This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit CVE-2026-4800 to execute arbitrary code via crafted template imports, or cause denial of service through vulnerabilities in expat, libgcrypt, and OpenSSL. The image contains 229 known vulnerabilities, with 27 rated medium-high severity. While it is an official Docker image, the volume and severity of issues necessitate remediation before production use.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-4800 | CRITICAL9.8 | lodash 4.17.23 fixed in 4.18.0 | 1.0% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-45186 | MEDIUM6.38 | expat 2.5.0-6.el9 fixed in 2.5.0-6.el9_8.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41989 | MEDIUM6.38 | libgcrypt 1.10.0-11.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6732 | MEDIUM6.38 | libxml2 2.9.13-14.el9_7 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-3.el9_8 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-3644 | MEDIUM6.38 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4224 | MEDIUM6.38 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-7210 | MEDIUM6.38 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-44486 | MEDIUM6.38 | axios 1.15.2 fixed in 1.16.0, 0.32.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44487 | MEDIUM6.38 | axios 1.15.2 fixed in 1.16.0, 0.32.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-44488 | MEDIUM6.38 | axios 1.15.2 fixed in 1.16.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44496 | MEDIUM6.38 | axios 1.15.2 fixed in 1.16.0, 0.32.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45149 | MEDIUM6.38 | brace-expansion 5.0.5 fixed in 5.0.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6321 | MEDIUM6.38 | fast-uri 3.0.3 fixed in 3.1.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-6322 | MEDIUM6.38 | fast-uri 3.0.3 fixed in 3.1.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45740 | MEDIUM6.38 | protobufjs 7.5.5 fixed in 7.5.8, 8.2.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6734 | MEDIUM6.38 | undici 7.24.4 fixed in 7.28.0, 8.2.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 10.0.0 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 11.1.0 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 13.0.0 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 8.3.2 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 9.0.1 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45736 | MEDIUM6.38 | ws 8.19.0 fixed in 8.20.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-9697 | MEDIUM6.29 | undici 7.24.4 fixed in 7.28.0, 8.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-27113 | MEDIUM6 | libxml2 2.9.13-14.el9_7 No fix yet | 1.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44604 | MEDIUM5.95 | rpm-libs 4.16.1.3-40.el9 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-13151 | MEDIUM5.9 | libtasn1 4.16.0-9.el9 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-41996 | MEDIUM5.9 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-56403 | MEDIUM5.87 | expat 2.5.0-6.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-44492 | MEDIUM5.85 | axios 1.15.2 fixed in 1.16.0, 0.32.0 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-22185 | MEDIUM5.78 | openldap 2.6.8-4.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4105 | MEDIUM5.7 | systemd-libs 252-67.el9_8.2 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-5915 | MEDIUM5.61 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-5918 | MEDIUM5.61 | libarchive 3.5.3-9.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | glibc 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | glibc-common 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-6238 | MEDIUM5.52 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-4426 | MEDIUM5.52 | libarchive 3.5.3-9.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9149 | MEDIUM5.52 | libsolv 0.7.24-4.el9 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9150 | MEDIUM5.52 | libsolv 0.7.24-4.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-45322 | MEDIUM5.52 | libxml2 2.9.13-14.el9_7 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-7531 | MEDIUM5.52 | nspr 4.36.0-8.el9_4 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-7531 | MEDIUM5.52 | nss 3.112.0-8.el9_4 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-7531 | MEDIUM5.52 | nss-softokn 3.112.0-8.el9_4 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-7531 | MEDIUM5.52 | nss-softokn-freebl 3.112.0-8.el9_4 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-7531 | MEDIUM5.52 | nss-sysinit 3.112.0-8.el9_4 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-7531 | MEDIUM5.52 | nss-util 3.112.0-8.el9_4 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | openssl-fips-provider 3.0.7-8.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | openssl-fips-provider-so 3.0.7-8.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-8769 | MEDIUM5.52 | @ai-sdk/provider-utils 3.0.17 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-47673 | MEDIUM5.52 | hono 4.12.14 fixed in 4.12.21 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-41311 | MEDIUM5.52 | liquidjs 10.25.6 fixed in 10.25.7 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33532 | MEDIUM5.52 | yaml 1.10.2 fixed in 2.8.3, 1.10.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33532 | MEDIUM5.52 | yaml 2.3.4 fixed in 2.8.3, 1.10.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-34459 | MEDIUM5.5 | libxml2 2.9.13-14.el9_7 No fix yet | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-1757 | MEDIUM5.27 | libxml2 2.9.13-14.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-64506 | MEDIUM5.18 | libpng 2:1.6.37-15.el9_8 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-6019 | MEDIUM5.18 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44665 | MEDIUM5.18 | fast-xml-builder 1.1.5 fixed in 1.1.7 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44664 | MEDIUM5.18 | fast-xml-builder 1.1.5 fixed in 1.1.6 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-44455 | MEDIUM5.18 | hono 4.12.14 fixed in 4.12.16 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-42338 | MEDIUM5.18 | ip-address 10.1.0 fixed in 10.1.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42338 | MEDIUM5.18 | ip-address 9.0.5 fixed in 10.1.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5713 | MEDIUM5.1 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-50219 | MEDIUM5.02 | expat 2.5.0-6.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | glibc 2.34-270.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | glibc-common 2.34-270.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5435 | MEDIUM5.02 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-0990 | MEDIUM5.02 | libxml2 2.9.13-14.el9_7 No fix yet | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2020-12413 | MEDIUM5.02 | nspr 4.36.0-8.el9_4 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2020-12413 | MEDIUM5.02 | nss 3.112.0-8.el9_4 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2020-12413 | MEDIUM5.02 | nss-softokn 3.112.0-8.el9_4 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2020-12413 | MEDIUM5.02 | nss-softokn-freebl 3.112.0-8.el9_4 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2020-12413 | MEDIUM5.02 | nss-sysinit 3.112.0-8.el9_4 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2020-12413 | MEDIUM5.02 | nss-util 3.112.0-8.el9_4 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | openssl-fips-provider 3.0.7-8.el9 fixed in 3.0.7-11.el9_8 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | openssl-fips-provider-so 3.0.7-8.el9 fixed in 3.0.7-11.el9_8 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9679 | MEDIUM5.02 | undici 6.24.1 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9678 | MEDIUM5.02 | undici 7.24.4 fixed in 7.28.0, 8.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9679 | MEDIUM5.02 | undici 7.24.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-5916 | MEDIUM4.76 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32776 | MEDIUM4.67 | expat 2.5.0-6.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-32777 | MEDIUM4.67 | expat 2.5.0-6.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32778 | MEDIUM4.67 | expat 2.5.0-6.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-66382 | MEDIUM4.67 | expat 2.5.0-6.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-60753 | MEDIUM4.67 | libarchive 3.5.3-9.el9_7 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5745 | MEDIUM4.67 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-1632 | MEDIUM4.67 | libarchive 3.5.3-9.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2021-46195 | MEDIUM4.67 | libgcc 11.5.0-14.el9 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libgcc 11.5.0-14.el9 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2021-46195 | MEDIUM4.67 | libstdc++ 11.5.0-14.el9 No fix yet | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-27943 | MEDIUM4.67 | libstdc++ 11.5.0-14.el9 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-13837 | MEDIUM4.67 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42308 | MEDIUM4.67 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-0232 | MEDIUM4.67 | sqlite-libs 3.34.1-10.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.2.11-40.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-1489 | MEDIUM4.59 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41650 | MEDIUM4.59 | fast-xml-parser 5.5.7 fixed in 5.7.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-53382 | MEDIUM4.59 | prismjs 1.27.0 fixed in 1.30.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | freetype 2.10.4-10.el9_5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22693 | MEDIUM4.5 | harfbuzz 2.7.4-10.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-30571 | MEDIUM4.5 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-12781 | MEDIUM4.5 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-3276 | MEDIUM4.5 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | xz-libs 5.2.5-8.el9_0 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-44288 | MEDIUM4.5 | @protobufjs/utf8 1.1.0 fixed in 1.1.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44489 | MEDIUM4.5 | axios 1.15.2 fixed in 1.16.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-2739 | MEDIUM4.5 | bn.js 4.11.9 fixed in 4.12.3, 5.2.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-47675 | MEDIUM4.5 | hono 4.12.14 fixed in 4.12.21 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-2950 | MEDIUM4.5 | lodash 4.17.23 fixed in 4.18.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44288 | MEDIUM4.5 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-4516 | MEDIUM4.33 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42250 | MEDIUM4.25 | bzip2-libs 1.0.8-11.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc 2.34-270.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc-common 2.34-270.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc-common 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5450 | MEDIUM4.25 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-5928 | MEDIUM4.25 | glibc-minimal-langpack 2.34-270.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-11850 | MEDIUM4.25 | krb5-libs 1.21.1-10.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-5917 | MEDIUM4.25 | libarchive 3.5.3-9.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-28164 | MEDIUM4.25 | libpng 2:1.6.37-15.el9_8 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-56405 | MEDIUM4.17 | expat 2.5.0-6.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-15282 | MEDIUM4.08 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-0672 | MEDIUM4.08 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libblkid 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libsmartcols 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libuuid 2.37.4-25.el9 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | LOW3.83 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-5773 | LOW3.82 | curl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW3.82 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW3.82 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW3.82 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7210 | LOW3.82 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-7210 | LOW3.82 | python3 3.9.25-7.el9_8 No fix yet | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2025-11468 | LOW3.82 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-1502 | LOW3.82 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-64505 | LOW3.74 | libpng 2:1.6.37-15.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34757 | LOW3.74 | libpng 2:1.6.37-15.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-4156 | LOW3.62 | gawk 5.1.0-6.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-44604 | LOW3.57 | rpm 4.16.1.3-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-1484 | LOW3.57 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44494 | LOW3.55 | axios 1.15.2 fixed in 1.16.0 | 0.5% Theoretical Threat | Post-ExploitContext importance: MEDIUM |
| CVE-2024-11053 | LOW3.54 | curl-minimal 7.76.1-40.el9 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2024-11053 | LOW3.54 | libcurl-minimal 7.76.1-40.el9 No fix yet | 1.4% Low-Moderate Risk | Post-Exploit |
| CVE-2025-13034 | LOW3.47 | curl-minimal 7.76.1-40.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1965 | LOW3.47 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-13034 | LOW3.47 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1965 | LOW3.47 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2021-3572 | LOW3.42 | python3-pip-wheel 21.3.1-2.el9_8 No fix yet | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-44490 | LOW3.34 | axios 1.15.2 fixed in 1.16.0, 0.32.0 | 0.3% Theoretical Threat | Post-ExploitContext importance: MEDIUM |
| CVE-2026-3784 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW3.31 | curl-minimal 7.76.1-40.el9 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-3784 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW3.31 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | curl-minimal 7.76.1-40.el9 No fix yet | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-5958 | LOW3.21 | sed 4.8-10.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-41080 | LOW3.15 | expat 2.5.0-6.el9 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-3360 | LOW3.15 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-7039 | LOW3.15 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0988 | LOW3.15 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0989 | LOW3.15 | libxml2 2.9.13-14.el9_7 No fix yet | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-11525 | LOW3.15 | undici 6.24.1 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6733 | LOW3.15 | undici 6.24.1 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-11525 | LOW3.15 | undici 7.24.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6733 | LOW3.15 | undici 7.24.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6019 | LOW3.11 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-6019 | LOW3.11 | python3 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-50181 | LOW3.11 | python3-pip-wheel 21.3.1-2.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-50182 | LOW3.11 | python3-pip-wheel 21.3.1-2.el9_8 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-9232 | LOW3.1 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-5713 | LOW3.06 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-5713 | LOW3.06 | python3 3.9.25-7.el9_8 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-32284 | LOW3.01 | python3-pip-wheel 21.3.1-2.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-26280 | LOW2.81 | systeminformation 5.30.3 fixed in 5.30.8 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-24883 | LOW2.8 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-13837 | LOW2.8 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42308 | LOW2.8 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-13837 | LOW2.8 | python3 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42308 | LOW2.8 | python3 3.9.25-7.el9_8 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-25645 | LOW2.8 | python3-pip-wheel 21.3.1-2.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-41990 | LOW2.8 | libgcrypt 1.10.0-11.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-13462 | LOW2.8 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-2297 | LOW2.8 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-3479 | LOW2.8 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-70873 | LOW2.8 | sqlite-libs 3.34.1-10.el9_8 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45445 | LOW2.78 | openssl-libs 1:3.5.5-2.el9_8 fixed in 1:3.5.5-4.el9_8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | curl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl-minimal 7.76.1-40.el9 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-12781 | LOW2.7 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-3276 | LOW2.7 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-12781 | LOW2.7 | python3 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-3276 | LOW2.7 | python3 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-44293 | LOW2.69 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-26318 | LOW2.69 | systeminformation 5.30.3 fixed in 5.31.0 | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | curl-minimal 7.76.1-40.el9 No fix yet | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2024-7264 | LOW2.69 | libcurl-minimal 7.76.1-40.el9 No fix yet | 16.2% High Exploitation Risk | Post-Exploit |
| CVE-2025-1795 | LOW2.63 | python3-libs 3.9.25-7.el9_8 No fix yet | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-4516 | LOW2.6 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-4516 | LOW2.6 | python3 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-15079 | LOW2.48 | curl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-15079 | LOW2.48 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-0992 | LOW2.46 | libxml2 2.9.13-14.el9_7 No fix yet | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-14017 | LOW2.45 | curl-minimal 7.76.1-40.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-14017 | LOW2.45 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-15282 | LOW2.45 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-0672 | LOW2.45 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-15282 | LOW2.45 | python3 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-0672 | LOW2.45 | python3 3.9.25-7.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-15224 | LOW2.4 | curl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-68972 | LOW2.4 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-30258 | LOW2.4 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-15224 | LOW2.4 | libcurl-minimal 7.76.1-40.el9 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-48864 | LOW2.39 | libsolv 0.7.24-4.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-44724 | LOW2.39 | systeminformation 5.30.3 fixed in 5.31.6 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-1485 | LOW2.38 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-9681 | LOW2.34 | curl-minimal 7.76.1-40.el9 No fix yet | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2024-9681 | LOW2.34 | libcurl-minimal 7.76.1-40.el9 No fix yet | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2023-32636 | LOW2.29 | glib2 2.68.4-19.el9_8.1 No fix yet | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-28389 | LOW2.29 | openssl-libs 1:3.5.5-2.el9_8 No fix yet | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2022-41409 | LOW2.29 | pcre2 10.40-6.el9 No fix yet | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2022-41409 | LOW2.29 | pcre2-syntax 10.40-6.el9 No fix yet | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2026-3644 | LOW2.29 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-4224 | LOW2.29 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-3644 | LOW2.29 | python3 3.9.25-7.el9_8 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-4224 | LOW2.29 | python3 3.9.25-7.el9_8 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-12151 | LOW2.29 | undici 6.24.1 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-12151 | LOW2.29 | undici 7.24.4 fixed in 6.27.0, 7.28.0, 8.5.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-11468 | LOW2.29 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-1502 | LOW2.29 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-11468 | LOW2.29 | python3 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-1502 | LOW2.29 | python3 3.9.25-7.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-5278 | LOW2.24 | coreutils-single 8.32-40.el9 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2023-45803 | LOW2.14 | python3-pip-wheel 21.3.1-2.el9_8 No fix yet | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-24515 | LOW2.12 | expat 2.5.0-6.el9 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-6170 | LOW2.12 | libxml2 2.9.13-14.el9_7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2022-3219 | LOW1.68 | gnupg2 2.3.3-5.el9_7 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-13462 | LOW1.68 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-2297 | LOW1.68 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-3479 | LOW1.68 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-13462 | LOW1.68 | python3 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-2297 | LOW1.68 | python3 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-3479 | LOW1.68 | python3 3.9.25-7.el9_8 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-1795 | LOW1.58 | python-unversioned-command 3.9.25-7.el9_8 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-1795 | LOW1.58 | python3 3.9.25-7.el9_8 No fix yet | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2023-50495 | NONE0 | ncurses-base 6.2-12.20210508.el9 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2023-50495 | NONE0 | ncurses-libs 6.2-12.20210508.el9 No fix yet | 1.0% Theoretical Threat | Not Applicable |
| CVE-2026-22020 | NONE0 | libpng 2:1.6.37-15.el9_8 No fix yet | — | Not Applicable |
| CVE-2026-48068 | NONE0 | @grpc/grpc-js 1.14.3 fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 | — | Not Applicable |
| CVE-2026-48069 | NONE0 | @grpc/grpc-js 1.14.3 fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 | — | Not Applicable |
| CVE-2026-44974 | NONE0 | @hapi/content 6.0.1 fixed in 6.0.2 | — | Not Applicable |
| CVE-2026-48049 | NONE0 | @hapi/inert 7.1.0 fixed in 7.1.1 | — | Not Applicable |
| CVE-2026-44979 | NONE0 | @hapi/wreck 18.1.0 fixed in 18.1.1 | — | Not Applicable |
| CVE-2026-48022 | NONE0 | @hapi/wreck 18.1.0 fixed in 18.1.2 | — | Not Applicable |
| CVE-2026-54285 | NONE0 | @opentelemetry/core 1.30.1 fixed in 2.8.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-54285 | NONE0 | @opentelemetry/core 2.6.1 fixed in 2.8.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-44902 | NONE0 | @opentelemetry/exporter-prometheus 0.214.0 fixed in 0.217.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-44902 | NONE0 | @opentelemetry/sdk-node 0.214.0 fixed in 0.217.0 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-49458 | NONE0 | dompurify 3.4.1 fixed in 3.4.6 | — | Not Applicable |
| CVE-2026-49459 | NONE0 | dompurify 3.4.1 fixed in 3.4.6 | — | Not Applicable |
| CVE-2026-49978 | NONE0 | dompurify 3.4.1 fixed in 3.4.7 | — | Not Applicable |
| GHSA-76mc-f452-cxcm | NONE0 | dompurify 3.4.1 fixed in 3.4.7 | — | Not Applicable |
| GHSA-cmwh-pvxp-8882 | NONE0 | dompurify 3.4.1 fixed in 3.4.11 | — | Not Applicable |
| GHSA-gvmj-g25r-r7wr | NONE0 | dompurify 3.4.1 fixed in 3.4.8 | — | Not Applicable |
| GHSA-vxr8-fq34-vvx9 | NONE0 | dompurify 3.4.1 fixed in 3.4.9 | — | Not Applicable |
| GHSA-x4vx-rjvf-j5p4 | NONE0 | dompurify 3.4.1 No fix yet | — | Not Applicable |
| CVE-2026-12143 | NONE0 | form-data 4.0.5 fixed in 2.5.6, 3.0.5, 4.0.6 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-54290 | NONE0 | hono 4.12.14 fixed in 4.12.25 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-44456 | NONE0 | hono 4.12.14 fixed in 4.12.16 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-44457 | NONE0 | hono 4.12.14 fixed in 4.12.18 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-44458 | NONE0 | hono 4.12.14 fixed in 4.12.18 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-47674 | NONE0 | hono 4.12.14 fixed in 4.12.21 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-47676 | NONE0 | hono 4.12.14 fixed in 4.12.21 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-54286 | NONE0 | hono 4.12.14 fixed in 4.12.25 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-54287 | NONE0 | hono 4.12.14 fixed in 4.12.25 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-54288 | NONE0 | hono 4.12.14 fixed in 4.12.25 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-54289 | NONE0 | hono 4.12.14 fixed in 4.12.25 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-44459 | NONE0 | hono 4.12.14 fixed in 4.12.18 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-48038 | NONE0 | joi 18.0.2 fixed in 18.2.1, 17.13.4 | — | Not Applicable |
| CVE-2026-46625 | NONE0 | js-cookie 2.2.1 fixed in 3.0.7 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-53550 | NONE0 | js-yaml 4.1.1 fixed in 4.2.0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-45134 | NONE0 | langsmith 0.5.25 fixed in 0.6.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-45618 | NONE0 | liquidjs 10.25.6 fixed in 10.26.0 | — | Not Applicable |
| CVE-2026-45357 | NONE0 | liquidjs 10.25.6 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-45617 | NONE0 | liquidjs 10.25.6 fixed in 10.26.0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-44644 | NONE0 | liquidjs 10.25.6 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-44645 | NONE0 | liquidjs 10.25.6 No fix yet | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-44646 | NONE0 | liquidjs 10.25.6 No fix yet | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-48988 | NONE0 | markdown-it 14.1.1 fixed in 14.2.0 | 0.3% Theoretical Threat | Not Applicable |
| GHSA-p6gq-j5cr-w38f | NONE0 | nodemailer 7.0.11 fixed in 9.0.1 | — | Not Applicable |
| GHSA-268h-hp4c-crq3 | NONE0 | nodemailer 7.0.11 fixed in 8.0.9 | — | Not Applicable |
| GHSA-r7g4-qg5f-qqm2 | NONE0 | nodemailer 7.0.11 fixed in 8.0.8 | — | Not Applicable |
| GHSA-vvjj-xcjg-gr5g | NONE0 | nodemailer 7.0.11 fixed in 8.0.5 | — | Not Applicable |
| GHSA-wqvq-jvpq-h66f | NONE0 | nodemailer 7.0.11 fixed in 8.0.9 | — | Not Applicable |
| GHSA-c7w3-x93f-qmm8 | NONE0 | nodemailer 7.0.11 fixed in 8.0.4 | — | Not Applicable |
| CVE-2026-55388 | NONE0 | piscina 3.2.0 fixed in 5.2.0, 4.9.3, 6.0.0-rc.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-44289 | NONE0 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-44290 | NONE0 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-44291 | NONE0 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-48712 | NONE0 | protobufjs 7.5.5 fixed in 7.6.1, 8.4.1 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-44292 | NONE0 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-44294 | NONE0 | protobufjs 7.5.5 fixed in 7.5.6, 8.0.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-54269 | NONE0 | protobufjs 7.5.5 fixed in 7.6.3, 8.6.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-8723 | NONE0 | qs 6.15.0 fixed in 6.15.2 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-53655 | NONE0 | tar 7.5.11 fixed in 7.5.16 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-48779 | NONE0 | ws 8.19.0 fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0 | 0.5% Theoretical Threat | Not Applicable |