Vulnerability Reportmaven:4.0.0-rc-5-amazoncorretto-21

maven:4.0.0-rc-5-amazoncorretto-21

DIGESTsha256:3d6f0dac51a7467ed6012f4fbf6732dc50cd2a94402f10afd6fdc740c0ce19be

Executive Summary

Threat ScoreSAFE• Official Docker Hub image with high trust score (100) and pinned by digest• All vulnerabilities have low severity (max 5.98) and minimal impact• No exposed or post-exploit vulnerabilities listed with CVEs

0/100SAFE

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image is safe for production use. The single low-severity vulnerability (max CVSS 5.98) and one post-exploit finding (max CVSS 2.78) pose no practical risk, especially given the trusted official source and immutable digest. No CVE IDs were reported in the top findings.

Vulnerabilities

Vulnerability Log

2 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-67030	MEDIUM5.98	org.codehaus.plexus:plexus-utils 4.0.2 fixed in 4.0.3, 3.6.1	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-7598	LOW2.78	libssh2 1.4.3-12.amzn2.2.6 fixed in 1.4.3-12.amzn2.2.7	0.4% Theoretical Threat	Post-Exploit