Vulnerability Reportkibana:8.18.0

kibana:8.18.0
DIGESTsha256:04c0fc150f3a932719c0cec11de303b210baa2f63a42a8c7b4dd07f5521167e2

Executive Summary

Last scanned:

Threat Score
95/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via vulnerabilities in expr-eval (CVE-2025-12735) or Handlebars (CVE-2026-33937), or bypass proxy rules to access internal services via an SSRF flaw in axios (CVE-2025-62718). While some exploits require non-default configurations (e.g., attacker-controlled AST input for Handlebars), the majority of the top findings are exploitable under typical usage. The official Docker status does not compensate for the severe vulnerability load, and deployment should be blocked until all critical CVEs are addressed.

Vulnerabilities

Vulnerability Log

174 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-62718HIGH7.92
axios
1.8.3
fixed in 1.15.0, 0.31.0
1.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-12735HIGH7.84
expr-eval
2.0.2
No fix yet
2.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-33937HIGH7.84
handlebars
4.7.8
fixed in 4.7.9
1.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-4800HIGH7.84
lodash
4.17.21
fixed in 4.18.0
1.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-44293HIGH7.48
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-12816HIGH7.39
node-forge
1.3.1
fixed in 1.3.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44490MEDIUM6.97
axios
1.8.3
fixed in 1.16.0, 0.32.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33941MEDIUM6.97
handlebars
4.7.8
fixed in 4.7.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44705MEDIUM6.97
tmp
0.0.33
fixed in 0.2.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44494MEDIUM6.96
axios
1.8.3
fixed in 1.16.0
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-33938MEDIUM6.88
handlebars
4.7.8
fixed in 4.7.9
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-33940MEDIUM6.88
handlebars
4.7.8
fixed in 4.7.9
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44291MEDIUM6.88
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42043MEDIUM6.8
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-1525MEDIUM6.66
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-35213MEDIUM6.38
@hapi/content
6.0.0
fixed in 6.0.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44902MEDIUM6.38
@opentelemetry/exporter-prometheus
0.31.0
fixed in 0.217.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-69873MEDIUM6.38
ajv
8.17.1
fixed in 8.18.0, 6.14.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44486MEDIUM6.38
axios
1.8.3
fixed in 1.16.0, 0.32.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44487MEDIUM6.38
axios
1.8.3
fixed in 1.16.0, 0.32.0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44488MEDIUM6.38
axios
1.8.3
fixed in 1.16.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44496MEDIUM6.38
axios
1.8.3
fixed in 1.16.0, 0.32.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42038MEDIUM6.38
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42039MEDIUM6.38
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM6.38
brace-expansion
1.1.11
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM6.38
brace-expansion
2.0.1
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6321MEDIUM6.38
fast-uri
3.0.3
fixed in 3.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-6322MEDIUM6.38
fast-uri
3.0.3
fixed in 3.1.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26278MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 4.5.4, 5.3.6
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33036MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 5.5.6, 4.5.5
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27942MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 5.3.8, 4.5.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-12143MEDIUM6.38
form-data
4.0.0
fixed in 2.5.6, 3.0.5, 4.0.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33939MEDIUM6.38
handlebars
4.7.8
fixed in 4.7.9
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-46625MEDIUM6.38
js-cookie
2.2.1
fixed in 3.0.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-65945MEDIUM6.38
jws
3.2.2
fixed in 3.2.3, 4.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-65945MEDIUM6.38
jws
4.0.0
fixed in 3.2.3, 4.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2327MEDIUM6.38
markdown-it
14.1.0
fixed in 14.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
3.1.2
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
5.1.6
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
9.0.5
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-66031MEDIUM6.38
node-forge
1.3.1
fixed in 1.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33891MEDIUM6.38
node-forge
1.3.1
fixed in 1.4.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33894MEDIUM6.38
node-forge
1.3.1
fixed in 1.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33895MEDIUM6.38
node-forge
1.3.1
fixed in 1.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-14874MEDIUM6.38
nodemailer
6.9.15
fixed in 7.0.11
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-13033MEDIUM6.38
nodemailer
6.9.15
fixed in 7.0.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44289MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44290MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-48712MEDIUM6.38
protobufjs
7.2.5
fixed in 7.6.1, 8.4.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44292MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-45740MEDIUM6.38
protobufjs
7.2.5
fixed in 7.5.8, 8.2.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-59343MEDIUM6.38
tar-fs
3.0.8
fixed in 3.1.1, 2.1.4, 1.16.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-12151MEDIUM6.38
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-1528MEDIUM6.38
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-2229MEDIUM6.38
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-22036MEDIUM6.38
undici
6.19.2
fixed in 7.18.2, 6.23.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
10.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
8.3.2
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
9.0.1
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-48779MEDIUM6.38
ws
8.18.0
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-45736MEDIUM6.38
ws
8.18.0
fixed in 8.20.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27795MEDIUM6.29
@langchain/community
0.3.29
fixed in 1.1.18
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42033MEDIUM6.29
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42035MEDIUM6.29
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-13204MEDIUM6.21
expr-eval
2.0.2
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-48387MEDIUM6.21
tar-fs
3.0.8
fixed in 1.16.5, 2.1.3, 3.0.9
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42264MEDIUM6.18
axios
1.8.3
fixed in 1.15.2
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42044MEDIUM6.18
axios
1.8.3
fixed in 1.15.2
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33896MEDIUM6.18
node-forge
1.3.1
fixed in 1.4.0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-25896MEDIUM6.03
fast-xml-parser
4.4.1
fixed in 5.3.5, 4.5.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25639MEDIUM6
axios
1.8.3
fixed in 1.13.5, 0.30.3
2.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-1526MEDIUM6
undici
6.19.2
fixed in 6.24.0, 7.24.0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-4802MEDIUM5.95
libc-bin
2.31-0ubuntu9.17
fixed in 2.31-0ubuntu9.18
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-4802MEDIUM5.95
libc6
2.31-0ubuntu9.17
fixed in 2.31-0ubuntu9.18
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44495MEDIUM5.95
axios
1.8.3
fixed in 1.15.2, 0.31.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22150MEDIUM5.78
undici
6.19.2
fixed in 5.28.5, 6.21.1, 7.2.3
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-8769MEDIUM5.52
@ai-sdk/provider-utils
2.0.4
No fix yet
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42041MEDIUM5.52
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
3.1.2
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
5.1.6
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
9.0.5
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33671MEDIUM5.52
picomatch
2.3.1
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-1527MEDIUM5.52
undici
6.19.2
fixed in 6.24.0, 7.24.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
1.10.2
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
2.3.4
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
2.5.1
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-7783MEDIUM5.4
form-data
4.0.0
fixed in 2.5.4, 3.0.4, 4.0.4
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-58754MEDIUM5.3
axios
1.8.3
fixed in 1.12.0, 0.30.2
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-48038MEDIUM5.3
joi
17.13.3
fixed in 18.2.1, 17.13.4
Directly Exposed
CVE-2025-13465MEDIUM5.3
lodash
4.17.21
fixed in 4.17.23
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2026-42042MEDIUM5.18
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42338MEDIUM5.18
ip-address
9.0.5
fixed in 10.1.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libgssapi-krb5-2
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libk5crypto3
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libkrb5-3
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-3576MEDIUM5.02
libkrb5support0
1.17-6ubuntu4.9
fixed in 1.17-6ubuntu4.11
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41324MEDIUM5.02
basic-ftp
5.0.3
fixed in 5.3.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33349MEDIUM5.02
fast-xml-parser
4.4.1
fixed in 4.5.5, 5.5.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
3.1.2
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
5.1.6
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
9.0.5
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-9679MEDIUM5.02
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-40175MEDIUM4.8
axios
1.8.3
fixed in 1.15.0, 0.31.0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2025-29088MEDIUM4.67
libsqlite3-0
3.31.1-4ubuntu0.6
fixed in 3.31.1-4ubuntu0.7
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41650MEDIUM4.59
fast-xml-parser
4.4.1
fixed in 5.7.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-53382MEDIUM4.59
prismjs
1.27.0
fixed in 1.30.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.15.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.24.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.5.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54285MEDIUM4.5
@opentelemetry/core
1.8.0
fixed in 2.8.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-44288MEDIUM4.5
@protobufjs/utf8
1.1.0
fixed in 1.1.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-48985MEDIUM4.5
ai
4.0.18
fixed in 5.0.52, 5.1.0-beta.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42034MEDIUM4.5
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42036MEDIUM4.5
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42037MEDIUM4.5
axios
1.8.3
fixed in 1.15.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2739MEDIUM4.5
bn.js
4.11.9
fixed in 4.12.3, 5.2.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-64718MEDIUM4.5
js-yaml
3.14.1
fixed in 4.1.1, 3.14.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-53550MEDIUM4.5
js-yaml
3.14.1
fixed in 4.2.0, 3.15.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-64718MEDIUM4.5
js-yaml
4.1.0
fixed in 4.1.1, 3.14.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-53550MEDIUM4.5
js-yaml
4.1.0
fixed in 4.2.0, 3.15.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2950MEDIUM4.5
lodash
4.17.21
fixed in 4.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-66030MEDIUM4.5
node-forge
1.3.1
fixed in 1.3.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33672MEDIUM4.5
picomatch
2.3.1
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44288MEDIUM4.5
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44294MEDIUM4.5
protobufjs
7.2.5
fixed in 7.5.6, 8.0.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-54269MEDIUM4.5
protobufjs
7.2.5
fixed in 7.6.3, 8.6.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-54798MEDIUM4.5
tmp
0.0.33
fixed in 0.2.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33916MEDIUM4
handlebars
4.7.8
fixed in 4.7.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-26960LOW3.62
tar
7.4.3
fixed in 7.5.8
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-26019LOW3.48
@langchain/community
0.3.29
fixed in 1.1.14
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-3449LOW3.4
@tootallnate/once
2.0.0
fixed in 3.0.1, 2.0.1
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-24842LOW3.34
tar
7.4.3
fixed in 7.5.7
0.5%
Theoretical Threat
Post-ExploitContext importance: MEDIUM
CVE-2026-29786LOW3.21
tar
7.4.3
fixed in 7.5.10
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42040LOW3.15
axios
1.8.3
fixed in 1.15.1, 0.31.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-11525LOW3.15
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6733LOW3.15
undici
6.19.2
fixed in 6.27.0, 7.28.0, 8.5.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-23745LOW3.11
tar
7.4.3
fixed in 7.5.3
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-27699LOW3
basic-ftp
5.0.3
fixed in 5.2.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-40190LOW3
langsmith
0.3.7
fixed in 0.5.18
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-41242LOW3
protobufjs
7.2.5
fixed in 8.0.1, 7.5.5
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-31802LOW2.8
tar
7.4.3
fixed in 7.5.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-53655LOW2.8
tar
7.4.3
fixed in 7.5.16
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-68665LOW2.78
@langchain/core
0.3.40
fixed in 1.1.8, 0.3.80
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-68665LOW2.78
langchain
0.3.15
fixed in 1.2.3, 0.3.37
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-48068LOW2.7
@grpc/grpc-js
1.8.22
fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4
Post-Exploit
CVE-2026-48069LOW2.7
@grpc/grpc-js
1.8.22
fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4
Post-Exploit
CVE-2025-64756LOW2.7
glob
10.4.5
fixed in 11.1.0, 10.5.0
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-5889LOW2.63
brace-expansion
1.1.11
fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-5889LOW2.63
brace-expansion
2.0.1
fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-47279LOW2.63
undici
6.19.2
fixed in 5.29.0, 6.21.2, 7.5.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-23950LOW1.81
tar
7.4.3
fixed in 7.5.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-27789NONE0
@babel/runtime
7.25.0
fixed in 7.26.10, 8.0.0-alpha.17
0.5%
Theoretical Threat
Not Applicable
CVE-2026-44974NONE0
@hapi/content
6.0.0
fixed in 6.0.2
Not Applicable
CVE-2026-48049NONE0
@hapi/inert
7.1.0
fixed in 7.1.1
Not Applicable
CVE-2026-44979NONE0
@hapi/wreck
18.1.0
fixed in 18.1.1
Not Applicable
CVE-2026-48022NONE0
@hapi/wreck
18.1.0
fixed in 18.1.2
Not Applicable
GHSA-6475-r3vj-m8vfNONE0
@smithy/config-resolver
4.0.1
fixed in 4.4.0
Not Applicable
CVE-2026-44240NONE0
basic-ftp
5.0.3
fixed in 5.3.1
0.5%
Theoretical Threat
Not Applicable
GHSA-6v7q-wjvx-w8wgNONE0
basic-ftp
5.0.3
fixed in 5.2.2
Not Applicable
GHSA-r4q5-vmmm-2653NONE0
follow-redirects
1.15.6
fixed in 1.16.0
Not Applicable
GHSA-7rx3-28cr-v5whNONE0
handlebars
4.7.8
fixed in 4.7.9
Not Applicable
GHSA-442j-39wm-28r2NONE0
handlebars
4.7.8
fixed in 4.7.9
Not Applicable
CVE-2025-9910NONE0
jsondiffpatch
0.6.0
fixed in 0.7.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-45134NONE0
langsmith
0.3.7
fixed in 0.6.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-41182NONE0
langsmith
0.3.7
fixed in 0.5.19
0.2%
Theoretical Threat
Not Applicable
CVE-2026-48801NONE0
linkify-it
5.0.0
fixed in 5.0.1
Not Applicable
CVE-2026-48988NONE0
markdown-it
14.1.0
fixed in 14.2.0
0.3%
Theoretical Threat
Not Applicable
GHSA-p6gq-j5cr-w38fNONE0
nodemailer
6.9.15
fixed in 9.0.1
Not Applicable
GHSA-268h-hp4c-crq3NONE0
nodemailer
6.9.15
fixed in 8.0.9
Not Applicable
GHSA-r7g4-qg5f-qqm2NONE0
nodemailer
6.9.15
fixed in 8.0.8
Not Applicable
GHSA-vvjj-xcjg-gr5gNONE0
nodemailer
6.9.15
fixed in 8.0.5
Not Applicable
GHSA-wqvq-jvpq-h66fNONE0
nodemailer
6.9.15
fixed in 8.0.9
Not Applicable
GHSA-c7w3-x93f-qmm8NONE0
nodemailer
6.9.15
fixed in 8.0.4
Not Applicable
CVE-2025-47934NONE0
openpgp
5.10.1
fixed in 5.11.3, 6.1.1
0.6%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.