Vulnerability Reportkubernetesui/dashboard:v2.3.1

kubernetesui/dashboard:v2.3.1

DIGESTsha256:e5848489963be532ec39d454ce509f2300ed8d3470bdfb8419be5d3a982bb09a

Executive Summary

Threat ScoreDANGEROUS• Critical vulnerabilities with CVSS scores up to 9.8, including CVE-2023-24538 and CVE-2023-24540 allowing remote code execution via template injection.• CVE-2023-45288 (9.75) enables denial of service via HTTP/2 CONTINUATION frames with active exploitation (EPSS 0.919).• CVE-2022-1996 (9.1) allows authorization bypass in the go-restful framework, compromising the dashboard's access controls.• Over 176 exposed vulnerabilities, with 83 at high severity (≥6.0) and 48 critical (≥7.0).• Insecure startup configuration binds to all interfaces without encryption.

100/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (1172M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit template injection vulnerabilities (CVE-2023-24538 and CVE-2023-24540) to execute arbitrary JavaScript, bypass authorization via CVE-2022-1996, or cause denial of service via CVE-2023-45288, leading to full compromise of the Kubernetes dashboard and potential access to the cluster. The container is configured to listen on all interfaces without encryption, exacerbating the risk.

Vulnerabilities

Vulnerability Log

178 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-24538	CRITICAL9.8	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	2.3% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2023-24540	CRITICAL9.8	stdlib v1.15.1 fixed in 1.19.9, 1.20.4	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2023-45288	CRITICAL9.75	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.23.0	92.0% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2023-45288	CRITICAL9.75	stdlib v1.15.1 fixed in 1.21.9, 1.22.2	92.0% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2022-1996	CRITICAL9.1	github.com/emicklei/go-restful/v3 v3.3.3 fixed in 3.8.0	2.7% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2024-24790	HIGH7.84	stdlib v1.15.1 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2022-21698	HIGH7.5	github.com/prometheus/client_golang v1.10.0 fixed in 1.11.1	6.0% Low-Moderate Risk	Directly Exposed
CVE-2022-27191	HIGH7.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.0.0-20220314234659-1baeb1ce4c0b	3.9% Low-Moderate Risk	Directly Exposed
CVE-2021-44716	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20211209124913-491a49abca63	4.0% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2022-27664	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20220906165146-f3363e06e74c	2.5% Low-Moderate Risk	Directly Exposed
CVE-2022-41723	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.7.0	4.6% Low-Moderate Risk	Directly Exposed
CVE-2023-39325	HIGH7.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.17.0	3.8% Low-Moderate Risk	Directly Exposed
CVE-2022-32149	HIGH7.5	golang.org/x/text v0.3.6 fixed in 0.3.8	1.4% Low-Moderate Risk	Directly Exposed
CVE-2021-44716	HIGH7.5	stdlib v1.15.1 fixed in 1.16.12, 1.17.5	4.0% Low-Moderate Risk	Directly Exposed
CVE-2022-23772	HIGH7.5	stdlib v1.15.1 fixed in 1.16.14, 1.17.7	2.8% Low-Moderate Risk	Directly Exposed
CVE-2022-24675	HIGH7.5	stdlib v1.15.1 fixed in 1.17.9, 1.18.1	5.3% Low-Moderate Risk	Directly Exposed
CVE-2022-24921	HIGH7.5	stdlib v1.15.1 fixed in 1.16.15, 1.17.8	3.2% Low-Moderate Risk	Directly Exposed
CVE-2022-27664	HIGH7.5	stdlib v1.15.1 fixed in 1.18.6, 1.19.1	2.5% Low-Moderate Risk	Directly Exposed
CVE-2022-28131	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.9% Low-Moderate Risk	Directly Exposed
CVE-2022-28327	HIGH7.5	stdlib v1.15.1 fixed in 1.17.9, 1.18.1	3.9% Low-Moderate Risk	Directly Exposed
CVE-2022-2879	HIGH7.5	stdlib v1.15.1 fixed in 1.18.7, 1.19.2	1.5% Low-Moderate Risk	Directly Exposed
CVE-2022-2880	HIGH7.5	stdlib v1.15.1 fixed in 1.18.7, 1.19.2	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-29804	HIGH7.5	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	1.9% Low-Moderate Risk	Directly Exposed
CVE-2022-30630	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30631	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30632	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30633	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30634	HIGH7.5	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	1.6% Low-Moderate Risk	Directly Exposed
CVE-2022-30635	HIGH7.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.4% Low-Moderate Risk	Directly Exposed
CVE-2022-32189	HIGH7.5	stdlib v1.15.1 fixed in 1.17.13, 1.18.5	2.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41715	HIGH7.5	stdlib v1.15.1 fixed in 1.18.7, 1.19.2	1.3% Low-Moderate Risk	Directly Exposed
CVE-2022-41720	HIGH7.5	stdlib v1.15.1 fixed in 1.18.9, 1.19.4	1.2% Low-Moderate Risk	Directly Exposed
CVE-2022-41722	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2022-41723	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	4.6% Low-Moderate Risk	Directly Exposed
CVE-2022-41724	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-41725	HIGH7.5	stdlib v1.15.1 fixed in 1.19.6, 1.20.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-24534	HIGH7.5	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	1.9% Low-Moderate Risk	Directly Exposed
CVE-2023-24536	HIGH7.5	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	1.5% Low-Moderate Risk	Directly Exposed
CVE-2023-24537	HIGH7.5	stdlib v1.15.1 fixed in 1.19.8, 1.20.3	1.4% Low-Moderate Risk	Directly Exposed
CVE-2023-39325	HIGH7.5	stdlib v1.15.1 fixed in 1.20.10, 1.21.3	3.8% Low-Moderate Risk	Directly Exposed
CVE-2023-45283	HIGH7.5	stdlib v1.15.1 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5	2.8% Low-Moderate Risk	Directly Exposed
CVE-2023-45287	HIGH7.5	stdlib v1.15.1 fixed in 1.20.0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-34156	HIGH7.5	stdlib v1.15.1 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-39828	HIGH7.48	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.2% Theoretical Threat	Directly Exposed
CVE-2021-33195	HIGH7.3	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	3.2% Low-Moderate Risk	Directly Exposed
CVE-2023-24539	HIGH7.3	stdlib v1.15.1 fixed in 1.19.9, 1.20.4	1.0% Low-Moderate Risk	Directly Exposed
CVE-2023-29400	HIGH7.3	stdlib v1.15.1 fixed in 1.19.9, 1.20.4	1.0% Low-Moderate Risk	Directly Exposed
CVE-2022-23806	HIGH7.28	stdlib v1.15.1 fixed in 1.16.14, 1.17.7	3.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-39821	MEDIUM6.97	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-68121	MEDIUM6.8	stdlib v1.15.1 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2022-30580	MEDIUM6.63	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	0.6% Theoretical Threat	Directly Exposed
CVE-2023-29403	MEDIUM6.63	stdlib v1.15.1 fixed in 1.19.10, 1.20.5	0.4% Theoretical Threat	Directly Exposed
CVE-2021-3114	MEDIUM6.5	stdlib v1.15.1 fixed in 1.14.14, 1.15.7	2.7% Low-Moderate Risk	Directly Exposed
CVE-2021-34558	MEDIUM6.5	stdlib v1.15.1 fixed in 1.15.14, 1.16.6	7.0% Low-Moderate Risk	Directly Exposed
CVE-2022-1705	MEDIUM6.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.1% Low-Moderate Risk	Directly Exposed
CVE-2022-32148	MEDIUM6.5	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-29406	MEDIUM6.5	stdlib v1.15.1 fixed in 1.19.11, 1.20.6	1.3% Low-Moderate Risk	Directly Exposed
CVE-2021-43565	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.0.0-20211202192323-5770296d904e	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22869	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.35.0	0.9% Theoretical Threat	Directly Exposed
CVE-2025-47913	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.43.0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39829	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39830	MEDIUM6.38	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45338	MEDIUM6.38	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.33.0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.53.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-22868	MEDIUM6.38	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d fixed in 0.27.0	0.8% Theoretical Threat	Directly Exposed
CVE-2022-41716	MEDIUM6.38	stdlib v1.15.1 fixed in 1.18.8, 1.19.3	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33811	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33814	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-39820	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly Exposed
CVE-2026-39836	MEDIUM6.38	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly Exposed
CVE-2025-58183	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61728	MEDIUM6.38	stdlib v1.15.1 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42508	MEDIUM6.29	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45339	MEDIUM6.03	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b fixed in 1.2.4	0.3% Theoretical Threat	Directly Exposed
CVE-2026-46595	MEDIUM6.03	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Directly Exposed
CVE-2021-38561	MEDIUM6	golang.org/x/text v0.3.6 fixed in 0.3.7	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2020-28362	MEDIUM6	stdlib v1.15.1 fixed in 1.14.12, 1.15.5	3.8% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-47907	MEDIUM5.95	stdlib v1.15.1 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Directly Exposed
CVE-2021-31525	MEDIUM5.9	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20210428140749-89ef3d95e781	3.7% Low-Moderate Risk	Directly Exposed
CVE-2024-24786	MEDIUM5.9	google.golang.org/protobuf v1.25.0 fixed in 1.33.0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2021-31525	MEDIUM5.9	stdlib v1.15.1 fixed in 1.15.12, 1.16.4	3.7% Low-Moderate Risk	Directly Exposed
CVE-2021-36221	MEDIUM5.9	stdlib v1.15.1 fixed in 1.15.15, 1.16.7	3.1% Low-Moderate Risk	Directly Exposed
CVE-2024-24791	MEDIUM5.9	stdlib v1.15.1 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Directly Exposed
CVE-2024-34158	MEDIUM5.9	stdlib v1.15.1 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.15.1 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2023-2253	MEDIUM5.52	github.com/docker/distribution v2.7.1+incompatible fixed in 2.8.2-beta.1	0.9% Theoretical Threat	Directly Exposed
CVE-2026-35469	MEDIUM5.52	github.com/moby/spdystream v0.2.0 fixed in 0.5.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.38.0	0.4% Theoretical Threat	Directly Exposed
CVE-2024-24785	MEDIUM5.52	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	0.8% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.15.1 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.15.1 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24784	MEDIUM5.4	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2022-41717	MEDIUM5.3	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.4.0	5.6% Low-Moderate Risk	Directly Exposed
CVE-2022-29526	MEDIUM5.3	golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 fixed in 0.0.0-20220412211240-33da011f77ad	2.6% Low-Moderate Risk	Directly Exposed
CVE-2021-33197	MEDIUM5.3	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	2.3% Low-Moderate Risk	Directly Exposed
CVE-2022-29526	MEDIUM5.3	stdlib v1.15.1 fixed in 1.17.10, 1.18.2	2.6% Low-Moderate Risk	Directly Exposed
CVE-2022-41717	MEDIUM5.3	stdlib v1.15.1 fixed in 1.18.9, 1.19.4	5.6% Low-Moderate Risk	Directly Exposed
CVE-2023-29409	MEDIUM5.3	stdlib v1.15.1 fixed in 1.19.12, 1.20.7, 1.21.0-rc.4	1.3% Low-Moderate Risk	Directly Exposed
CVE-2023-39326	MEDIUM5.3	stdlib v1.15.1 fixed in 1.20.12, 1.21.5	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-45289	MEDIUM5.3	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-45290	MEDIUM5.3	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-3978	MEDIUM5.18	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.13.0	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39318	MEDIUM5.18	stdlib v1.15.1 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39319	MEDIUM5.18	stdlib v1.15.1 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24783	MEDIUM5.02	stdlib v1.15.1 fixed in 1.21.8, 1.22.1	0.7% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.15.1 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.15.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2021-44717	MEDIUM4.8	stdlib v1.15.1 fixed in 1.16.12, 1.17.5	1.9% Low-Moderate Risk	Directly Exposed
CVE-2022-1962	MEDIUM4.67	stdlib v1.15.1 fixed in 1.17.12, 1.18.4	0.9% Theoretical Threat	Directly Exposed
CVE-2024-24789	MEDIUM4.67	stdlib v1.15.1 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.15.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.15.1 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.15.1 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2021-33194	MEDIUM4.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.0.0-20210520170846-37e1c6afe023	7.5% Low-Moderate Risk	Directly Exposed
CVE-2021-27918	MEDIUM4.5	stdlib v1.15.1 fixed in 1.15.9, 1.16.1	2.5% Low-Moderate Risk	Directly Exposed
CVE-2021-33196	MEDIUM4.5	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	3.5% Low-Moderate Risk	Directly Exposed
CVE-2021-33198	MEDIUM4.5	stdlib v1.15.1 fixed in 1.15.13, 1.16.5	3.4% Low-Moderate Risk	Directly Exposed
CVE-2021-39293	MEDIUM4.5	stdlib v1.15.1 fixed in 1.16.8, 1.17.1	6.9% Low-Moderate Risk	Directly Exposed
CVE-2021-41771	MEDIUM4.5	stdlib v1.15.1 fixed in 1.16.10, 1.17.3	4.4% Low-Moderate Risk	Directly Exposed
CVE-2021-41772	MEDIUM4.5	stdlib v1.15.1 fixed in 1.16.10, 1.17.3	3.1% Low-Moderate Risk	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-46598	MEDIUM4.5	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-47911	MEDIUM4.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58190	MEDIUM4.5	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2023-24532	MEDIUM4.5	stdlib v1.15.1 fixed in 1.19.7, 1.20.2	0.8% Theoretical Threat	Directly Exposed
CVE-2023-45284	MEDIUM4.5	stdlib v1.15.1 fixed in 1.20.11, 1.21.4	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.15.1 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.15.1 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.15.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.15.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2024-28180	MEDIUM4.3	gopkg.in/square/go-jose.v2 v2.4.1 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-22870	LOW3.74	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.15.1 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.15.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45337	LOW2.95	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.31.0	3.1% Low-Moderate Risk	Post-Exploit
CVE-2023-48795	LOW2.76	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.17.0	93.3% Actively Exploited	Post-Exploit
CVE-2022-30629	LOW2.63	stdlib v1.15.1 fixed in 1.17.11, 1.18.3	0.9% Theoretical Threat	Directly Exposed
CVE-2026-27139	LOW2.12	stdlib v1.15.1 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
GHSA-qq97-vm5h-rrhg	NONE0	github.com/docker/distribution v2.7.1+incompatible fixed in 2.8.0	—	Not Applicable
CVE-2026-39827	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2022-30636	NONE0	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 fixed in 0.0.0-20220525230936-793ad666bf5e	0.6% Theoretical Threat	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.15.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.15.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.15.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.15.1 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable