | MEDIUM6.88 | com.microsoft.sqlserver:mssql-jdbc 11.2.3.jre17 fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM6.88 | io.netty:netty-handler 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-47838 | MEDIUM6.88 | org.springframework.security:spring-security-web 6.0.2 fixed in 6.5.11 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-25681 | MEDIUM6.88 | golang.org/x/net v0.2.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27136 | MEDIUM6.88 | golang.org/x/net v0.2.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-34462 | MEDIUM6.5 | io.netty:netty-handler 4.1.90.Final fixed in 4.1.94.Final | 2.5% Low-Moderate Risk | Directly Exposed |
| CVE-2026-43512 | MEDIUM6.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-46701 | MEDIUM6.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.105, 10.1.41, 11.0.7 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29857 | MEDIUM6.5 | org.bouncycastle:bcprov-jdk15on 1.69 fixed in 1.78 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-34055 | MEDIUM6.5 | org.springframework.boot:spring-boot-actuator 3.0.5 fixed in 2.7.18, 3.0.13, 3.1.6 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-20863 | MEDIUM6.5 | org.springframework:spring-expression 6.0.7 fixed in 6.0.8, 5.3.27, 5.2.24.RELEASE | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-6378 | MEDIUM6.38 | ch.qos.logback:logback-classic 1.4.6 fixed in 1.3.12, 1.4.12, 1.2.13 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2023-6378 | MEDIUM6.38 | ch.qos.logback:logback-core 1.4.6 fixed in 1.3.12, 1.4.12, 1.2.13 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.13.2 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-52999 | MEDIUM6.38 | com.fasterxml.jackson.core:jackson-core 2.14.2 fixed in 2.15.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42583 | MEDIUM6.38 | io.netty:netty-codec 4.1.90.Final fixed in 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58057 | MEDIUM6.38 | io.netty:netty-codec 4.1.90.Final fixed in 4.1.125.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33870 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.1.132.Final, 4.2.10.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-58056 | MEDIUM6.38 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.1.125.Final, 4.2.5.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-55163 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.2.4.Final, 4.1.124.Final | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.1.90.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2023-34054 | MEDIUM6.38 | io.projectreactor.netty:reactor-netty-core 1.1.5 fixed in 1.1.13, 1.0.39 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-24734 | MEDIUM6.38 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.18, 10.1.52, 9.0.115 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk15on 1.69 fixed in 1.84 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-66566 | MEDIUM6.38 | org.lz4:lz4-java 1.8.0 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42198 | MEDIUM6.38 | org.postgresql:postgresql 42.5.4 fixed in 42.7.11 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2023-20883 | MEDIUM6.38 | org.springframework.boot:spring-boot-autoconfigure 3.0.5 fixed in 3.0.7, 2.7.12, 2.6.15, 2.5.15 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-22271 | MEDIUM6.38 | org.springframework.cloud:spring-cloud-function-context 4.0.2 fixed in 4.0.8, 4.1.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-41249 | MEDIUM6.38 | org.springframework:spring-core 6.0.7 fixed in 6.2.11 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-45338 | MEDIUM6.38 | golang.org/x/net v0.2.0 fixed in 0.33.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.2.0 fixed in 0.53.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-22228 | MEDIUM6.29 | org.springframework.security:spring-security-crypto 6.0.2 fixed in 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2023-41080 | MEDIUM6.1 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-41242 | MEDIUM5.9 | org.springframework:spring-webmvc 6.0.7 fixed in 6.2.10 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-35554 | MEDIUM5.78 | org.apache.kafka:kafka-clients 3.3.2 fixed in 3.9.2, 4.0.2, 4.1.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-67735 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.8.Final, 4.1.129.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42498 | MEDIUM5.52 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-55668 | MEDIUM5.52 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.8, 10.1.42, 9.0.106 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-12183 | MEDIUM5.52 | org.lz4:lz4-java 1.8.0 fixed in 1.8.1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-22732 | MEDIUM5.52 | org.springframework.security:spring-security-web 6.0.2 fixed in 6.5.9, 7.0.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-41234 | MEDIUM5.52 | org.springframework:spring-web 6.0.7 fixed in 6.2.8, 6.1.21 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-22737 | MEDIUM5.52 | org.springframework:spring-webflux 6.0.7 fixed in 7.0.6, 6.2.17 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-22737 | MEDIUM5.52 | org.springframework:spring-webmvc 6.0.7 fixed in 7.0.6, 6.2.17 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-22872 | MEDIUM5.52 | golang.org/x/net v0.2.0 fixed in 0.38.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25680 | MEDIUM5.52 | golang.org/x/net v0.2.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-11226 | MEDIUM5.44 | ch.qos.logback:logback-core 1.4.6 fixed in 1.5.19, 1.3.16 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-43515 | MEDIUM5.4 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-20862 | MEDIUM5.35 | org.springframework.security:spring-security-core 6.0.2 fixed in 5.7.8, 5.8.3, 6.0.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2023-0465 | MEDIUM5.3 | libssl1.1 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.22 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0466 | MEDIUM5.3 | libssl1.1 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.22 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29025 | MEDIUM5.3 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.1.108.Final | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-31141 | MEDIUM5.3 | org.apache.kafka:kafka-clients 3.3.2 fixed in 3.7.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-53506 | MEDIUM5.3 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.107, 10.1.43, 11.0.9 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2023-42795 | MEDIUM5.3 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 10.1.14, 9.0.81, 8.5.94, 11.0.0-M12 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45648 | MEDIUM5.3 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 | 5.8% Low-Moderate Risk | Directly Exposed |
| CVE-2025-61795 | MEDIUM5.3 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.12, 10.1.47, 9.0.110 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-4949 | MEDIUM5.3 | org.eclipse.jgit:org.eclipse.jgit 6.4.0.202211300538-r fixed in 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41717 | MEDIUM5.3 | golang.org/x/net v0.2.0 fixed in 0.4.0 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2025-22227 | MEDIUM5.18 | io.projectreactor.netty:reactor-netty-http 1.1.5 fixed in 1.3.0-M5, 1.2.8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-3978 | MEDIUM5.18 | golang.org/x/net v0.2.0 fixed in 0.13.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42502 | MEDIUM5.18 | golang.org/x/net v0.2.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-41909 | MEDIUM5.02 | org.apache.sshd:sshd-common 2.9.2 fixed in 2.12.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-30171 | MEDIUM5.02 | org.bouncycastle:bcprov-jdk15on 1.69 fixed in 1.78 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-12798 | MEDIUM4.67 | ch.qos.logback:logback-core 1.4.6 fixed in 1.5.13, 1.3.15 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-47535 | MEDIUM4.67 | io.netty:netty-common 4.1.90.Final fixed in 4.1.115.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-25193 | MEDIUM4.67 | io.netty:netty-common 4.1.90.Final fixed in 4.1.118.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-33202 | MEDIUM4.67 | org.bouncycastle:bcprov-jdk15on 1.69 fixed in 1.70 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2023-20859 | MEDIUM4.67 | org.springframework.vault:spring-vault-core 3.0.0 fixed in 3.0.2, 2.3.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34483 | MEDIUM4.59 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.116, 10.1.54, 11.0.21 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42506 | MEDIUM4.59 | golang.org/x/net v0.2.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2022-1471 | MEDIUM4.58 | org.yaml:snakeyaml 1.33 fixed in 2.0 | 99.6% Actively Exploited | Post-Exploit |
| CVE-2026-54514 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.14.2 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54515 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.14.2 fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-43513 | MEDIUM4.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-8916 | MEDIUM4.5 | org.bouncycastle:bcpkix-jdk15on 1.69 fixed in 1.79 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-33201 | MEDIUM4.5 | org.bouncycastle:bcprov-jdk15on 1.69 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-34447 | MEDIUM4.5 | org.bouncycastle:bcprov-jdk15on 1.69 fixed in 1.78 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2023-34035 | MEDIUM4.5 | org.springframework.security:spring-security-config 6.0.2 fixed in 5.8.5, 6.0.5, 6.1.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-38820 | MEDIUM4.5 | org.springframework:spring-context 6.0.7 fixed in 6.1.14 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-38809 | MEDIUM4.5 | org.springframework:spring-web 6.0.7 fixed in 5.3.38, 6.0.23, 6.1.12 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-38820 | MEDIUM4.5 | org.springframework:spring-web 6.0.7 fixed in 6.1.14 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-47911 | MEDIUM4.5 | golang.org/x/net v0.2.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58190 | MEDIUM4.5 | golang.org/x/net v0.2.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2023-35887 | MEDIUM4.3 | org.apache.sshd:sshd-common 2.9.2 fixed in 2.9.3 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2023-35887 | MEDIUM4.3 | org.apache.sshd:sshd-sftp 2.9.2 fixed in 2.9.3 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2026-1225 | MEDIUM4.25 | ch.qos.logback:logback-core 1.4.6 fixed in 1.5.25 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-38827 | MEDIUM4.08 | org.springframework.security:spring-security-core 6.0.2 fixed in 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-27817 | LOW3.79 | org.apache.kafka:kafka-clients 3.3.2 fixed in 3.9.1 | 62.4% Actively Exploited | Post-Exploit |
| CVE-2025-22870 | LOW3.74 | golang.org/x/net v0.2.0 fixed in 0.36.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-52520 | LOW3.7 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.9, 10.1.43, 9.0.107 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-49125 | LOW3.7 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.8, 10.1.42, 9.0.106 | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-24880 | LOW3.65 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.116, 10.1.52, 11.0.20 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25854 | LOW3.65 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.116, 10.1.53, 11.0.20 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-1597 | LOW3.53 | org.postgresql:postgresql 42.5.4 fixed in 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 | 4.8% Low-Moderate Risk | Post-Exploit |
| CVE-2023-34034 | LOW3.53 | org.springframework.security:spring-security-config 6.0.2 fixed in 5.6.12, 5.7.10, 5.8.5, 6.0.5, 6.1.2 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2024-38819 | LOW3.51 | org.springframework:spring-webflux 6.0.7 fixed in 6.1.14 | 54.9% Actively Exploited | Post-Exploit |
| CVE-2024-38819 | LOW3.51 | org.springframework:spring-webmvc 6.0.7 fixed in 6.1.14 | 54.9% Actively Exploited | Post-Exploit |
| CVE-2023-45288 | LOW3.51 | golang.org/x/net v0.2.0 fixed in 0.23.0 | 92.0% Actively Exploited | Post-Exploit |
| CVE-2025-55754 | LOW3.5 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.11, 10.1.45, 9.0.109 | 9.9% Low-Moderate Risk | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-22243 | LOW3.4 | org.springframework:spring-web 6.0.7 fixed in 6.1.4, 6.0.17, 5.3.32 | 4.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-4759 | LOW3.17 | org.eclipse.jgit:org.eclipse.jgit 6.4.0.202211300538-r fixed in 6.6.1.202309021850-r, 5.13.3.202401111512-r | 1.9% Low-Moderate Risk | Post-Exploit |
| CVE-2026-43514 | LOW3.15 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-38816 | LOW3.1 | org.springframework:spring-webflux 6.0.7 fixed in 6.1.13 | 14.7% High Exploitation Risk | Post-Exploit |
| CVE-2024-38816 | LOW3.1 | org.springframework:spring-webmvc 6.0.7 fixed in 6.1.13 | 14.7% High Exploitation Risk | Post-Exploit |
| CVE-2026-45674 | LOW3.06 | io.netty:netty-resolver-dns 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-47691 | LOW3.06 | io.netty:netty-resolver-dns 4.1.90.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2023-2650 | LOW3.04 | libssl1.1 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.23 | 73.5% Actively Exploited | Post-Exploit |
| CVE-2023-2650 | LOW3.04 | openssl 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.23 | 73.5% Actively Exploited | Post-Exploit |
| CVE-2024-12801 | LOW2.8 | ch.qos.logback:logback-core 1.4.6 fixed in 1.5.13, 1.3.15 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-0464 | LOW2.7 | openssl 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.22 | 3.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-22735 | LOW2.21 | org.springframework:spring-webflux 6.0.7 fixed in 7.0.6, 6.2.17 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22735 | LOW2.21 | org.springframework:spring-webmvc 6.0.7 fixed in 7.0.6, 6.2.17 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2023-0465 | LOW1.91 | openssl 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.22 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2023-0466 | LOW1.91 | openssl 1.1.1-1ubuntu2.1~18.04.21 fixed in 1.1.1-1ubuntu2.1~18.04.22 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2025-68121 | NONE0 | stdlib v1.18.8 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2023-24538 | NONE0 | stdlib v1.18.8 fixed in 1.19.8, 1.20.3 | 2.3% Low-Moderate Risk | Not Applicable |
| CVE-2023-24540 | NONE0 | stdlib v1.18.8 fixed in 1.19.9, 1.20.4 | 1.5% Low-Moderate Risk | Not Applicable |
| CVE-2024-24790 | NONE0 | stdlib v1.18.8 fixed in 1.21.11, 1.22.4 | 2.0% Low-Moderate Risk | Not Applicable |
| CVE-2023-29403 | NONE0 | stdlib v1.18.8 fixed in 1.19.10, 1.20.5 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39822 | NONE0 | stdlib v1.18.8 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | — | Not Applicable |
| CVE-2022-41720 | NONE0 | stdlib v1.18.8 fixed in 1.18.9, 1.19.4 | 1.2% Low-Moderate Risk | Not Applicable |
| CVE-2022-41722 | NONE0 | stdlib v1.18.8 fixed in 1.19.6, 1.20.1 | 1.7% Low-Moderate Risk | Not Applicable |
| CVE-2022-41723 | NONE0 | stdlib v1.18.8 fixed in 1.19.6, 1.20.1 | 4.6% Low-Moderate Risk | Not Applicable |
| CVE-2022-41724 | NONE0 | stdlib v1.18.8 fixed in 1.19.6, 1.20.1 | 1.1% Low-Moderate Risk | Not Applicable |
| CVE-2022-41725 | NONE0 | stdlib v1.18.8 fixed in 1.19.6, 1.20.1 | 1.2% Low-Moderate Risk | Not Applicable |
| CVE-2023-24534 | NONE0 | stdlib v1.18.8 fixed in 1.19.8, 1.20.3 | 1.9% Low-Moderate Risk | Not Applicable |
| CVE-2023-24536 | NONE0 | stdlib v1.18.8 fixed in 1.19.8, 1.20.3 | 1.5% Low-Moderate Risk | Not Applicable |
| CVE-2023-24537 | NONE0 | stdlib v1.18.8 fixed in 1.19.8, 1.20.3 | 1.4% Low-Moderate Risk | Not Applicable |
| CVE-2023-39325 | NONE0 | stdlib v1.18.8 fixed in 1.20.10, 1.21.3 | 3.8% Low-Moderate Risk | Not Applicable |
| CVE-2023-45283 | NONE0 | stdlib v1.18.8 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5 | 2.8% Low-Moderate Risk | Not Applicable |
| CVE-2023-45287 | NONE0 | stdlib v1.18.8 fixed in 1.20.0 | 1.3% Low-Moderate Risk | Not Applicable |
| CVE-2023-45288 | NONE0 | stdlib v1.18.8 fixed in 1.21.9, 1.22.2 | 92.0% Actively Exploited | Not Applicable |
| CVE-2024-34156 | NONE0 | stdlib v1.18.8 fixed in 1.22.7, 1.23.1 | 1.1% Low-Moderate Risk | Not Applicable |
| CVE-2025-61726 | NONE0 | stdlib v1.18.8 fixed in 1.24.12, 1.25.6 | 1.9% Low-Moderate Risk | Not Applicable |
| CVE-2025-61729 | NONE0 | stdlib v1.18.8 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-25679 | NONE0 | stdlib v1.18.8 fixed in 1.25.8, 1.26.1 | 0.7% Theoretical Threat | Not Applicable |
| CVE-2026-27145 | NONE0 | stdlib v1.18.8 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2026-32280 | NONE0 | stdlib v1.18.8 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-32281 | NONE0 | stdlib v1.18.8 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-32283 | NONE0 | stdlib v1.18.8 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-33811 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-33814 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-39820 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-39836 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-42499 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-42504 | NONE0 | stdlib v1.18.8 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-58183 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-61728 | NONE0 | stdlib v1.18.8 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2023-24539 | NONE0 | stdlib v1.18.8 fixed in 1.19.9, 1.20.4 | 1.0% Low-Moderate Risk | Not Applicable |
| CVE-2023-29400 | NONE0 | stdlib v1.18.8 fixed in 1.19.9, 1.20.4 | 1.0% Low-Moderate Risk | Not Applicable |
| CVE-2025-47907 | NONE0 | stdlib v1.18.8 fixed in 1.23.12, 1.24.6 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-4673 | NONE0 | stdlib v1.18.8 fixed in 1.23.10, 1.24.4 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2023-29406 | NONE0 | stdlib v1.18.8 fixed in 1.19.11, 1.20.6 | 1.3% Low-Moderate Risk | Not Applicable |
| CVE-2024-24785 | NONE0 | stdlib v1.18.8 fixed in 1.21.8, 1.22.1 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2025-47906 | NONE0 | stdlib v1.18.8 fixed in 1.23.12, 1.24.6 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-61727 | NONE0 | stdlib v1.18.8 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39825 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-32282 | NONE0 | stdlib v1.18.8 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2023-39318 | NONE0 | stdlib v1.18.8 fixed in 1.20.8, 1.21.1 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2023-39319 | NONE0 | stdlib v1.18.8 fixed in 1.20.8, 1.21.1 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2026-32289 | NONE0 | stdlib v1.18.8 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-24783 | NONE0 | stdlib v1.18.8 fixed in 1.21.8, 1.22.1 | 0.7% Theoretical Threat | Not Applicable |
| CVE-2024-24791 | NONE0 | stdlib v1.18.8 fixed in 1.21.12, 1.22.5 | 1.4% Low-Moderate Risk | Not Applicable |
| CVE-2024-34155 | NONE0 | stdlib v1.18.8 fixed in 1.22.7, 1.23.1 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-34158 | NONE0 | stdlib v1.18.8 fixed in 1.22.7, 1.23.1 | 1.0% Low-Moderate Risk | Not Applicable |
| CVE-2024-45336 | NONE0 | stdlib v1.18.8 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2024-24789 | NONE0 | stdlib v1.18.8 fixed in 1.21.11, 1.22.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-32288 | NONE0 | stdlib v1.18.8 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-24784 | NONE0 | stdlib v1.18.8 fixed in 1.21.8, 1.22.1 | 1.0% Low-Moderate Risk | Not Applicable |
| CVE-2025-22871 | NONE0 | stdlib v1.18.8 fixed in 1.23.8, 1.24.2 | 0.7% Theoretical Threat | Not Applicable |
| CVE-2026-27142 | NONE0 | stdlib v1.18.8 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39823 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-39826 | NONE0 | stdlib v1.18.8 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2022-41717 | NONE0 | stdlib v1.18.8 fixed in 1.18.9, 1.19.4 | 5.6% Low-Moderate Risk | Not Applicable |
| CVE-2023-24532 | NONE0 | stdlib v1.18.8 fixed in 1.19.7, 1.20.2 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2023-29409 | NONE0 | stdlib v1.18.8 fixed in 1.19.12, 1.20.7, 1.21.0-rc.4 | 1.3% Low-Moderate Risk | Not Applicable |
| CVE-2023-39326 | NONE0 | stdlib v1.18.8 fixed in 1.20.12, 1.21.5 | 1.2% Low-Moderate Risk | Not Applicable |
| CVE-2023-45284 | NONE0 | stdlib v1.18.8 fixed in 1.20.11, 1.21.4 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2023-45289 | NONE0 | stdlib v1.18.8 fixed in 1.21.8, 1.22.1 | 1.1% Low-Moderate Risk | Not Applicable |
| CVE-2023-45290 | NONE0 | stdlib v1.18.8 fixed in 1.21.8, 1.22.1 | 1.2% Low-Moderate Risk | Not Applicable |
| CVE-2025-22866 | NONE0 | stdlib v1.18.8 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-22873 | NONE0 | stdlib v1.18.8 fixed in 1.23.9, 1.24.3 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-47912 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-58185 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-58187 | NONE0 | stdlib v1.18.8 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-58188 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-58189 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-61723 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-61724 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-61725 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Not Applicable |
| CVE-2025-61730 | NONE0 | stdlib v1.18.8 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-42505 | NONE0 | stdlib v1.18.8 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | — | Not Applicable |
| CVE-2026-42507 | NONE0 | stdlib v1.18.8 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-58186 | NONE0 | stdlib v1.18.8 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2025-22870 | NONE0 | stdlib v1.18.8 fixed in 1.23.7, 1.24.1 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2024-45341 | NONE0 | stdlib v1.18.8 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-27139 | NONE0 | stdlib v1.18.8 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-10532 | NONE0 | ch.qos.logback:logback-core 1.4.6 fixed in 1.5.35 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-9828 | NONE0 | ch.qos.logback:logback-core 1.4.6 fixed in 1.5.33 | 0.4% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.13.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.14.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-xpw8-rcwv-8f8p | NONE0 | io.netty:netty-codec-http2 4.1.90.Final fixed in 4.1.100.Final | — | Not Applicable |
| CVE-2020-36843 | NONE0 | net.i2p.crypto:eddsa 0.3.0 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-33558 | NONE0 | org.apache.kafka:kafka-clients 3.3.2 fixed in 3.9.2, 4.0.1 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-41284 | NONE0 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 9.0.118, 10.1.55, 11.0.22 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2025-49124 | NONE0 | org.apache.tomcat.embed:tomcat-embed-core 10.1.7 fixed in 11.0.8, 10.1.42, 9.0.106 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-22739 | NONE0 | org.springframework.cloud:spring-cloud-config-server 4.0.2 fixed in 4.3.2, 5.0.2 | 1.2% Low-Moderate Risk | Not Applicable |
| CVE-2025-22233 | NONE0 | org.springframework:spring-context 6.0.7 fixed in 6.2.7, 6.1.20 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.2.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2025-0913 | NONE0 | stdlib v1.18.8 fixed in 1.23.10, 1.24.4 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.3.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.