Vulnerability Reportlogstash:9.3.5

logstash:9.3.5

DIGESTsha256:99c7737fee9e1b32edcd81174ff8246297a2cb3e1b2e3ba436b70a6046dbc447

Executive Summary

Threat ScoreCAUTION• 101 total exposed vulnerabilities, including 2 high-severity (max severity 7.73) and 6 medium-severity.• CVE-2026-33210 (severity 7.73) enables denial of service or information disclosure via crafted JSON input.• CVE-2025-27113 (severity 7.5) causes denial of service via libxml2 pattern matching.• CVE-2026-50010 (severity 6.38) bypasses TLS hostname verification in Netty, enabling MITM attacks.• Image is official and pinned by digest, providing supply chain assurance.

74/100CAUTION

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service via crafted JSON or XML payloads, or bypass TLS hostname verification to intercept data sent to Elasticsearch. Note: CVE-2026-33210 only applies when the allow_duplicate_key: false option is used for JSON parsing; CVE-2026-50010 only affects deployments using a custom X509TrustManager for TLS connections.

Vulnerabilities

Vulnerability Log

166 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33210	HIGH7.73	json 2.18.1 fixed in ~> 2.15.2.1, ~> 2.17.1.2, >= 2.19.2	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-27113	HIGH7.5	libxml2 2.9.13-14.el9_7 No fix yet	1.0% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2026-6732	MEDIUM6.38	libxml2 2.9.13-14.el9_7 No fix yet	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.1.134.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.1.134.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-5588	MEDIUM6.38	org.bouncycastle:bcpkix-jdk18on 1.79 fixed in 1.84	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-44604	MEDIUM5.95	rpm-libs 4.16.1.3-40.el9 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.9	libtasn1 4.16.0-9.el9 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2026-22185	MEDIUM5.78	openldap 2.6.8-4.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-4105	MEDIUM5.7	systemd-libs 252-67.el9_8.2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2025-5915	MEDIUM5.61	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-5918	MEDIUM5.61	libarchive 3.5.3-9.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4426	MEDIUM5.52	libarchive 3.5.3-9.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9149	MEDIUM5.52	libsolv 0.7.24-5.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9150	MEDIUM5.52	libsolv 0.7.24-5.el9_8 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-fips-provider 3.0.7-8.el9 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-fips-provider-so 3.0.7-8.el9 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0636	MEDIUM5.52	org.bouncycastle:bcprov-jdk18on 1.79 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM5.5	io.netty:netty-handler 4.1.134.Final fixed in 4.2.15.Final, 4.1.135.Final	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-34459	MEDIUM5.5	libxml2 2.9.13-14.el9_7 No fix yet	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-1757	MEDIUM5.27	libxml2 2.9.13-14.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-41989	MEDIUM5.1	libgcrypt 1.10.0-11.el9 No fix yet	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	glibc 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-common 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-0990	MEDIUM5.02	libxml2 2.9.13-14.el9_7 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-fips-provider 3.0.7-8.el9 fixed in 3.0.7-11.el9_8	1.0% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-fips-provider-so 3.0.7-8.el9 fixed in 3.0.7-11.el9_8	1.0% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-5916	MEDIUM4.76	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2024-41996	MEDIUM4.72	openssl-libs 1:3.5.5-4.el9_8 No fix yet	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-60753	MEDIUM4.67	libarchive 3.5.3-9.el9_7 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5745	MEDIUM4.67	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-1632	MEDIUM4.67	libarchive 3.5.3-9.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc 11.5.0-14.el9 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libstdc++ 11.5.0-14.el9 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++ 11.5.0-14.el9 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2024-0232	MEDIUM4.67	sqlite-libs 3.34.1-10.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.11-40.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1489	MEDIUM4.59	glib2 2.68.4-19.el9_8.1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-30571	MEDIUM4.5	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.2.5-8.el9_0 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-50020	MEDIUM4.5	io.netty:netty-codec-http 4.1.134.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM4.25	bzip2-libs 1.0.8-11.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-common 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-minimal-langpack 2.34-270.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	krb5-libs 1.21.1-10.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-5917	MEDIUM4.25	libarchive 3.5.3-9.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM4.13	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid 2.37.4-25.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2023-32636	LOW3.83	glib2 2.68.4-19.el9_8.1 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	LOW3.83	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	LOW3.83	openssl-libs 1:3.5.5-4.el9_8 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-5773	LOW3.82	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW3.82	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW3.82	openssl 1:3.5.5-4.el9_8 No fix yet	0.8% Theoretical Threat	Post-Exploit
CVE-2023-4156	LOW3.62	gawk 5.1.0-6.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2005-2541	LOW3.6	tar 2:1.34-11.el9 No fix yet	4.0% Low-Moderate Risk	Post-Exploit
CVE-2026-44604	LOW3.57	rpm 4.16.1.3-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-1484	LOW3.57	glib2 2.68.4-19.el9_8.1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-11053	LOW3.54	curl-minimal 7.76.1-40.el9 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-11053	LOW3.54	libcurl-minimal 7.76.1-40.el9 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-41996	LOW3.54	openssl 1:3.5.5-4.el9_8 No fix yet	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-13034	LOW3.47	curl-minimal 7.76.1-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-13034	LOW3.47	libcurl-minimal 7.76.1-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	curl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	libcurl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2023-45322	LOW3.31	libxml2 2.9.13-14.el9_7 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-2673	LOW3.31	openssl 1:3.5.5-4.el9_8 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33056	LOW3.31	tar 2:1.34-11.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl-minimal 7.76.1-40.el9 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	libcurl-minimal 7.76.1-40.el9 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-5958	LOW3.21	sed 4.8-10.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-3360	LOW3.15	glib2 2.68.4-19.el9_8.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-7039	LOW3.15	glib2 2.68.4-19.el9_8.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0988	LOW3.15	glib2 2.68.4-19.el9_8.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0989	LOW3.15	libxml2 2.9.13-14.el9_7 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	openssl-libs 1:3.5.5-4.el9_8 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-31789	LOW3	openssl 1:3.5.5-4.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-24883	LOW2.8	gnupg2 2.3.3-5.el9_7 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 2:1.34-11.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41990	LOW2.8	libgcrypt 1.10.0-11.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-70873	LOW2.8	sqlite-libs 3.34.1-10.el9_8 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4873	LOW2.7	curl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl-minimal 7.76.1-40.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl-minimal 7.76.1-40.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2024-7264	LOW2.69	curl-minimal 7.76.1-40.el9 No fix yet	16.2% High Exploitation Risk	Post-Exploit
CVE-2024-7264	LOW2.69	libcurl-minimal 7.76.1-40.el9 No fix yet	16.2% High Exploitation Risk	Post-Exploit
CVE-2025-15079	LOW2.48	curl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	libcurl-minimal 7.76.1-40.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	openssl 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-41316	LOW2.48	erb 2.2.3 fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4	0.5% Theoretical Threat	Post-Exploit
CVE-2026-0992	LOW2.46	libxml2 2.9.13-14.el9_7 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-14017	LOW2.45	curl-minimal 7.76.1-40.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl-minimal 7.76.1-40.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg2 2.3.3-5.el9_7 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-30258	LOW2.4	gnupg2 2.3.3-5.el9_7 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	libcurl-minimal 7.76.1-40.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-13176	LOW2.4	openssl 1:3.5.5-4.el9_8 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2025-64118	LOW2.4	tar 2:1.34-11.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2026-48864	LOW2.39	libsolv 0.7.24-5.el9_8 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1485	LOW2.38	glib2 2.68.4-19.el9_8.1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2024-9681	LOW2.34	curl-minimal 7.76.1-40.el9 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-9681	LOW2.34	libcurl-minimal 7.76.1-40.el9 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2026-28388	LOW2.29	openssl 1:3.5.5-4.el9_8 No fix yet	0.9% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2022-41409	LOW2.29	pcre2-syntax 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils-single 8.32-40.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-6170	LOW2.12	libxml2 2.9.13-14.el9_7 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW1.86	openssl 1:3.5.5-4.el9_8 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2022-3219	LOW1.68	gnupg2 2.3.3-5.el9_7 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-39804	LOW1.68	tar 2:1.34-11.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2023-50495	NONE0	ncurses-base 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-libs 6.2-12.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.16.2 fixed in 2.21.1, 2.18.6	—	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-54904	NONE0	concurrent-ruby 1.1.9 fixed in >= 1.3.7	—	Not Applicable
CVE-2026-54905	NONE0	concurrent-ruby 1.1.9 fixed in >= 1.3.7	—	Not Applicable
CVE-2026-54906	NONE0	concurrent-ruby 1.1.9 fixed in >= 1.3.7	—	Not Applicable
CVE-2026-54297	NONE0	faraday 2.14.2 fixed in >= 2.14.3	—	Not Applicable
CVE-2026-47240	NONE0	net-imap 0.5.14 fixed in ~> 0.5.15, >= 0.6.4.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-47242	NONE0	net-imap 0.5.14 fixed in ~> 0.5.15, >= 0.6.4.1	0.1% Theoretical Threat	Not Applicable
CVE-2026-47241	NONE0	net-imap 0.5.14 fixed in ~> 0.5.15, >= 0.6.4.1	0.2% Theoretical Threat	Not Applicable
GHSA-c4rq-3m3g-8wgx	NONE0	nokogiri 1.18.10 fixed in >= 1.19.3	—	Not Applicable
GHSA-5prr-v3j2-97mh	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-v2fc-qm4h-8hqv	NONE0	nokogiri 1.18.10 fixed in >= 1.19.3	—	Not Applicable
GHSA-wx95-c6cv-8532	NONE0	nokogiri 1.18.10 fixed in >= 1.19.1	—	Not Applicable
GHSA-5v8h-3h3q-446p	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-8678-w3jw-xfc2	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-9cv2-cfxc-v4v2	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-p67v-3w7g-wjg7	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-phwj-rprq-35pp	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-wfpw-mmfh-qq69	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
GHSA-wjv4-x9w8-wm3h	NONE0	nokogiri 1.18.10 fixed in >= 1.19.4	—	Not Applicable
CVE-2026-47736	NONE0	puma 6.6.1 fixed in ~> 7.2.1, >= 8.0.2	—	Not Applicable
CVE-2026-47737	NONE0	puma 6.6.1 fixed in ~> 7.2.1, >= 8.0.2	—	Not Applicable