Vulnerability Reportkibana:8.17.4

kibana:8.17.4
DIGESTsha256:5136f9e47e9f4fa2ff9e43064a7b174ddf013a85d4286448e51bfd8393a6b820

Executive Summary

Last scanned:

Threat Score
95/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit vulnerabilities in axios, expr-eval, and Handlebars to achieve remote code execution or perform server-side request forgery, potentially compromising internal services and data. Note that some vulnerabilities (e.g., CVE-2026-33937) require non-default conditions such as attacker-controlled AST objects, but the overall risk is still unacceptable.

Vulnerabilities

Vulnerability Log

174 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-62718HIGH7.92
axios
1.8.2
fixed in 1.15.0, 0.31.0
1.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-12735HIGH7.84
expr-eval
2.0.2
No fix yet
2.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-33937HIGH7.84
handlebars
4.7.8
fixed in 4.7.9
1.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-4800HIGH7.84
lodash
4.17.21
fixed in 4.18.0
1.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-48069HIGH7.5
@grpc/grpc-js
1.8.22
fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4
Directly Exposed
CVE-2026-44293HIGH7.48
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-12816HIGH7.39
node-forge
1.3.1
fixed in 1.3.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44490MEDIUM6.97
axios
1.8.2
fixed in 1.16.0, 0.32.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33941MEDIUM6.97
handlebars
4.7.8
fixed in 4.7.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44705MEDIUM6.97
tmp
0.0.33
fixed in 0.2.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44494MEDIUM6.96
axios
1.8.2
fixed in 1.16.0
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-33938MEDIUM6.88
handlebars
4.7.8
fixed in 4.7.9
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-33940MEDIUM6.88
handlebars
4.7.8
fixed in 4.7.9
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44291MEDIUM6.88
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42043MEDIUM6.8
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-1525MEDIUM6.66
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-35213MEDIUM6.38
@hapi/content
6.0.0
fixed in 6.0.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44902MEDIUM6.38
@opentelemetry/exporter-prometheus
0.31.0
fixed in 0.217.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-69873MEDIUM6.38
ajv
8.17.1
fixed in 8.18.0, 6.14.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44486MEDIUM6.38
axios
1.8.2
fixed in 1.16.0, 0.32.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44487MEDIUM6.38
axios
1.8.2
fixed in 1.16.0, 0.32.0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44488MEDIUM6.38
axios
1.8.2
fixed in 1.16.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44496MEDIUM6.38
axios
1.8.2
fixed in 1.16.0, 0.32.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42038MEDIUM6.38
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42039MEDIUM6.38
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM6.38
brace-expansion
1.1.11
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM6.38
brace-expansion
2.0.1
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6321MEDIUM6.38
fast-uri
3.0.3
fixed in 3.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-6322MEDIUM6.38
fast-uri
3.0.3
fixed in 3.1.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26278MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 4.5.4, 5.3.6
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33036MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 5.5.6, 4.5.5
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27942MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 5.3.8, 4.5.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-12143MEDIUM6.38
form-data
4.0.0
fixed in 2.5.6, 3.0.5, 4.0.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33939MEDIUM6.38
handlebars
4.7.8
fixed in 4.7.9
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-46625MEDIUM6.38
js-cookie
2.2.1
fixed in 3.0.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-65945MEDIUM6.38
jws
3.2.2
fixed in 3.2.3, 4.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-65945MEDIUM6.38
jws
4.0.0
fixed in 3.2.3, 4.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2327MEDIUM6.38
markdown-it
14.1.0
fixed in 14.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
3.1.2
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
5.1.6
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
9.0.5
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-66031MEDIUM6.38
node-forge
1.3.1
fixed in 1.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33891MEDIUM6.38
node-forge
1.3.1
fixed in 1.4.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33894MEDIUM6.38
node-forge
1.3.1
fixed in 1.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33895MEDIUM6.38
node-forge
1.3.1
fixed in 1.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-14874MEDIUM6.38
nodemailer
6.9.15
fixed in 7.0.11
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-13033MEDIUM6.38
nodemailer
6.9.15
fixed in 7.0.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44289MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44290MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-48712MEDIUM6.38
protobufjs
7.2.5
fixed in 7.6.1, 8.4.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44292MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-45740MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.8, 8.2.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-59343MEDIUM6.38
tar-fs
3.0.6
fixed in 3.1.1, 2.1.4, 1.16.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-12151MEDIUM6.38
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-1528MEDIUM6.38
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-2229MEDIUM6.38
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-22036MEDIUM6.38
undici
6.19.2
fixed in 7.18.2, 6.23.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
10.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
8.3.2
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
9.0.1
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-48779MEDIUM6.38
ws
8.18.0
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-45736MEDIUM6.38
ws
8.18.0
fixed in 8.20.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27795MEDIUM6.29
@langchain/community
0.3.14
fixed in 1.1.18
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42033MEDIUM6.29
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42035MEDIUM6.29
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-13204MEDIUM6.21
expr-eval
2.0.2
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-48387MEDIUM6.21
tar-fs
3.0.6
fixed in 1.16.5, 2.1.3, 3.0.9
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42264MEDIUM6.18
axios
1.8.2
fixed in 1.15.2
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42044MEDIUM6.18
axios
1.8.2
fixed in 1.15.2
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33896MEDIUM6.18
node-forge
1.3.1
fixed in 1.4.0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-25896MEDIUM6.03
fast-xml-parser
4.4.1
fixed in 5.3.5, 4.5.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-12905MEDIUM6
tar-fs
3.0.6
fixed in 1.16.4, 2.1.2, 3.0.7
2.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-1526MEDIUM6
undici
6.19.2
fixed in 6.24.0, 7.24.0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-4802MEDIUM5.95
libc-bin
2.31-0ubuntu9.17
fixed in 2.31-0ubuntu9.18
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-4802MEDIUM5.95
libc6
2.31-0ubuntu9.17
fixed in 2.31-0ubuntu9.18
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44495MEDIUM5.95
axios
1.8.2
fixed in 1.15.2, 0.31.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22150MEDIUM5.78
undici
6.19.2
fixed in 5.28.5, 6.21.1, 7.2.3
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42041MEDIUM5.52
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
3.1.2
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
5.1.6
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
9.0.5
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-55565MEDIUM5.52
nanoid
3.3.6
fixed in 5.0.9, 3.3.8
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-33671MEDIUM5.52
picomatch
2.3.1
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-1527MEDIUM5.52
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
1.10.2
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
2.3.4
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
2.5.1
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-7783MEDIUM5.4
form-data
4.0.0
fixed in 2.5.4, 3.0.4, 4.0.4
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-58754MEDIUM5.3
axios
1.8.2
fixed in 1.12.0, 0.30.2
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-48038MEDIUM5.3
joi
17.13.3
fixed in 18.2.1, 17.13.4
Directly Exposed
CVE-2025-13465MEDIUM5.3
lodash
4.17.21
fixed in 4.17.23
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2026-42042MEDIUM5.18
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42338MEDIUM5.18
ip-address
9.0.5
fixed in 10.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libgssapi-krb5-2
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libk5crypto3
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libkrb5-3
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libkrb5support0
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41324MEDIUM5.02
basic-ftp
5.0.3
fixed in 5.3.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33349MEDIUM5.02
fast-xml-parser
4.4.1
fixed in 4.5.5, 5.5.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
3.1.2
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
5.1.6
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
9.0.5
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-9679MEDIUM5.02
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41242MEDIUM5
protobufjs
7.2.5
fixed in 8.0.1, 7.5.5
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-40175MEDIUM4.8
axios
1.8.2
fixed in 1.15.0, 0.31.0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2025-29088MEDIUM4.67
libsqlite3-0
3.31.1-4ubuntu0.6
fixed in 3.31.1-4ubuntu0.7
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41650MEDIUM4.59
fast-xml-parser
4.4.1
fixed in 5.7.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-53382MEDIUM4.59
prismjs
1.27.0
fixed in 1.30.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-25639MEDIUM4.5
axios
1.8.2
fixed in 1.13.5, 0.30.3
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.15.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.24.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.5.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.8.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-44288MEDIUM4.5
@protobufjs/utf8
1.1.0
fixed in 1.1.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-48985MEDIUM4.5
ai
2.2.37
fixed in 5.0.52, 5.1.0-beta.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42034MEDIUM4.5
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42036MEDIUM4.5
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42037MEDIUM4.5
axios
1.8.2
fixed in 1.15.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2739MEDIUM4.5
bn.js
4.11.9
fixed in 4.12.3, 5.2.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-64718MEDIUM4.5
js-yaml
3.14.1
fixed in 4.1.1, 3.14.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-53550MEDIUM4.5
js-yaml
3.14.1
fixed in 4.2.0, 3.15.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-64718MEDIUM4.5
js-yaml
4.1.0
fixed in 4.1.1, 3.14.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-53550MEDIUM4.5
js-yaml
4.1.0
fixed in 4.2.0, 3.15.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2950MEDIUM4.5
lodash
4.17.21
fixed in 4.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-66030MEDIUM4.5
node-forge
1.3.1
fixed in 1.3.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33672MEDIUM4.5
picomatch
2.3.1
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44288MEDIUM4.5
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44294MEDIUM4.5
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-54269MEDIUM4.5
protobufjs
7.2.5
fixed in 7.6.3, 8.6.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-54798MEDIUM4.5
tmp
0.0.33
fixed in 0.2.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33916MEDIUM4
handlebars
4.7.8
fixed in 4.7.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-26960LOW3.62
tar
7.4.3
fixed in 7.5.8
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-26019LOW3.48
@langchain/community
0.3.14
fixed in 1.1.14
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-3449LOW3.4
@tootallnate/once
2.0.0
fixed in 3.0.1, 2.0.1
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-29786LOW3.21
tar
7.4.3
fixed in 7.5.10
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42040LOW3.15
axios
1.8.2
fixed in 1.15.1, 0.31.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-11525LOW3.15
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6733LOW3.15
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-23745LOW3.11
tar
7.4.3
fixed in 7.5.3
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-27699LOW3
basic-ftp
5.0.3
fixed in 5.2.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-40190LOW3
langsmith
0.2.3
fixed in 0.5.18
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-31802LOW2.8
tar
7.4.3
fixed in 7.5.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-53655LOW2.8
tar
7.4.3
fixed in 7.5.16
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-68665LOW2.78
@langchain/core
0.3.16
fixed in 1.1.8, 0.3.80
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-68665LOW2.78
langchain
0.3.5
fixed in 1.2.3, 0.3.37
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-48068LOW2.7
@grpc/grpc-js
1.8.22
fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4
Post-Exploit
CVE-2025-64756LOW2.7
glob
10.4.5
fixed in 11.1.0, 10.5.0
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-5889LOW2.63
brace-expansion
1.1.11
fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-5889LOW2.63
brace-expansion
2.0.1
fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-47279LOW2.63
undici
6.19.2
fixed in 5.29.0, 6.21.2, 7.5.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-24842LOW2.51
tar
7.4.3
fixed in 7.5.7
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-23950LOW1.81
tar
7.4.3
fixed in 7.5.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-27789NONE0
@babel/runtime
7.25.0
fixed in 7.26.10, 8.0.0-alpha.17
0.5%
Theoretical Threat
Not Applicable
CVE-2026-44974NONE0
@hapi/content
6.0.0
fixed in 6.0.2
Not Applicable
CVE-2026-48049NONE0
@hapi/inert
7.1.0
fixed in 7.1.1
Not Applicable
CVE-2026-44979NONE0
@hapi/wreck
18.1.0
fixed in 18.1.1
Not Applicable
CVE-2026-48022NONE0
@hapi/wreck
18.1.0
fixed in 18.1.2
Not Applicable
GHSA-6475-r3vj-m8vfNONE0
@smithy/config-resolver
3.0.10
fixed in 4.4.0
Not Applicable
CVE-2026-44240NONE0
basic-ftp
5.0.3
fixed in 5.3.1
0.5%
Theoretical Threat
Not Applicable
GHSA-6v7q-wjvx-w8wgNONE0
basic-ftp
5.0.3
fixed in 5.2.2
Not Applicable
GHSA-r4q5-vmmm-2653NONE0
follow-redirects
1.15.6
fixed in 1.16.0
Not Applicable
GHSA-7rx3-28cr-v5whNONE0
handlebars
4.7.8
fixed in 4.7.9
Not Applicable
GHSA-442j-39wm-28r2NONE0
handlebars
4.7.8
fixed in 4.7.9
Not Applicable
CVE-2026-45134NONE0
langsmith
0.2.3
fixed in 0.6.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-41182NONE0
langsmith
0.2.3
fixed in 0.5.19
0.2%
Theoretical Threat
Not Applicable
CVE-2026-48801NONE0
linkify-it
5.0.0
fixed in 5.0.1
Not Applicable
CVE-2026-48988NONE0
markdown-it
14.1.0
fixed in 14.2.0
0.3%
Theoretical Threat
Not Applicable
GHSA-p6gq-j5cr-w38fNONE0
nodemailer
6.9.15
fixed in 9.0.1
Not Applicable
GHSA-268h-hp4c-crq3NONE0
nodemailer
6.9.15
fixed in 8.0.9
Not Applicable
GHSA-r7g4-qg5f-qqm2NONE0
nodemailer
6.9.15
fixed in 8.0.8
Not Applicable
GHSA-vvjj-xcjg-gr5gNONE0
nodemailer
6.9.15
fixed in 8.0.5
Not Applicable
GHSA-wqvq-jvpq-h66fNONE0
nodemailer
6.9.15
fixed in 8.0.9
Not Applicable
GHSA-c7w3-x93f-qmm8NONE0
nodemailer
6.9.15
fixed in 8.0.4
Not Applicable
CVE-2025-47934NONE0
openpgp
5.10.1
fixed in 5.11.3, 6.1.1
0.6%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.