Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit multiple critical vulnerabilities to achieve remote code execution, perform prototype pollution attacks, compromise certificate validation, or execute arbitrary JavaScript via malicious PDFs, potentially gaining full control over the Kibana instance and accessing sensitive data. The image contains 191 exposed vulnerabilities, with 28 rated high or critical severity, including CVE-2026-27699 and CVE-2024-4367. No compensating controls are available to fully mitigate these risks.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-27699 | HIGH8.33 | basic-ftp 5.0.3 fixed in 5.2.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-40190 | HIGH8.33 | langsmith 0.0.48 fixed in 0.5.18 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41242 | HIGH8.33 | protobufjs 7.2.4 fixed in 8.0.1, 7.5.5 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-1525 | HIGH8.33 | undici 5.28.4 fixed in 6.24.0, 7.24.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-4367 | HIGH8 | pdfjs-dist 2.13.216 fixed in 4.2.67 | 72.6% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42264 | HIGH7.73 | axios 1.6.3 fixed in 1.15.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42044 | HIGH7.73 | axios 1.6.3 fixed in 1.15.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-68665 | HIGH7.73 | langchain 0.0.186 fixed in 1.2.3, 0.3.37 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-7774 | HIGH7.73 | langchain 0.0.186 fixed in 0.2.19 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33896 | HIGH7.73 | node-forge 1.3.1 fixed in 1.4.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-33599 | HIGH7.6 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33599 | HIGH7.6 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-45490 | HIGH7.5 | libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2026-48068 | HIGH7.5 | @grpc/grpc-js 1.8.17 fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 | — | Directly Exposed |
| CVE-2026-48069 | HIGH7.5 | @grpc/grpc-js 1.8.17 fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 | — | Directly Exposed |
| CVE-2024-39338 | HIGH7.5 | axios 1.6.3 fixed in 1.7.4 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2026-25639 | HIGH7.5 | axios 1.6.3 fixed in 1.13.5, 0.30.3 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4068 | HIGH7.5 | braces 3.0.2 fixed in 3.0.3 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2025-64756 | HIGH7.5 | glob 10.3.10 fixed in 11.1.0, 10.5.0 | 3.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12905 | HIGH7.5 | tar-fs 3.0.4 fixed in 1.16.4, 2.1.2, 3.0.7 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-1526 | HIGH7.5 | undici 5.28.4 fixed in 6.24.0, 7.24.0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-44293 | HIGH7.48 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-27363 | HIGH7.45 | libfreetype6 2.10.1-2ubuntu0.3 fixed in 2.10.1-2ubuntu0.4 | 26.0% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-12816 | HIGH7.39 | node-forge 1.3.1 fixed in 1.3.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37371 | HIGH7.28 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-37371 | HIGH7.28 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-37371 | HIGH7.28 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-37371 | HIGH7.28 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44490 | MEDIUM6.97 | axios 1.6.3 fixed in 1.16.0, 0.32.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-33941 | MEDIUM6.97 | handlebars 4.7.8 fixed in 4.7.9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44705 | MEDIUM6.97 | tmp 0.0.33 fixed in 0.2.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33938 | MEDIUM6.88 | handlebars 4.7.8 fixed in 4.7.9 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-33940 | MEDIUM6.88 | handlebars 4.7.8 fixed in 4.7.9 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-44291 | MEDIUM6.88 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-28849 | MEDIUM6.5 | follow-redirects 1.15.2 fixed in 1.15.6 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-37370 | MEDIUM6.38 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.6 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-35213 | MEDIUM6.38 | @hapi/content 5.0.2 fixed in 6.0.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-44902 | MEDIUM6.38 | @opentelemetry/exporter-prometheus 0.31.0 fixed in 0.217.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-69873 | MEDIUM6.38 | ajv 8.12.0 fixed in 8.18.0, 6.14.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44486 | MEDIUM6.38 | axios 1.6.3 fixed in 1.16.0, 0.32.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44487 | MEDIUM6.38 | axios 1.6.3 fixed in 1.16.0, 0.32.0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-44496 | MEDIUM6.38 | axios 1.6.3 fixed in 1.16.0, 0.32.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42038 | MEDIUM6.38 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42039 | MEDIUM6.38 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-33750 | MEDIUM6.38 | brace-expansion 1.1.11 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33750 | MEDIUM6.38 | brace-expansion 2.0.1 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-12143 | MEDIUM6.38 | form-data 4.0.0 fixed in 2.5.6, 3.0.5, 4.0.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33939 | MEDIUM6.38 | handlebars 4.7.8 fixed in 4.7.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-46625 | MEDIUM6.38 | js-cookie 2.2.1 fixed in 3.0.7 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-65945 | MEDIUM6.38 | jws 3.2.2 fixed in 3.2.3, 4.0.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-26996 | MEDIUM6.38 | minimatch 3.1.2 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-26996 | MEDIUM6.38 | minimatch 9.0.1 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66031 | MEDIUM6.38 | node-forge 1.3.1 fixed in 1.3.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33891 | MEDIUM6.38 | node-forge 1.3.1 fixed in 1.4.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33894 | MEDIUM6.38 | node-forge 1.3.1 fixed in 1.4.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-33895 | MEDIUM6.38 | node-forge 1.3.1 fixed in 1.4.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-14874 | MEDIUM6.38 | nodemailer 6.9.9 fixed in 7.0.11 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-13033 | MEDIUM6.38 | nodemailer 6.9.9 fixed in 7.0.7 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44289 | MEDIUM6.38 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-44290 | MEDIUM6.38 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-48712 | MEDIUM6.38 | protobufjs 7.2.4 fixed in 7.6.1, 8.4.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44292 | MEDIUM6.38 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45740 | MEDIUM6.38 | protobufjs 7.2.4 fixed in 7.5.8, 8.2.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-59343 | MEDIUM6.38 | tar-fs 3.0.4 fixed in 3.1.1, 2.1.4, 1.16.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-12151 | MEDIUM6.38 | undici 5.28.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-2229 | MEDIUM6.38 | undici 5.28.4 fixed in 6.24.0, 7.24.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-22036 | MEDIUM6.38 | undici 5.28.4 fixed in 7.18.2, 6.23.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 8.3.2 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 9.0.0 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-48779 | MEDIUM6.38 | ws 8.16.0 fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-45736 | MEDIUM6.38 | ws 8.16.0 fixed in 8.20.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42033 | MEDIUM6.29 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42035 | MEDIUM6.29 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-13204 | MEDIUM6.21 | expr-eval 2.0.2 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-48387 | MEDIUM6.21 | tar-fs 3.0.4 fixed in 1.16.5, 2.1.3, 3.0.9 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-4802 | MEDIUM5.95 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.18 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-4802 | MEDIUM5.95 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.18 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-44495 | MEDIUM5.95 | axios 1.6.3 fixed in 1.15.2, 0.31.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-50602 | MEDIUM5.9 | libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.8 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-26461 | MEDIUM5.9 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-5535 | MEDIUM5.9 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2024-37890 | MEDIUM5.9 | ws 8.16.0 fixed in 5.2.4, 6.2.3, 7.5.10, 8.17.1 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2025-22150 | MEDIUM5.78 | undici 5.28.4 fixed in 5.28.5, 6.21.1, 7.2.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-4741 | MEDIUM5.6 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-24528 | MEDIUM5.52 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42041 | MEDIUM5.52 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-27904 | MEDIUM5.52 | minimatch 3.1.2 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27904 | MEDIUM5.52 | minimatch 9.0.1 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33671 | MEDIUM5.52 | picomatch 2.3.1 fixed in 4.0.4, 3.0.2, 2.3.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-1527 | MEDIUM5.52 | undici 5.28.4 fixed in 6.24.0, 7.24.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-33532 | MEDIUM5.52 | yaml 1.10.2 fixed in 2.8.3, 1.10.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33532 | MEDIUM5.52 | yaml 2.3.4 fixed in 2.8.3, 1.10.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-7783 | MEDIUM5.4 | form-data 4.0.0 fixed in 2.5.4, 3.0.4, 4.0.4 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33600 | MEDIUM5.3 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33600 | MEDIUM5.3 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12243 | MEDIUM5.3 | libgnutls30 3.6.13-2ubuntu1.11 fixed in 3.6.13-2ubuntu1.12 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-12133 | MEDIUM5.3 | libtasn1-6 4.16.0-2 fixed in 4.16.0-2ubuntu0.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-58754 | MEDIUM5.3 | axios 1.6.3 fixed in 1.12.0, 0.30.2 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-48038 | MEDIUM5.3 | joi 17.7.1 fixed in 18.2.1, 17.13.4 | — | Directly Exposed |
| CVE-2025-13465 | MEDIUM5.3 | lodash 4.17.21 fixed in 4.17.23 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4067 | MEDIUM5.3 | micromatch 4.0.5 fixed in 4.0.8 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2026-42042 | MEDIUM5.18 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-26159 | MEDIUM5.18 | follow-redirects 1.15.2 fixed in 1.15.4 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42338 | MEDIUM5.18 | ip-address 9.0.5 fixed in 10.1.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-3576 | MEDIUM5.02 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.11 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-26458 | MEDIUM5.02 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.9 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-41324 | MEDIUM5.02 | basic-ftp 5.0.3 fixed in 5.3.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27903 | MEDIUM5.02 | minimatch 3.1.2 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27903 | MEDIUM5.02 | minimatch 9.0.1 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-9679 | MEDIUM5.02 | undici 5.28.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-2511 | MEDIUM4.81 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 54.0% Actively Exploited | Directly Exposed |
| CVE-2026-40175 | MEDIUM4.8 | axios 1.6.3 fixed in 1.15.0, 0.31.0 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2025-0395 | MEDIUM4.67 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.17 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-0395 | MEDIUM4.67 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.17 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-29088 | MEDIUM4.67 | libsqlite3-0 3.31.1-4ubuntu0.6 fixed in 3.31.1-4ubuntu0.7 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-53382 | MEDIUM4.59 | prismjs 1.27.0 fixed in 1.30.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-37168 | MEDIUM4.5 | @grpc/grpc-js 1.8.17 fixed in 1.10.9, 1.9.15, 1.8.22 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-54285 | MEDIUM4.5 | @opentelemetry/core 1.15.0 fixed in 2.8.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54285 | MEDIUM4.5 | @opentelemetry/core 1.5.0 fixed in 2.8.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54285 | MEDIUM4.5 | @opentelemetry/core 1.8.0 fixed in 2.8.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44288 | MEDIUM4.5 | @protobufjs/utf8 1.1.0 fixed in 1.1.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-27152 | MEDIUM4.5 | axios 1.6.3 fixed in 1.8.2, 0.30.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42034 | MEDIUM4.5 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42036 | MEDIUM4.5 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42037 | MEDIUM4.5 | axios 1.6.3 fixed in 1.15.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-2739 | MEDIUM4.5 | bn.js 4.11.9 fixed in 4.12.3, 5.2.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-64718 | MEDIUM4.5 | js-yaml 3.14.1 fixed in 4.1.1, 3.14.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-53550 | MEDIUM4.5 | js-yaml 3.14.1 fixed in 4.2.0, 3.15.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-64718 | MEDIUM4.5 | js-yaml 4.1.0 fixed in 4.1.1, 3.14.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-53550 | MEDIUM4.5 | js-yaml 4.1.0 fixed in 4.2.0, 3.15.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2950 | MEDIUM4.5 | lodash 4.17.21 fixed in 4.18.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-66030 | MEDIUM4.5 | node-forge 1.3.1 fixed in 1.3.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-45296 | MEDIUM4.5 | path-to-regexp 1.7.0 fixed in 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-33672 | MEDIUM4.5 | picomatch 2.3.1 fixed in 4.0.4, 3.0.2, 2.3.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-44288 | MEDIUM4.5 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44294 | MEDIUM4.5 | protobufjs 7.2.4 fixed in 7.5.6, 8.0.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-54269 | MEDIUM4.5 | protobufjs 7.2.4 fixed in 7.6.3, 8.6.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-54798 | MEDIUM4.5 | tmp 0.0.33 fixed in 0.2.4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33916 | MEDIUM4 | handlebars 4.7.8 fixed in 4.7.9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-33601 | MEDIUM4 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-33601 | MEDIUM4 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-21538 | LOW3.74 | cross-spawn 7.0.3 fixed in 7.0.5, 6.0.6 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-3596 | LOW3.73 | libgssapi-krb5-2 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-3596 | LOW3.73 | libk5crypto3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-3596 | LOW3.73 | libkrb5-3 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-3596 | LOW3.73 | libkrb5support0 1.17-6ubuntu4.4 fixed in 1.17-6ubuntu4.8 | 14.9% High Exploitation Risk | Post-Exploit |
| CVE-2024-9143 | LOW3.7 | libssl1.1 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-26960 | LOW3.62 | tar 6.2.1 fixed in 7.5.8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-62718 | LOW3.56 | axios 1.6.3 fixed in 1.15.0, 0.31.0 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2024-45491 | LOW3.53 | libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2024-45492 | LOW3.53 | libexpat1 2.2.9-1ubuntu0.6 fixed in 2.2.9-1ubuntu0.7 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-12735 | LOW3.53 | expr-eval 2.0.2 No fix yet | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-33937 | LOW3.53 | handlebars 4.7.8 fixed in 4.7.9 | 1.8% Low-Moderate Risk | Post-Exploit |
| CVE-2024-29415 | LOW3.53 | ip 1.1.9 No fix yet | 8.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-4800 | LOW3.53 | lodash 4.17.21 fixed in 4.18.0 | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2023-36665 | LOW3.53 | protobufjs 7.2.4 fixed in 7.2.5, 6.11.4 | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2024-33602 | LOW3.4 | libc-bin 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-33602 | LOW3.4 | libc6 2.31-0ubuntu9.15 fixed in 2.31-0ubuntu9.16 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-3449 | LOW3.4 | @tootallnate/once 2.0.0 fixed in 3.0.1, 2.0.1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-29786 | LOW3.21 | tar 6.2.1 fixed in 7.5.10 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42040 | LOW3.15 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-47764 | LOW3.15 | cookie 0.6.0 fixed in 0.7.0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-11525 | LOW3.15 | undici 5.28.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6733 | LOW3.15 | undici 5.28.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44494 | LOW3.13 | axios 1.6.3 fixed in 1.16.0 | 1.0% Low-Moderate Risk | Post-Exploit |
| CVE-2026-23745 | LOW3.11 | tar 6.2.1 fixed in 7.5.3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42043 | LOW3.06 | axios 1.6.3 fixed in 1.15.1, 0.31.1 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2024-2511 | LOW2.89 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 54.0% Actively Exploited | Post-Exploit |
| CVE-2026-31802 | LOW2.8 | tar 6.2.1 fixed in 7.5.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-53655 | LOW2.8 | tar 6.2.1 fixed in 7.5.16 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.23 | 17.3% High Exploitation Risk | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.23 | 17.3% High Exploitation Risk | Post-Exploit |
| CVE-2025-5889 | LOW2.63 | brace-expansion 1.1.11 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-5889 | LOW2.63 | brace-expansion 2.0.1 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-47279 | LOW2.63 | undici 5.28.4 fixed in 5.29.0, 6.21.2, 7.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-24842 | LOW2.51 | tar 6.2.1 fixed in 7.5.7 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-30258 | LOW2.4 | gpgv 2.2.19-3ubuntu2.2 fixed in 2.2.19-3ubuntu2.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-13176 | LOW2.4 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2024-9143 | LOW2.22 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.24 | 6.0% Low-Moderate Risk | Post-Exploit |
| CVE-2024-11053 | LOW2.12 | curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.25 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-11053 | LOW2.12 | libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.25 | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-5535 | LOW2.12 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 5.6% Low-Moderate Risk | Post-Exploit |
| CVE-2024-4741 | LOW2.02 | openssl 1.1.1f-1ubuntu2.22 fixed in 1.1.1f-1ubuntu2.23 | 2.9% Low-Moderate Risk | Post-Exploit |
| CVE-2024-8096 | LOW1.99 | curl 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.24 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2024-8096 | LOW1.99 | libcurl4 7.68.0-1ubuntu2.22 fixed in 7.68.0-1ubuntu2.24 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-23950 | LOW1.81 | tar 6.2.1 fixed in 7.5.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-27789 | NONE0 | @babel/runtime 7.24.0 fixed in 7.26.10, 8.0.0-alpha.17 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-44974 | NONE0 | @hapi/content 5.0.2 fixed in 6.0.2 | — | Not Applicable |
| CVE-2026-48049 | NONE0 | @hapi/inert 6.0.4 fixed in 7.1.1 | — | Not Applicable |
| CVE-2026-44979 | NONE0 | @hapi/wreck 17.1.0 fixed in 18.1.1 | — | Not Applicable |
| CVE-2026-48022 | NONE0 | @hapi/wreck 17.1.0 fixed in 18.1.2 | — | Not Applicable |
| CVE-2026-44240 | NONE0 | basic-ftp 5.0.3 fixed in 5.3.1 | 0.5% Theoretical Threat | Not Applicable |
| GHSA-6v7q-wjvx-w8wg | NONE0 | basic-ftp 5.0.3 fixed in 5.2.2 | — | Not Applicable |
| GHSA-36jr-mh4h-2g58 | NONE0 | d3-color 2.0.0 fixed in 3.1.0 | — | Not Applicable |
| GHSA-r4q5-vmmm-2653 | NONE0 | follow-redirects 1.15.2 fixed in 1.16.0 | — | Not Applicable |
| GHSA-7rx3-28cr-v5wh | NONE0 | handlebars 4.7.8 fixed in 4.7.9 | — | Not Applicable |
| GHSA-442j-39wm-28r2 | NONE0 | handlebars 4.7.8 fixed in 4.7.9 | — | Not Applicable |
| CVE-2026-45134 | NONE0 | langsmith 0.0.48 fixed in 0.6.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-41182 | NONE0 | langsmith 0.0.48 fixed in 0.5.19 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-48801 | NONE0 | linkify-it 3.0.2 fixed in 5.0.1 | — | Not Applicable |
| CVE-2026-48988 | NONE0 | markdown-it 12.3.2 fixed in 14.2.0 | 0.3% Theoretical Threat | Not Applicable |
| GHSA-p6gq-j5cr-w38f | NONE0 | nodemailer 6.9.9 fixed in 9.0.1 | — | Not Applicable |
| GHSA-268h-hp4c-crq3 | NONE0 | nodemailer 6.9.9 fixed in 8.0.9 | — | Not Applicable |
| GHSA-r7g4-qg5f-qqm2 | NONE0 | nodemailer 6.9.9 fixed in 8.0.8 | — | Not Applicable |
| GHSA-vvjj-xcjg-gr5g | NONE0 | nodemailer 6.9.9 fixed in 8.0.5 | — | Not Applicable |
| GHSA-wqvq-jvpq-h66f | NONE0 | nodemailer 6.9.9 fixed in 8.0.9 | — | Not Applicable |
| GHSA-c7w3-x93f-qmm8 | NONE0 | nodemailer 6.9.9 fixed in 8.0.4 | — | Not Applicable |
| CVE-2025-47934 | NONE0 | openpgp 5.10.1 fixed in 5.11.3, 6.1.1 | 0.6% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.