Vulnerability Reportmetasploitframework/metasploit-framework:6.3.34

metasploitframework/metasploit-framework:6.3.34

DIGESTsha256:4818a53ec8d1709cbd3b9d38318677db619af68b20a6ca35c21fc7b366a16501

Executive Summary

Threat ScoreDANGEROUS• Image contains 137 known vulnerabilities, including 6 with severity >=7.0.• Critical buffer overflow in zlib (CVE-2026-27820, CVSS 8.33) can lead to remote code execution when processing crafted gzip data.• Additional high-severity vulnerabilities such as HTTP/2 Rapid Reset (CVE-2023-44487) and Werkzeug resource exhaustion (CVE-2024-49767) pose denial-of-service risks.• Image is community-maintained and unverified, lacking official security assurances.• Default use as a penetration testing tool increases exposure to attack surfaces.

100/100DANGEROUS

ReputationCOMMUNITY• Community Image with low/unknown reputation• Pinned by digest (Immutable)

UNVERIFIED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could execute arbitrary code via the zlib buffer overflow (CVE-2026-27820) or cause denial of service through HTTP/2 Rapid Reset (CVE-2023-44487). The image contains 137 known vulnerabilities and is from an unverified community source. Disabling HTTP/2 in any web services would fully mitigate CVE-2023-44487.

Vulnerabilities

Vulnerability Log

231 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-27820	HIGH8.33	zlib 2.0.0 fixed in ~> 3.0.1, ~> 3.1.2, >= 3.2.3	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2023-44487	HIGH7.8	nghttp2-libs 1.46.0-r1 fixed in 1.46.0-r2	100.0% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2024-49767	HIGH7.5	Werkzeug 2.3.7 fixed in 3.0.6	1.1% Low-Moderate Risk	Directly Exposed
CVE-2025-27610	HIGH7.5	rack 2.2.7 fixed in ~> 2.2.13, ~> 3.0.14, >= 3.1.12	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-56201	HIGH7.48	Jinja2 3.1.2 fixed in 3.1.5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-27516	HIGH7.48	Jinja2 3.1.2 fixed in 3.1.6	0.5% Theoretical Threat	Directly Exposed
CVE-2024-25126	MEDIUM6.9	rack 2.2.7 fixed in ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	35.4% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-41316	MEDIUM6.88	erb 2.2.0 fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4	0.5% Theoretical Threat	Directly Exposed
CVE-2024-28103	MEDIUM6.66	actionpack 7.0.5 fixed in ~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42257	MEDIUM6.66	net-imap 0.1.1 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42258	MEDIUM6.66	net-imap 0.1.1 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42257	MEDIUM6.66	net-imap 0.3.7 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42258	MEDIUM6.66	net-imap 0.3.7 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2023-40175	MEDIUM6.66	puma 6.3.0 fixed in ~> 5.6.7, >= 6.3.1	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-25184	MEDIUM6.5	rack 2.2.7 fixed in ~> 2.2.11, ~> 3.0.12, >= 3.1.10	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-43804	MEDIUM6.48	py3-urllib3 1.26.7-r0 fixed in 1.26.17-r0	1.2% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-26130	MEDIUM6.38	cryptography 41.0.3 fixed in 42.0.4	0.8% Theoretical Threat	Directly Exposed
CVE-2023-49083	MEDIUM6.38	cryptography 41.0.3 fixed in 41.0.6	1.0% Theoretical Threat	Directly Exposed
CVE-2026-30922	MEDIUM6.38	pyasn1 0.5.0 fixed in 0.6.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33176	MEDIUM6.38	activesupport 7.0.5 fixed in ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33306	MEDIUM6.38	bcrypt 3.1.18 fixed in >= 3.1.22	0.2% Theoretical Threat	Directly Exposed
CVE-2025-27219	MEDIUM6.38	cgi 0.2.2 fixed in ~> 0.3.5.1, ~> 0.3.7, >= 0.4.2	0.8% Theoretical Threat	Directly Exposed
CVE-2025-27220	MEDIUM6.38	cgi 0.2.2 fixed in ~> 0.3.5.1, ~> 0.3.7, >= 0.4.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42245	MEDIUM6.38	net-imap 0.1.1 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42245	MEDIUM6.38	net-imap 0.3.7 fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly Exposed
CVE-2024-21647	MEDIUM6.38	puma 6.3.0 fixed in ~> 5.6.8, >= 6.4.2	1.0% Theoretical Threat	Directly Exposed
CVE-2025-27111	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.12, ~> 3.0.13, >= 3.1.11	0.7% Theoretical Threat	Directly Exposed
CVE-2025-46727	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.14, ~> 3.0.16, >= 3.1.14	0.9% Theoretical Threat	Directly Exposed
CVE-2025-59830	MEDIUM6.38	rack 2.2.7 fixed in >= 2.2.18	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61770	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.19, ~> 3.1.17, >= 3.2.2	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61771	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.19, ~> 3.1.17, >= 3.2.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61919	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.20, ~> 3.1.18, >= 3.2.3	0.6% Theoretical Threat	Directly Exposed
CVE-2026-22860	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.22, ~> 3.1.20, >= 3.2.5	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34785	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34829	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34230	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34826	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34830	MEDIUM6.38	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.2% Theoretical Threat	Directly Exposed
CVE-2025-61921	MEDIUM6.38	sinatra 3.0.6 fixed in >= 4.2.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61594	MEDIUM6.38	uri 0.10.1 fixed in ~> 0.12.5, ~> 0.13.3, >= 1.0.4	0.5% Theoretical Threat	Directly Exposed
CVE-2024-47220	MEDIUM6.38	webrick 1.8.1 fixed in >= 1.8.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-12790	MEDIUM6.29	mqtt 0.6.0 fixed in >= 0.7.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42246	MEDIUM6.29	net-imap 0.1.1 fixed in ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42246	MEDIUM6.29	net-imap 0.3.7 fixed in ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4	0.4% Theoretical Threat	Directly Exposed
CVE-2024-26143	MEDIUM6.1	actionpack 7.0.5 fixed in ~> 7.0.8, >= 7.0.8.1, >= 7.1.3.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2023-50782	MEDIUM6	cryptography 41.0.3 fixed in 42.0.0	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-26141	MEDIUM6	rack 2.2.7 fixed in ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	1.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-26146	MEDIUM6	rack 2.2.7 fixed in ~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1	2.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-49761	MEDIUM6	rexml 3.2.5 fixed in >= 3.3.9	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-41123	MEDIUM6	rexml 3.2.5 fixed in >= 3.3.3	1.3% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-41946	MEDIUM6	rexml 3.2.5 fixed in >= 3.3.3	1.2% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2023-29483	MEDIUM5.9	dnspython 2.4.2 fixed in 2.6.1	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-43398	MEDIUM5.9	rexml 3.2.5 fixed in >= 3.3.6	1.2% Low-Moderate Risk	Directly Exposed
CVE-2026-26007	MEDIUM5.52	cryptography 41.0.3 fixed in 46.0.5	0.2% Theoretical Threat	Directly Exposed
CVE-2026-35611	MEDIUM5.52	addressable 2.8.4 fixed in >= 2.9.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33637	MEDIUM5.52	faraday 2.7.6 fixed in >= 2.14.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-43857	MEDIUM5.52	net-imap 0.1.1 fixed in ~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7	0.4% Theoretical Threat	Directly Exposed
CVE-2025-25186	MEDIUM5.52	net-imap 0.3.7 fixed in ~> 0.3.8, ~> 0.4.19, >= 0.5.6	0.6% Theoretical Threat	Directly Exposed
CVE-2025-43857	MEDIUM5.52	net-imap 0.3.7 fixed in ~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34786	MEDIUM5.52	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34831	MEDIUM5.52	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.1% Theoretical Threat	Directly Exposed
CVE-2024-0727	MEDIUM5.5	cryptography 41.0.3 fixed in 42.0.2	3.2% Low-Moderate Risk	Directly Exposed
CVE-2024-56326	MEDIUM5.35	Jinja2 3.1.2 fixed in 3.1.5	0.5% Theoretical Threat	Directly Exposed
CVE-2023-5678	MEDIUM5.3	libcrypto1.1 1.1.1v-r0 fixed in 1.1.1w-r1	4.5% Low-Moderate Risk	Directly Exposed
CVE-2023-5678	MEDIUM5.3	libssl1.1 1.1.1v-r0 fixed in 1.1.1w-r1	4.5% Low-Moderate Risk	Directly Exposed
CVE-2023-5678	MEDIUM5.3	openssl-dev 1.1.1v-r0 fixed in 1.1.1w-r1	4.5% Low-Moderate Risk	Directly Exposed
CVE-2024-35176	MEDIUM5.3	rexml 3.2.5 fixed in >= 3.2.7	2.1% Low-Moderate Risk	Directly Exposed
CVE-2023-28756	MEDIUM5.3	time 0.1.0 fixed in ~> 0.1.1, >= 0.2.2	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-28755	MEDIUM5.3	uri 0.10.1 fixed in ~> 0.10.0.1, ~> 0.10.2, ~> 0.11.1, >= 0.12.1	2.6% Low-Moderate Risk	Directly Exposed
CVE-2023-36617	MEDIUM5.3	uri 0.10.1 fixed in ~> 0.10.0.3, ~> 0.10.3, ~> 0.11.2, >= 0.12.2	1.5% Low-Moderate Risk	Directly Exposed
CVE-2024-5569	MEDIUM5.27	zipp 3.16.2 fixed in 3.19.1	0.2% Theoretical Threat	Directly Exposed
CVE-2024-22195	MEDIUM5.18	Jinja2 3.1.2 fixed in 3.1.3	0.9% Theoretical Threat	Directly Exposed
CVE-2026-33170	MEDIUM5.18	activesupport 7.0.5 fixed in ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	0.3% Theoretical Threat	Directly Exposed
CVE-2024-53985	MEDIUM5.18	rails-html-sanitizer 1.6.0 fixed in >= 1.6.1	0.6% Theoretical Threat	Directly Exposed
CVE-2024-53986	MEDIUM5.18	rails-html-sanitizer 1.6.0 fixed in >= 1.6.1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-53987	MEDIUM5.18	rails-html-sanitizer 1.6.0 fixed in >= 1.6.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-53988	MEDIUM5.18	rails-html-sanitizer 1.6.0 fixed in >= 1.6.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-53989	MEDIUM5.18	rails-html-sanitizer 1.6.0 fixed in >= 1.6.1	0.5% Theoretical Threat	Directly Exposed
CVE-2023-52323	MEDIUM5.02	pycryptodomex 3.18.0 fixed in 3.19.1	0.6% Theoretical Threat	Directly Exposed
CVE-2025-6442	MEDIUM5.02	webrick 1.8.1 fixed in >= 1.8.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-25765	MEDIUM4.93	faraday 2.7.6 fixed in ~> 1.10.5, >= 2.14.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-34064	MEDIUM4.59	Jinja2 3.1.2 fixed in 3.1.4	1.0% Theoretical Threat	Directly Exposed
CVE-2026-33168	MEDIUM4.59	actionview 7.0.5 fixed in ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	0.5% Theoretical Threat	Directly Exposed
CVE-2024-45614	MEDIUM4.59	puma 6.3.0 fixed in ~> 5.6.9, >= 6.4.3	0.7% Theoretical Threat	Directly Exposed
CVE-2026-25500	MEDIUM4.59	rack 2.2.7 fixed in ~> 2.2.22, ~> 3.1.20, >= 3.2.5	0.2% Theoretical Threat	Directly Exposed
CVE-2024-21510	MEDIUM4.59	sinatra 3.0.6 fixed in >= 4.1.0	0.5% Theoretical Threat	Directly Exposed
CVE-2023-38545	MEDIUM4.58	curl 8.2.1-r0 fixed in 8.4.0-r0	78.5% Actively Exploited	Post-Exploit
CVE-2023-38545	MEDIUM4.58	libcurl 8.2.1-r0 fixed in 8.4.0-r0	78.5% Actively Exploited	Post-Exploit
CVE-2024-49766	MEDIUM4.5	Werkzeug 2.3.7 fixed in 3.0.6	0.8% Theoretical Threat	Directly Exposed
CVE-2025-66221	MEDIUM4.5	Werkzeug 2.3.7 fixed in 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-21860	MEDIUM4.5	Werkzeug 2.3.7 fixed in 3.1.5	0.4% Theoretical Threat	Directly Exposed
CVE-2026-27199	MEDIUM4.5	Werkzeug 2.3.7 fixed in 3.1.6	0.6% Theoretical Threat	Directly Exposed
CVE-2026-34073	MEDIUM4.5	cryptography 41.0.3 fixed in 46.0.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27448	MEDIUM4.5	pyOpenSSL 23.2.0 fixed in 26.0.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-33169	MEDIUM4.5	activesupport 7.0.5 fixed in ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	0.5% Theoretical Threat	Directly Exposed
CVE-2025-14762	MEDIUM4.5	aws-sdk-s3 1.123.1 fixed in >= 1.208.0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-61772	MEDIUM4.5	rack 2.2.7 fixed in ~> 2.2.19, ~> 3.1.17, >= 3.2.2	0.8% Theoretical Threat	Directly Exposed
CVE-2025-61780	MEDIUM4.5	rack 2.2.7 fixed in ~> 2.2.20, ~> 3.1.18, >= 3.2.3	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34763	MEDIUM4.5	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.2% Theoretical Threat	Directly Exposed
CVE-2026-26961	MEDIUM4.5	rack 2.2.7 fixed in ~> 2.2.23, ~> 3.1.21, >= 3.2.6	0.3% Theoretical Threat	Directly Exposed
CVE-2025-24294	MEDIUM4.5	resolv 0.2.1 fixed in ~> 0.2.2, ~> 0.3.0, >= 0.6.1	0.5% Theoretical Threat	Directly Exposed
CVE-2025-27221	MEDIUM4.5	uri 0.10.1 fixed in ~> 0.11.3, ~> 0.12.4, ~> 0.13.2, >= 1.0.3	0.5% Theoretical Threat	Directly Exposed
CVE-2023-5870	MEDIUM4.4	libecpg 14.9-r0 fixed in 14.10-r0	2.6% Low-Moderate Risk	Directly Exposed
CVE-2023-5870	MEDIUM4.4	libpq 14.9-r0 fixed in 14.10-r0	2.6% Low-Moderate Risk	Directly Exposed
CVE-2023-5868	MEDIUM4.3	libecpg 14.9-r0 fixed in 14.10-r0	2.8% Low-Moderate Risk	Directly Exposed
CVE-2023-5868	MEDIUM4.3	libpq 14.9-r0 fixed in 14.10-r0	2.8% Low-Moderate Risk	Directly Exposed
CVE-2024-39908	MEDIUM4.3	rexml 3.2.5 fixed in >= 3.3.2	1.4% Low-Moderate Risk	Directly Exposed
CVE-2023-28362	MEDIUM4	actionpack 7.0.5 fixed in ~> 6.1.7.4, >= 7.0.5.1	0.3% Theoretical Threat	Directly Exposed
CVE-2024-41128	LOW3.7	actionpack 7.0.5 fixed in ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-47887	LOW3.7	actionpack 7.0.5 fixed in ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2026-27205	LOW3.65	Flask 2.3.3 fixed in 3.1.3	0.4% Theoretical Threat	Directly Exposed
CVE-2024-54133	LOW3.65	actionpack 7.0.5 fixed in ~> 7.0.8, >= 7.0.8.7, ~> 7.1.5, >= 7.1.5.1, ~> 7.2.2, >= 7.2.2.1, >= 8.0.0.1	1.0% Theoretical Threat	Directly Exposed
CVE-2025-55193	LOW3.65	activerecord 7.0.5 fixed in ~> 7.1.5, >= 7.1.5.2, ~> 7.2.2, >= 7.2.2.2, >= 8.0.2.1	0.5% Theoretical Threat	Directly Exposed
CVE-2023-45803	LOW3.57	py3-urllib3 1.26.7-r0 fixed in 1.26.18-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-32441	LOW3.57	rack 2.2.7 fixed in >= 2.2.14	0.2% Theoretical Threat	Directly Exposed
CVE-2023-38039	LOW3.51	curl 8.2.1-r0 fixed in 8.3.0-r0	63.8% Actively Exploited	Post-Exploit
CVE-2023-38039	LOW3.51	libcurl 8.2.1-r0 fixed in 8.3.0-r0	63.8% Actively Exploited	Post-Exploit
CVE-2023-46219	LOW3.18	curl 8.2.1-r0 fixed in 8.5.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-46219	LOW3.18	libcurl 8.2.1-r0 fixed in 8.5.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-5678	LOW3.18	openssl 1.1.1v-r0 fixed in 1.1.1w-r1	4.5% Low-Moderate Risk	Post-Exploit
CVE-2023-5869	LOW3.17	libecpg 14.9-r0 fixed in 14.10-r0	4.3% Low-Moderate Risk	Post-Exploit
CVE-2023-5869	LOW3.17	libpq 14.9-r0 fixed in 14.10-r0	4.3% Low-Moderate Risk	Post-Exploit
CVE-2020-36327	LOW3.17	bundler 2.1.4 fixed in = 2.2.10, >= 2.2.18	6.3% Low-Moderate Risk	Post-Exploit
CVE-2024-27280	LOW3.1	stringio 3.0.1 fixed in >= 3.0.1.1	2.4% Low-Moderate Risk	Directly Exposed
CVE-2026-27459	LOW3	pyOpenSSL 23.2.0 fixed in 26.0.0	0.5% Theoretical Threat	Post-Exploit
CVE-2024-58266	LOW3	shlex 1.1.0 fixed in 1.3.0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-6357	LOW2.96	pip 23.2.1 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2023-24056	LOW2.8	pkgconf 1.8.0-r0 fixed in 1.8.1-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-24049	LOW2.8	wheel 0.41.2 fixed in 0.46.2	0.3% Theoretical Threat	Post-Exploit
CVE-2023-4016	LOW2.8	libproc 3.3.17-r0 fixed in 3.3.17-r1	0.2% Theoretical Threat	Directly Exposed
CVE-2023-38037	LOW2.8	activesupport 7.0.5 fixed in ~> 6.1.7, >= 6.1.7.5, >= 7.0.7.1	0.3% Theoretical Threat	Directly Exposed
CVE-2024-34069	LOW2.7	Werkzeug 2.3.7 fixed in 3.0.3	3.4% Low-Moderate Risk	Post-Exploit
CVE-2023-46136	LOW2.7	Werkzeug 2.3.7 fixed in 3.0.1, 2.3.8	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-8869	LOW2.7	pip 23.2.1 fixed in 25.3	0.4% Theoretical Threat	Post-Exploit
CVE-2024-27281	LOW2.7	rdoc 6.3.3 fixed in ~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1	1.6% Low-Moderate Risk	Post-Exploit
CVE-2021-43809	LOW2.63	bundler 2.1.4 fixed in >= 2.2.33	2.8% Low-Moderate Risk	Post-Exploit
CVE-2026-3219	LOW2.55	pip 23.2.1 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2025-54314	LOW2.38	thor 1.2.2 fixed in >= 1.4.0	0.1% Theoretical Threat	Directly Exposed
CVE-2023-46218	LOW2.34	curl 8.2.1-r0 fixed in 8.5.0-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2023-46218	LOW2.34	libcurl 8.2.1-r0 fixed in 8.5.0-r0	1.7% Low-Moderate Risk	Post-Exploit
CVE-2026-41493	LOW2.29	yard 0.9.34 fixed in >= 0.9.42	0.4% Theoretical Threat	Post-Exploit
CVE-2023-38546	LOW2.22	curl 8.2.1-r0 fixed in 8.4.0-r0	6.2% Low-Moderate Risk	Post-Exploit
CVE-2023-38546	LOW2.22	libcurl 8.2.1-r0 fixed in 8.4.0-r0	6.2% Low-Moderate Risk	Post-Exploit
CVE-2024-27285	LOW2.2	yard 0.9.34 fixed in >= 0.9.36	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-1703	LOW1.99	pip 23.2.1 fixed in 26.0	0.4% Theoretical Threat	Post-Exploit
CVE-2023-4016	LOW1.68	procps 3.3.17-r0 fixed in 3.3.17-r1	0.2% Theoretical Threat	Post-Exploit
CVE-2023-5752	LOW1.68	pip 23.2.1 fixed in 23.3	0.5% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.21.1 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Not Applicable
CVE-2024-24790	NONE0	stdlib v1.21.1 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Not Applicable
CVE-2023-29491	NONE0	ncurses-libs 6.3_p20211120-r1 fixed in 6.3_p20211120-r2	0.9% Theoretical Threat	Not Applicable
CVE-2023-29491	NONE0	ncurses-terminfo-base 6.3_p20211120-r1 fixed in 6.3_p20211120-r2	0.9% Theoretical Threat	Not Applicable
CVE-2023-39325	NONE0	stdlib v1.21.1 fixed in 1.20.10, 1.21.3	3.8% Low-Moderate Risk	Not Applicable
CVE-2023-45283	NONE0	stdlib v1.21.1 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5	2.8% Low-Moderate Risk	Not Applicable
CVE-2023-45288	NONE0	stdlib v1.21.1 fixed in 1.21.9, 1.22.2	92.0% Actively Exploited	Not Applicable
CVE-2024-34156	NONE0	stdlib v1.21.1 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.21.1 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.21.1 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.21.1 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.21.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.21.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.21.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.21.1 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Not Applicable
CVE-2025-47907	NONE0	stdlib v1.21.1 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Not Applicable
CVE-2025-4673	NONE0	stdlib v1.21.1 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Not Applicable
CVE-2024-24785	NONE0	stdlib v1.21.1 fixed in 1.21.8, 1.22.1	0.8% Theoretical Threat	Not Applicable
CVE-2025-47906	NONE0	stdlib v1.21.1 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.21.1 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.21.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.21.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2024-24783	NONE0	stdlib v1.21.1 fixed in 1.21.8, 1.22.1	0.7% Theoretical Threat	Not Applicable
CVE-2024-24791	NONE0	stdlib v1.21.1 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Not Applicable
CVE-2024-34155	NONE0	stdlib v1.21.1 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Not Applicable
CVE-2024-34158	NONE0	stdlib v1.21.1 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Not Applicable
CVE-2024-45336	NONE0	stdlib v1.21.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Not Applicable
CVE-2024-24789	NONE0	stdlib v1.21.1 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.21.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2024-24784	NONE0	stdlib v1.21.1 fixed in 1.21.8, 1.22.1	1.0% Low-Moderate Risk	Not Applicable
CVE-2025-22871	NONE0	stdlib v1.21.1 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.21.1 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2023-39326	NONE0	stdlib v1.21.1 fixed in 1.20.12, 1.21.5	1.2% Low-Moderate Risk	Not Applicable
CVE-2023-45284	NONE0	stdlib v1.21.1 fixed in 1.20.11, 1.21.4	0.9% Theoretical Threat	Not Applicable
CVE-2023-45289	NONE0	stdlib v1.21.1 fixed in 1.21.8, 1.22.1	1.1% Low-Moderate Risk	Not Applicable
CVE-2023-45290	NONE0	stdlib v1.21.1 fixed in 1.21.8, 1.22.1	1.2% Low-Moderate Risk	Not Applicable
CVE-2025-22866	NONE0	stdlib v1.21.1 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Not Applicable
CVE-2025-22873	NONE0	stdlib v1.21.1 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.21.1 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.21.1 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.21.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-22870	NONE0	stdlib v1.21.1 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Not Applicable
CVE-2024-45341	NONE0	stdlib v1.21.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.21.1 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Not Applicable
GHSA-537c-gmf6-5ccf	NONE0	cryptography 41.0.3 fixed in 48.0.1	—	Not Applicable
GHSA-h4gh-qq45-vh27	NONE0	cryptography 41.0.3 fixed in 43.0.1	—	Not Applicable
GHSA-v8gr-m533-ghj9	NONE0	cryptography 41.0.3 fixed in 41.0.4	—	Not Applicable
CVE-2026-47240	NONE0	net-imap 0.1.1 fixed in ~> 0.5.15, >= 0.6.4.1	—	Not Applicable
CVE-2026-47242	NONE0	net-imap 0.1.1 fixed in ~> 0.5.15, >= 0.6.4.1	—	Not Applicable
CVE-2026-47241	NONE0	net-imap 0.1.1 fixed in ~> 0.5.15, >= 0.6.4.1	—	Not Applicable
CVE-2026-47240	NONE0	net-imap 0.3.7 fixed in ~> 0.5.15, >= 0.6.4.1	—	Not Applicable
CVE-2026-47242	NONE0	net-imap 0.3.7 fixed in ~> 0.5.15, >= 0.6.4.1	—	Not Applicable
CVE-2026-47241	NONE0	net-imap 0.3.7 fixed in ~> 0.5.15, >= 0.6.4.1	—	Not Applicable
GHSA-353f-x4gh-cqq8	NONE0	nokogiri 1.14.5 fixed in >= 1.18.9	—	Not Applicable
GHSA-c4rq-3m3g-8wgx	NONE0	nokogiri 1.14.5 fixed in >= 1.19.3	—	Not Applicable
GHSA-mrxw-mxhj-p664	NONE0	nokogiri 1.14.5 fixed in >= 1.18.4	—	Not Applicable
GHSA-v2fc-qm4h-8hqv	NONE0	nokogiri 1.14.5 fixed in >= 1.19.3	—	Not Applicable
GHSA-wx95-c6cv-8532	NONE0	nokogiri 1.14.5 fixed in >= 1.19.1	—	Not Applicable
GHSA-xc9x-jj77-9p9j	NONE0	nokogiri 1.14.5 fixed in ~> 1.15.6, >= 1.16.2	—	Not Applicable
GHSA-5w6v-399v-w3cc	NONE0	nokogiri 1.14.5 fixed in >= 1.18.8	—	Not Applicable
GHSA-r95h-9x8f-r3f7	NONE0	nokogiri 1.14.5 fixed in >= 1.16.5	—	Not Applicable
GHSA-vvfq-8hwr-qm4m	NONE0	nokogiri 1.14.5 fixed in >= 1.18.3	—	Not Applicable
CVE-2026-47736	NONE0	puma 6.3.0 fixed in ~> 7.2.1, >= 8.0.2	—	Not Applicable
CVE-2026-47737	NONE0	puma 6.3.0 fixed in ~> 7.2.1, >= 8.0.2	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.21.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.21.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.21.1 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.21.1 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.21.1 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable