Vulnerability Reportkubernetesui/dashboard:v2.3.0

kubernetesui/dashboard:v2.3.0

DIGESTsha256:244a428d2090c3e477f95994a4231e031c58c550dd2cdfbb14daf223bfe82df1

Executive Summary

Threat ScoreDANGEROUS• 47 critical/high severity vulnerabilities (CVSS >= 7.0) expose the container to remote code execution, authorization bypass, and denial of service.• CVE-2023-24538 (CVSS 9.8) allows arbitrary JavaScript execution in the web UI via template injection.• CVE-2023-45288 (CVSS 9.75) enables denial of service via excessive HTTP/2 CONTINUATION frames.• CVE-2022-1996 (CVSS 9.1) permits authorization bypass in the REST API.• Container binds to 0.0.0.0 with no authentication (--insecure-bind-address), increasing exposure.• Outdated Go stdlib (1.15.1) contains multiple high-severity flaws including CVE-2022-23806 (signature forgery).

100/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (1172M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could execute arbitrary JavaScript in the dashboard UI, bypass API authorization, or cause denial of service via HTTP/2. Disabling HTTP/2 support can fully mitigate CVE-2023-45288, but other high-severity vulnerabilities (e.g., CVE-2023-24538, CVE-2022-1996) remain exploitable and require updating the Go version and dependencies.

Vulnerabilities

Vulnerability Log

178 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-24538	CRITICAL9.8	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	2.3% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2023-24540	CRITICAL9.8	stdlib v1.15.1 fixed in 1.19.9, 1.20.4	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-24790	CRITICAL9.8	stdlib v1.15.1 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2023-45288	CRITICAL9.75	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.23.0	92.0% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2023-45288	CRITICAL9.75	stdlib v1.15.1 fixed in 1.21.9, 1.22.2	92.0% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2022-1996	CRITICAL9.1	github.com/emicklei/go-restful/v3 v3.3.3 fixed in 3.8.0	2.7% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2022-23806	CRITICAL9.1	stdlib v1.15.1 fixed in 1.16.14, 1.17.7	3.0% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2022-21698	HIGH7.5	github.com/prometheus/client_golang v1.10.0 fixed in 1.11.1	6.0% Low-Moderate Risk	Directly Exposed
CVE-2022-27191	HIGH7.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.0.0-20220314234659-1baeb1ce4c0b	3.9% Low-Moderate Risk	Directly Exposed
CVE-2022-27664	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20220906165146-f3363e06e74c	2.5% Low-Moderate Risk	Directly Exposed
CVE-2022-41723	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.7.0	4.6% Low-Moderate Risk	Directly Exposed
CVE-2023-39325	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.17.0	3.8% Low-Moderate Risk	Directly Exposed
CVE-2022-32149	HIGH7.5	golang.org/x/text v0.3.6 fixed in 0.3.8	1.4% Low-Moderate Risk	Directly Exposed
CVE-2021-44716	HIGH7.5	stdlib v1.15.1 fixed in 1.16.12, 1.17.5	4.0% Low-Moderate Risk	Directly Exposed
CVE-2022-23772	HIGH7.5	stdlib v1.15.1 fixed in 1.16.14, 1.17.7	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-24675	HIGH7.5	stdlib v1.15.1 fixed in 1.17.9, 1.18.1	5.3% Low-Moderate Risk	Directly Exposed
CVE-2022-24921	HIGH7.5	stdlib v1.15.1 fixed in 1.16.15, 1.17.8	3.2% Low-Moderate Risk	Directly Exposed
CVE-2022-27664	HIGH7.5	stdlib v1.15.1 fixed in 1.18.6, 1.19.1	2.5% Low-Moderate Risk	Directly Exposed
CVE-2022-28131	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.9% Low-Moderate Risk	Directly Exposed
CVE-2022-28327	HIGH7.5	stdlib v1.15.1 fixed in 1.17.9, 1.18.1	3.9% Low-Moderate Risk	Directly Exposed
CVE-2022-2879	HIGH7.5	stdlib v1.15.1 fixed in 1.18.7, 1.19.2	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-2880	HIGH7.5	stdlib v1.15.1 fixed in 1.18.7, 1.19.2	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-29804	HIGH7.5	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	1.9% Low-Moderate Risk	Directly Exposed
CVE-2022-30630	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30631	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30632	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30633	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30634	HIGH7.5	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30635	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.4% Low-Moderate Risk	Directly Exposed
CVE-2022-32189	HIGH7.5	stdlib v1.15.1 fixed in 1.17.13, 1.18.5	2.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41715	HIGH7.5	stdlib v1.15.1 fixed in 1.18.7, 1.19.2	1.3% Low-Moderate Risk	Directly Exposed
CVE-2022-41720	HIGH7.5	stdlib v1.15.1 fixed in 1.18.9, 1.19.4	1.2% Low-Moderate Risk	Directly Exposed
CVE-2022-41722	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2022-41723	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	4.6% Low-Moderate Risk	Directly Exposed
CVE-2022-41724	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-41725	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-24534	HIGH7.5	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	1.9% Low-Moderate Risk	Directly Exposed
CVE-2023-24536	HIGH7.5	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	1.5% Low-Moderate Risk	Directly Exposed
CVE-2023-24537	HIGH7.5	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	1.4% Low-Moderate Risk	Directly Exposed
CVE-2023-39325	HIGH7.5	stdlib v1.15.1 fixed in 1.20.10, 1.21.3	3.8% Low-Moderate Risk	Directly Exposed
CVE-2023-45283	HIGH7.5	stdlib v1.15.1 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5	2.8% Low-Moderate Risk	Directly Exposed
CVE-2023-45287	HIGH7.5	stdlib v1.15.1 fixed in 1.20.0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-34156	HIGH7.5	stdlib v1.15.1 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-39828	HIGH7.48	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.2% Theoretical Threat	Directly Exposed
CVE-2021-33195	HIGH7.3	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	3.2% Low-Moderate Risk	Directly Exposed
CVE-2023-24539	HIGH7.3	stdlib v1.15.1 fixed in 1.19.9, 1.20.4	1.0% Low-Moderate Risk	Directly Exposed
CVE-2023-29400	HIGH7.3	stdlib v1.15.1 fixed in 1.19.9, 1.20.4	1.0% Low-Moderate Risk	Directly Exposed
CVE-2026-39821	MEDIUM6.97	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-68121	MEDIUM6.8	stdlib v1.15.1 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2022-30580	MEDIUM6.63	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	0.6% Theoretical Threat	Directly Exposed
CVE-2023-29403	MEDIUM6.63	stdlib v1.15.1 fixed in 1.19.10, 1.20.5	0.4% Theoretical Threat	Directly Exposed
CVE-2021-3114	MEDIUM6.5	stdlib v1.15.1 fixed in 1.14.14, 1.15.7	2.7% Low-Moderate Risk	Directly Exposed
CVE-2021-34558	MEDIUM6.5	stdlib v1.15.1 fixed in 1.15.14, 1.16.6	7.0% Low-Moderate Risk	Directly Exposed
CVE-2022-1705	MEDIUM6.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-32148	MEDIUM6.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-29406	MEDIUM6.5	stdlib v1.15.1 fixed in 1.19.11, 1.20.6	1.3% Low-Moderate Risk	Directly Exposed
CVE-2021-43565	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.0.0-20211202192323-5770296d904e	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22869	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.35.0	0.9% Theoretical Threat	Directly Exposed
CVE-2025-47913	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.43.0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39829	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39830	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45338	MEDIUM6.38	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.33.0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.53.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-22868	MEDIUM6.38	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d fixed in 0.27.0	0.8% Theoretical Threat	Directly Exposed
CVE-2022-41716	MEDIUM6.38	stdlib v1.15.1 fixed in 1.18.8, 1.19.3	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58183	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61728	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42508	MEDIUM6.29	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45339	MEDIUM6.03	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b fixed in 1.2.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-46595	MEDIUM6.03	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2021-44716	MEDIUM6	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20211209124913-491a49abca63	4.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2021-38561	MEDIUM6	golang.org/x/text v0.3.6 fixed in 0.3.7	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2020-28362	MEDIUM6	stdlib v1.15.1 fixed in 1.14.12, 1.15.5	3.8% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2021-33198	MEDIUM6	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	3.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-47907	MEDIUM5.95	stdlib v1.15.1 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Directly Exposed
CVE-2021-31525	MEDIUM5.9	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20210428140749-89ef3d95e781	3.7% Low-Moderate Risk	Directly Exposed
CVE-2024-24786	MEDIUM5.9	google.golang.org/protobuf v1.25.0 fixed in 1.33.0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2021-31525	MEDIUM5.9	stdlib v1.15.1 fixed in 1.15.12, 1.16.4	3.7% Low-Moderate Risk	Directly Exposed
CVE-2021-36221	MEDIUM5.9	stdlib v1.15.1 fixed in 1.15.15, 1.16.7	3.1% Low-Moderate Risk	Directly Exposed
CVE-2024-24791	MEDIUM5.9	stdlib v1.15.1 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Directly Exposed
CVE-2024-34158	MEDIUM5.9	stdlib v1.15.1 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.15.1 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2023-2253	MEDIUM5.52	github.com/docker/distribution v2.7.1+incompatible fixed in 2.8.2-beta.1	0.9% Theoretical Threat	Directly Exposed
CVE-2026-35469	MEDIUM5.52	github.com/moby/spdystream v0.2.0 fixed in 0.5.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.38.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-24785	MEDIUM5.52	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	0.8% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.15.1 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.15.1 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24784	MEDIUM5.4	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41717	MEDIUM5.3	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.4.0	5.6% Low-Moderate Risk	Directly Exposed
CVE-2022-29526	MEDIUM5.3	golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 fixed in 0.0.0-20220412211240-33da011f77ad	2.6% Low-Moderate Risk	Directly Exposed
CVE-2021-33197	MEDIUM5.3	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	2.3% Low-Moderate Risk	Directly Exposed
CVE-2022-29526	MEDIUM5.3	stdlib v1.15.1 fixed in 1.17.10, 1.18.2	2.6% Low-Moderate Risk	Directly Exposed
CVE-2022-41717	MEDIUM5.3	stdlib v1.15.1 fixed in 1.18.9, 1.19.4	5.6% Low-Moderate Risk	Directly Exposed
CVE-2023-29409	MEDIUM5.3	stdlib v1.15.1 fixed in 1.19.12, 1.20.7, 1.21.0-rc.4	1.3% Low-Moderate Risk	Directly Exposed
CVE-2023-39326	MEDIUM5.3	stdlib v1.15.1 fixed in 1.20.12, 1.21.5	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-45289	MEDIUM5.3	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-45290	MEDIUM5.3	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-3978	MEDIUM5.18	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.13.0	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39318	MEDIUM5.18	stdlib v1.15.1 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39319	MEDIUM5.18	stdlib v1.15.1 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24783	MEDIUM5.02	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	0.7% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.15.1 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.15.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2021-44717	MEDIUM4.8	stdlib v1.15.1 fixed in 1.16.12, 1.17.5	1.9% Low-Moderate Risk	Directly Exposed
CVE-2022-1962	MEDIUM4.67	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	0.9% Theoretical Threat	Directly Exposed
CVE-2024-24789	MEDIUM4.67	stdlib v1.15.1 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.15.1 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.15.1 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-46598	MEDIUM4.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-47911	MEDIUM4.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58190	MEDIUM4.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2023-24532	MEDIUM4.5	stdlib v1.15.1 fixed in 1.19.7, 1.20.2	0.8% Theoretical Threat	Directly Exposed
CVE-2023-45284	MEDIUM4.5	stdlib v1.15.1 fixed in 1.20.11, 1.21.4	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.15.1 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.15.1 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.15.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2024-28180	MEDIUM4.3	gopkg.in/square/go-jose.v2 v2.4.1 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-22870	LOW3.74	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.15.1 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.15.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45337	LOW2.95	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.31.0	3.1% Low-Moderate Risk	Post-Exploit
CVE-2023-48795	LOW2.76	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.17.0	93.3% Actively Exploited	Post-Exploit
CVE-2021-33194	LOW2.7	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20210520170846-37e1c6afe023	7.5% Low-Moderate Risk	Post-Exploit
CVE-2021-27918	LOW2.7	stdlib v1.15.1 fixed in 1.15.9, 1.16.1	2.5% Low-Moderate Risk	Post-Exploit
CVE-2021-33196	LOW2.7	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	3.5% Low-Moderate Risk	Post-Exploit
CVE-2021-39293	LOW2.7	stdlib v1.15.1 fixed in 1.16.8, 1.17.1	6.9% Low-Moderate Risk	Post-Exploit
CVE-2021-41771	LOW2.7	stdlib v1.15.1 fixed in 1.16.10, 1.17.3	4.4% Low-Moderate Risk	Post-Exploit
CVE-2021-41772	LOW2.7	stdlib v1.15.1 fixed in 1.16.10, 1.17.3	3.1% Low-Moderate Risk	Post-Exploit
CVE-2022-30629	LOW2.63	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	0.9% Theoretical Threat	Directly Exposed
CVE-2026-27139	LOW2.12	stdlib v1.15.1 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
GHSA-qq97-vm5h-rrhg	NONE0	github.com/docker/distribution v2.7.1+incompatible fixed in 2.8.0	—	Not Applicable
CVE-2026-39827	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2022-30636	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.0.0-20220525230936-793ad666bf5e	0.6% Theoretical Threat	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.15.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.15.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.15.1 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable