Vulnerability Reportkibana:8.13.0

kibana:8.13.0

DIGESTsha256:d713b80cdb02c0dd484de9bbbac2312e7dab98f09a25b6adbbfa30841649b828

Executive Summary

Threat ScoreDANGEROUS• Exposed surface has 205 vulnerabilities, with 31 at severity ≥7.0 and max severity 10.0.• Critical RCE vulnerabilities in PDF.js (CVE-2024-4367) and expr-eval (CVE-2025-12735) are exploitable without special configuration.• SSRF vulnerability in node-ip (CVE-2024-29415) allows bypassing network restrictions to reach internal services.• Multiple high-severity Kerberos library issues (CVE-2024-37371) risk information disclosure and denial of service.• Overall threat score of 100/100 places this image in the DANGEROUS category.

100/100DANGEROUS

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker can achieve remote code execution via malicious PDFs or crafted expressions (CVE-2024-4367, CVE-2025-12735) and perform server-side request forgery to internal systems (CVE-2024-29415). No known full mitigations exist; the only safe course is to avoid deployment until all vulnerabilities are remediated.

Vulnerabilities

Vulnerability Log

228 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-4367	CRITICAL10	pdfjs-dist 2.13.216 fixed in 4.2.67	72.6% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2025-12735	CRITICAL9.8	expr-eval 2.0.2 No fix yet	2.2% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-29415	CRITICAL9.8	ip 1.1.9 No fix yet	8.3% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-37371	CRITICAL9.1	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	1.9% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-37371	CRITICAL9.1	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	1.9% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-37371	CRITICAL9.1	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	1.9% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-37371	CRITICAL9.1	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	1.9% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2026-27699	HIGH8.33	basic-ftp 5.0.3 fixed in 5.2.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-41242	HIGH8.33	protobufjs 7.2.4 fixed in 8.0.1, 7.5.5	0.6% Theoretical Threat	Directly Exposed
CVE-2025-62718	HIGH7.92	axios 1.6.3 fixed in 1.15.0, 0.31.0	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-33937	HIGH7.84	handlebars 4.7.8 fixed in 4.7.9	1.3% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2023-36665	HIGH7.84	protobufjs 7.2.4 fixed in 7.2.5, 6.11.4	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-42264	HIGH7.73	axios 1.6.3 fixed in 1.15.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42044	HIGH7.73	axios 1.6.3 fixed in 1.15.2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68665	HIGH7.73	langchain 0.0.186 fixed in 1.2.3, 0.3.37	0.7% Theoretical Threat	Directly Exposed
CVE-2024-7774	HIGH7.73	langchain 0.0.186 fixed in 0.2.19	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33896	HIGH7.73	node-forge 1.3.1 fixed in 1.4.0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-33599	HIGH7.6	libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-33599	HIGH7.6	libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-45490	HIGH7.5	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7	1.7% Low-Moderate Risk	Directly Exposed
CVE-2024-39338	HIGH7.5	axios 1.6.3 fixed in 1.7.4	1.4% Low-Moderate Risk	Directly Exposed
CVE-2026-25639	HIGH7.5	axios 1.6.3 fixed in 1.13.5, 0.30.3	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-4068	HIGH7.5	braces 3.0.2 fixed in 3.0.3	1.5% Low-Moderate Risk	Directly Exposed
CVE-2025-64756	HIGH7.5	glob 10.3.10 fixed in 11.1.0, 10.5.0	3.0% Low-Moderate Risk	Directly Exposed
CVE-2024-12905	HIGH7.5	tar-fs 3.0.4 fixed in 1.16.4, 2.1.2, 3.0.7	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-12151	HIGH7.5	undici 5.28.3 fixed in 6.27.0, 7.28.0, 8.5.0	—	Directly Exposed
CVE-2026-44293	HIGH7.48	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-27363	HIGH7.45	libfreetype6 2.10.1-2ubuntu0.3 fixed in 2.10.1-2ubuntu0.4	23.4% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-44494	HIGH7.39	axios 1.6.3 fixed in 1.16.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-12816	HIGH7.39	node-forge 1.3.1 fixed in 1.3.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-44492	HIGH7.31	axios 1.6.3 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44490	MEDIUM6.97	axios 1.6.3 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33941	MEDIUM6.97	handlebars 4.7.8 fixed in 4.7.9	0.3% Theoretical Threat	Directly Exposed
CVE-2026-44705	MEDIUM6.97	tmp 0.0.33 fixed in 0.2.6	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33938	MEDIUM6.88	handlebars 4.7.8 fixed in 4.7.9	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33940	MEDIUM6.88	handlebars 4.7.8 fixed in 4.7.9	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42043	MEDIUM6.8	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-28849	MEDIUM6.5	follow-redirects 1.15.2 fixed in 1.15.6	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-37370	MEDIUM6.38	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	0.7% Theoretical Threat	Directly Exposed
CVE-2024-37370	MEDIUM6.38	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	0.7% Theoretical Threat	Directly Exposed
CVE-2024-37370	MEDIUM6.38	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	0.7% Theoretical Threat	Directly Exposed
CVE-2024-37370	MEDIUM6.38	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6	0.7% Theoretical Threat	Directly Exposed
CVE-2026-35213	MEDIUM6.38	@hapi/content 5.0.2 fixed in 6.0.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69873	MEDIUM6.38	ajv 8.12.0 fixed in 8.18.0, 6.14.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44486	MEDIUM6.38	axios 1.6.3 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44487	MEDIUM6.38	axios 1.6.3 fixed in 1.16.0, 0.32.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44496	MEDIUM6.38	axios 1.6.3 fixed in 1.16.0, 0.32.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42038	MEDIUM6.38	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42039	MEDIUM6.38	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33750	MEDIUM6.38	brace-expansion 1.1.11 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33750	MEDIUM6.38	brace-expansion 2.0.1 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33939	MEDIUM6.38	handlebars 4.7.8 fixed in 4.7.9	0.5% Theoretical Threat	Directly Exposed
CVE-2025-65945	MEDIUM6.38	jws 3.2.2 fixed in 3.2.3, 4.0.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-26996	MEDIUM6.38	minimatch 3.1.2 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-26996	MEDIUM6.38	minimatch 9.0.1 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-66031	MEDIUM6.38	node-forge 1.3.1 fixed in 1.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33891	MEDIUM6.38	node-forge 1.3.1 fixed in 1.4.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33894	MEDIUM6.38	node-forge 1.3.1 fixed in 1.4.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33895	MEDIUM6.38	node-forge 1.3.1 fixed in 1.4.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-14874	MEDIUM6.38	nodemailer 6.6.2 fixed in 7.0.11	0.4% Theoretical Threat	Directly Exposed
CVE-2025-13033	MEDIUM6.38	nodemailer 6.6.2 fixed in 7.0.7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45740	MEDIUM6.38	protobufjs 7.2.4 fixed in 7.5.8, 8.2.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-59343	MEDIUM6.38	tar-fs 3.0.4 fixed in 3.1.1, 2.1.4, 1.16.6	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1526	MEDIUM6.38	undici 5.28.3 fixed in 6.24.0, 7.24.0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-2229	MEDIUM6.38	undici 5.28.3 fixed in 6.24.0, 7.24.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-22036	MEDIUM6.38	undici 5.28.3 fixed in 7.18.2, 6.23.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-41907	MEDIUM6.38	uuid 8.3.2 fixed in 11.1.1, 12.0.1, 13.0.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41907	MEDIUM6.38	uuid 9.0.0 fixed in 11.1.1, 12.0.1, 13.0.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45736	MEDIUM6.38	ws 8.16.0 fixed in 8.20.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42033	MEDIUM6.29	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42035	MEDIUM6.29	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-13204	MEDIUM6.21	expr-eval 2.0.2 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-48387	MEDIUM6.21	tar-fs 3.0.4 fixed in 1.16.5, 2.1.3, 3.0.9	0.5% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.18	0.4% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.18	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44495	MEDIUM5.95	axios 1.6.3 fixed in 1.15.2, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2024-50602	MEDIUM5.9	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.8	1.0% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-26461	MEDIUM5.9	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23	5.6% Low-Moderate Risk	Directly Exposed
CVE-2026-9679	MEDIUM5.9	undici 5.28.3 fixed in 6.27.0, 7.28.0, 8.5.0	—	Directly Exposed
CVE-2024-37890	MEDIUM5.9	ws 8.16.0 fixed in 5.2.4, 6.2.3, 7.5.10, 8.17.1	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-45491	MEDIUM5.88	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-45492	MEDIUM5.88	libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7	1.4% Low-Moderate Risk	Directly Exposed
CVE-2025-22150	MEDIUM5.78	undici 5.28.3 fixed in 5.28.5, 6.21.1, 7.2.3	0.7% Theoretical Threat	Directly Exposed
CVE-2024-4741	MEDIUM5.6	libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23	2.9% Low-Moderate Risk	Directly Exposed
CVE-2026-24842	MEDIUM5.58	tar 6.1.15 fixed in 7.5.7	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-24528	MEDIUM5.52	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2025-24528	MEDIUM5.52	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42041	MEDIUM5.52	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 3.1.2 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 9.0.1 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33671	MEDIUM5.52	picomatch 2.3.1 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-1527	MEDIUM5.52	undici 5.28.3 fixed in 6.24.0, 7.24.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33532	MEDIUM5.52	yaml 1.10.2 fixed in 2.8.3, 1.10.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33532	MEDIUM5.52	yaml 2.3.4 fixed in 2.8.3, 1.10.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-7783	MEDIUM5.4	form-data 4.0.0 fixed in 2.5.4, 3.0.4, 4.0.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2024-33600	MEDIUM5.3	libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-33600	MEDIUM5.3	libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-12243	MEDIUM5.3	libgnutls30 3.6.13-2ubuntu1.11 fixed in 3.6.13-2ubuntu1.12	1.2% Low-Moderate Risk	Directly Exposed
CVE-2024-12133	MEDIUM5.3	libtasn1-6 4.16.0-2 fixed in 4.16.0-2ubuntu0.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-58754	MEDIUM5.3	axios 1.6.3 fixed in 1.12.0, 0.30.2	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-4067	MEDIUM5.3	micromatch 4.0.5 fixed in 4.0.8	1.4% Low-Moderate Risk	Directly Exposed
CVE-2026-42042	MEDIUM5.18	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.2% Theoretical Threat	Directly Exposed
CVE-2023-26159	MEDIUM5.18	follow-redirects 1.15.2 fixed in 1.15.4	0.8% Theoretical Threat	Directly Exposed
CVE-2026-42338	MEDIUM5.18	ip-address 9.0.5 fixed in 10.1.1	0.3% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9	0.8% Theoretical Threat	Directly Exposed
CVE-2026-41324	MEDIUM5.02	basic-ftp 5.0.3 fixed in 5.3.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 3.1.2 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 9.0.1 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2024-2511	MEDIUM4.81	libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23	54.0% Actively Exploited	Directly Exposed
CVE-2025-0395	MEDIUM4.67	libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.17	0.3% Theoretical Threat	Directly Exposed
CVE-2025-0395	MEDIUM4.67	libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.17	0.3% Theoretical Threat	Directly Exposed
CVE-2025-29088	MEDIUM4.67	libsqlite3-0 3.31.1-4ubuntu0.6 fixed in 3.31.1-4ubuntu0.7	0.2% Theoretical Threat	Directly Exposed
CVE-2024-53382	MEDIUM4.59	prismjs 1.27.0 fixed in 1.30.0	0.3% Theoretical Threat	Directly Exposed
CVE-2024-37168	MEDIUM4.5	@grpc/grpc-js 1.8.17 fixed in 1.10.9, 1.9.15, 1.8.22	0.7% Theoretical Threat	Directly Exposed
CVE-2026-44288	MEDIUM4.5	@protobufjs/utf8 1.1.0 fixed in 1.1.1	0.3% Theoretical Threat	Directly Exposed
CVE-2025-27152	MEDIUM4.5	axios 1.6.3 fixed in 1.8.2, 0.30.0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-42034	MEDIUM4.5	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42036	MEDIUM4.5	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42037	MEDIUM4.5	axios 1.6.3 fixed in 1.15.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2739	MEDIUM4.5	bn.js 4.11.9 fixed in 4.12.3, 5.2.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-64718	MEDIUM4.5	js-yaml 3.14.1 fixed in 4.1.1, 3.14.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-64718	MEDIUM4.5	js-yaml 4.1.0 fixed in 4.1.1, 3.14.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-13465	MEDIUM4.5	lodash 4.17.21 fixed in 4.17.23	0.3% Theoretical Threat	Directly Exposed
CVE-2026-2950	MEDIUM4.5	lodash 4.17.21 fixed in 4.18.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-66030	MEDIUM4.5	node-forge 1.3.1 fixed in 1.3.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-45296	MEDIUM4.5	path-to-regexp 1.7.0 fixed in 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-33672	MEDIUM4.5	picomatch 2.3.1 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44288	MEDIUM4.5	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-54798	MEDIUM4.5	tmp 0.0.33 fixed in 0.2.4	0.3% Theoretical Threat	Directly Exposed
CVE-2024-28863	MEDIUM4.42	tar 6.1.15 fixed in 6.2.1	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40175	MEDIUM4.08	axios 1.6.3 fixed in 1.15.0, 0.31.0	0.6% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33916	MEDIUM4	handlebars 4.7.8 fixed in 4.7.9	0.2% Theoretical Threat	Directly Exposed
CVE-2024-33601	MEDIUM4	libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-33601	MEDIUM4	libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-21538	LOW3.74	cross-spawn 7.0.3 fixed in 7.0.5, 6.0.6	0.9% Theoretical Threat	Directly Exposed
CVE-2024-3596	LOW3.73	libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Post-Exploit
CVE-2024-3596	LOW3.73	libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Post-Exploit
CVE-2024-3596	LOW3.73	libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Post-Exploit
CVE-2024-3596	LOW3.73	libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8	14.9% High Exploitation Risk	Post-Exploit
CVE-2024-9143	LOW3.7	libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24	6.0% Low-Moderate Risk	Directly Exposed
CVE-2026-11525	LOW3.7	undici 5.28.3 fixed in 6.27.0, 7.28.0, 8.5.0	—	Directly Exposed
CVE-2026-6733	LOW3.7	undici 5.28.3 fixed in 6.27.0, 7.28.0, 8.5.0	—	Directly Exposed
CVE-2024-30260	LOW3.65	undici 5.28.3 fixed in 5.28.4, 6.11.1	0.7% Theoretical Threat	Directly Exposed
CVE-2026-26960	LOW3.62	tar 6.1.15 fixed in 7.5.8	0.3% Theoretical Threat	Post-Exploit
CVE-2024-5535	LOW3.54	openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23	5.6% Low-Moderate Risk	Directly Exposed
CVE-2026-4800	LOW3.53	lodash 4.17.21 fixed in 4.18.0	1.0% Low-Moderate Risk	Post-Exploit
CVE-2024-33602	LOW3.4	libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	0.4% Theoretical Threat	Directly Exposed
CVE-2024-33602	LOW3.4	libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3449	LOW3.4	@tootallnate/once 2.0.0 fixed in 3.0.1, 2.0.1	0.1% Theoretical Threat	Directly Exposed
CVE-2026-29786	LOW3.21	tar 6.1.15 fixed in 7.5.10	0.3% Theoretical Threat	Post-Exploit
CVE-2024-47764	LOW3.15	cookie 0.6.0 fixed in 0.7.0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-23745	LOW3.11	tar 6.1.15 fixed in 7.5.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW3.01	tar 6.1.15 fixed in 7.5.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1525	LOW3	undici 5.28.3 fixed in 6.24.0, 7.24.0	0.5% Theoretical Threat	Post-Exploit
CVE-2024-30261	LOW2.98	undici 5.28.3 fixed in 5.28.4, 6.11.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-2511	LOW2.89	openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23	54.0% Actively Exploited	Post-Exploit
CVE-2026-31802	LOW2.8	tar 6.1.15 fixed in 7.5.11	0.3% Theoretical Threat	Post-Exploit
CVE-2024-7264	LOW2.69	curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.23	16.2% High Exploitation Risk	Post-Exploit
CVE-2024-7264	LOW2.69	libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.23	16.2% High Exploitation Risk	Post-Exploit
CVE-2025-5889	LOW2.63	brace-expansion 1.1.11 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-5889	LOW2.63	brace-expansion 2.0.1 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47279	LOW2.63	undici 5.28.3 fixed in 5.29.0, 6.21.2, 7.5.0	0.3% Theoretical Threat	Directly Exposed
CVE-2024-13176	LOW2.4	openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24	0.6% Theoretical Threat	Post-Exploit
CVE-2024-9143	LOW2.22	openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24	6.0% Low-Moderate Risk	Post-Exploit
CVE-2024-11053	LOW2.12	curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.25	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-11053	LOW2.12	libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.25	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-4741	LOW2.02	openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23	2.9% Low-Moderate Risk	Post-Exploit
CVE-2024-8096	LOW1.99	curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.24	0.7% Theoretical Threat	Post-Exploit
CVE-2024-8096	LOW1.99	libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.24	0.7% Theoretical Threat	Post-Exploit
CVE-2025-30258	NONE0	gpgv 2.2.19-3ubuntu2.2 fixed in 2.2.19-3ubuntu2.4	0.2% Theoretical Threat	Not Applicable
CVE-2025-27789	NONE0	@babel/runtime 7.24.0 fixed in 7.26.10, 8.0.0-alpha.17	0.5% Theoretical Threat	Not Applicable
CVE-2026-48068	NONE0	@grpc/grpc-js 1.8.17 fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4	—	Not Applicable
CVE-2026-48069	NONE0	@grpc/grpc-js 1.8.17 fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4	—	Not Applicable
CVE-2026-44974	NONE0	@hapi/content 5.0.2 fixed in 6.0.2	—	Not Applicable
CVE-2026-48049	NONE0	@hapi/inert 6.0.4 fixed in 7.1.1	—	Not Applicable
CVE-2026-44979	NONE0	@hapi/wreck 17.1.0 fixed in 18.1.1	—	Not Applicable
CVE-2026-48022	NONE0	@hapi/wreck 17.1.0 fixed in 18.1.2	—	Not Applicable
CVE-2026-54285	NONE0	@opentelemetry/core 1.15.0 fixed in 2.8.0	—	Not Applicable
CVE-2026-54285	NONE0	@opentelemetry/core 1.5.0 fixed in 2.8.0	—	Not Applicable
CVE-2026-54285	NONE0	@opentelemetry/core 1.8.0 fixed in 2.8.0	—	Not Applicable
CVE-2026-44902	NONE0	@opentelemetry/exporter-prometheus 0.31.0 fixed in 0.217.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-42040	NONE0	axios 1.6.3 fixed in 1.15.1, 0.31.1	0.2% Theoretical Threat	Not Applicable
CVE-2026-44240	NONE0	basic-ftp 5.0.3 fixed in 5.3.1	0.5% Theoretical Threat	Not Applicable
GHSA-6v7q-wjvx-w8wg	NONE0	basic-ftp 5.0.3 fixed in 5.2.2	—	Not Applicable
GHSA-36jr-mh4h-2g58	NONE0	d3-color 2.0.0 fixed in 3.1.0	—	Not Applicable
GHSA-r4q5-vmmm-2653	NONE0	follow-redirects 1.15.2 fixed in 1.16.0	—	Not Applicable
CVE-2026-12143	NONE0	form-data 4.0.0 fixed in 2.5.6, 3.0.5, 4.0.6	0.3% Theoretical Threat	Not Applicable
GHSA-7rx3-28cr-v5wh	NONE0	handlebars 4.7.8 fixed in 4.7.9	—	Not Applicable
GHSA-442j-39wm-28r2	NONE0	handlebars 4.7.8 fixed in 4.7.9	—	Not Applicable
CVE-2026-48038	NONE0	joi 17.7.1 fixed in 18.2.1, 17.13.4	—	Not Applicable
CVE-2026-46625	NONE0	js-cookie 2.2.1 fixed in 3.0.7	0.4% Theoretical Threat	Not Applicable
CVE-2026-53550	NONE0	js-yaml 3.14.1 fixed in 4.2.0	—	Not Applicable
CVE-2026-53550	NONE0	js-yaml 4.1.0 fixed in 4.2.0	—	Not Applicable
CVE-2026-45134	NONE0	langsmith 0.0.48 fixed in 0.6.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-40190	NONE0	langsmith 0.0.48 fixed in 0.5.18	0.2% Theoretical Threat	Not Applicable
CVE-2026-41182	NONE0	langsmith 0.0.48 fixed in 0.5.19	0.2% Theoretical Threat	Not Applicable
CVE-2026-48988	NONE0	markdown-it 12.3.2 fixed in 14.2.0	—	Not Applicable
GHSA-p6gq-j5cr-w38f	NONE0	nodemailer 6.6.2 fixed in 9.0.1	—	Not Applicable
GHSA-268h-hp4c-crq3	NONE0	nodemailer 6.6.2 fixed in 8.0.9	—	Not Applicable
GHSA-9h6g-pr28-7cqp	NONE0	nodemailer 6.6.2 fixed in 6.9.9	—	Not Applicable
GHSA-r7g4-qg5f-qqm2	NONE0	nodemailer 6.6.2 fixed in 8.0.8	—	Not Applicable
GHSA-vvjj-xcjg-gr5g	NONE0	nodemailer 6.6.2 fixed in 8.0.5	—	Not Applicable
GHSA-wqvq-jvpq-h66f	NONE0	nodemailer 6.6.2 fixed in 8.0.9	—	Not Applicable
GHSA-c7w3-x93f-qmm8	NONE0	nodemailer 6.6.2 fixed in 8.0.4	—	Not Applicable
CVE-2025-47934	NONE0	openpgp 5.10.1 fixed in 5.11.3, 6.1.1	0.6% Theoretical Threat	Not Applicable
CVE-2026-44289	NONE0	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-44290	NONE0	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-44291	NONE0	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-48712	NONE0	protobufjs 7.2.4 fixed in 7.6.1, 8.4.1	—	Not Applicable
CVE-2026-44292	NONE0	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.2% Theoretical Threat	Not Applicable
CVE-2026-44294	NONE0	protobufjs 7.2.4 fixed in 7.5.6, 8.0.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-54269	NONE0	protobufjs 7.2.4 fixed in 7.6.3, 8.6.0	—	Not Applicable
CVE-2026-53655	NONE0	tar 6.1.15 fixed in 7.5.16	—	Not Applicable
CVE-2026-48779	NONE0	ws 8.16.0 fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0	—	Not Applicable