This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit SSRF vulnerabilities (CVE-2024-29415) to access internal networks, or launch denial-of-service attacks via the body-parser middleware (CVE-2024-45590), causing service unavailability. While the OpenSSL DoS (CVE-2024-6119) requires a malicious MongoDB server, the overall exposure is unacceptable.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2024-29415 | HIGH7.84 | ip 2.0.0 No fix yet | 8.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2023-42282 | HIGH7.84 | ip 2.0.0 fixed in 2.0.1, 1.1.9 | 1.6% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-6119 | HIGH7.8 | libcrypto3 3.0.12-r1 fixed in 3.0.15-r0 | 66.6% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2024-6119 | HIGH7.8 | libssl3 3.0.12-r1 fixed in 3.0.15-r0 | 66.6% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45590 | MEDIUM6.38 | body-parser 1.20.0 fixed in 1.20.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2024-45590 | MEDIUM6.38 | body-parser 1.20.2 fixed in 1.20.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-33750 | MEDIUM6.38 | brace-expansion 2.0.1 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33036 | MEDIUM6.38 | fast-xml-parser 4.2.5 fixed in 5.5.6, 4.5.5 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-27942 | MEDIUM6.38 | fast-xml-parser 4.2.5 fixed in 5.3.8, 4.5.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-26996 | MEDIUM6.38 | minimatch 9.0.3 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 8.3.2 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-25896 | MEDIUM6.03 | fast-xml-parser 4.2.5 fixed in 5.3.5, 4.5.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-25345 | MEDIUM6 | swig-templates 2.0.3 No fix yet | 1.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-26519 | MEDIUM5.95 | musl 1.2.3-r5 fixed in 1.2.3-r6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-6237 | MEDIUM5.9 | libcrypto3 3.0.12-r1 fixed in 3.0.12-r3 | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-5535 | MEDIUM5.9 | libcrypto3 3.0.12-r1 fixed in 3.0.14-r0 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-6237 | MEDIUM5.9 | libssl3 3.0.12-r1 fixed in 3.0.12-r3 | 2.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-5535 | MEDIUM5.9 | libssl3 3.0.12-r1 fixed in 3.0.14-r0 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9230 | MEDIUM5.6 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4741 | MEDIUM5.6 | libcrypto3 3.0.12-r1 fixed in 3.0.14-r0 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9230 | MEDIUM5.6 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 1.8% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4741 | MEDIUM5.6 | libssl3 3.0.12-r1 fixed in 3.0.14-r0 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2020-7598 | MEDIUM5.6 | minimist 0.0.10 fixed in 0.2.1, 1.2.3 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2026-27904 | MEDIUM5.52 | minimatch 9.0.3 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-0727 | MEDIUM5.5 | libcrypto3 3.0.12-r1 fixed in 3.0.12-r4 | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-0727 | MEDIUM5.5 | libssl3 3.0.12-r1 fixed in 3.0.12-r4 | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4603 | MEDIUM5.3 | libcrypto3 3.0.12-r1 fixed in 3.0.13-r0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-4603 | MEDIUM5.3 | libssl3 3.0.12-r1 fixed in 3.0.13-r0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2024-29041 | MEDIUM5.18 | express 4.18.1 fixed in 4.19.2, 5.0.0-beta.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-15284 | MEDIUM5.1 | qs 6.10.3 fixed in 6.14.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-2391 | MEDIUM5.1 | qs 6.10.3 fixed in 6.14.2 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-15284 | MEDIUM5.1 | qs 6.11.0 fixed in 6.14.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-2391 | MEDIUM5.1 | qs 6.11.0 fixed in 6.14.2 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-69420 | MEDIUM5.02 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33349 | MEDIUM5.02 | fast-xml-parser 4.2.5 fixed in 4.5.5, 5.5.7 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27903 | MEDIUM5.02 | minimatch 9.0.3 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-2511 | MEDIUM4.81 | libcrypto3 3.0.12-r1 fixed in 3.0.12-r5 | 54.0% Actively Exploited | Directly Exposed |
| CVE-2024-2511 | MEDIUM4.81 | libssl3 3.0.12-r1 fixed in 3.0.12-r5 | 54.0% Actively Exploited | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-27088 | MEDIUM4.67 | es5-ext 0.10.62 fixed in 0.10.63 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41650 | MEDIUM4.59 | fast-xml-parser 4.2.5 fixed in 5.7.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-47178 | MEDIUM4.5 | basic-auth-connect 1.0.0 fixed in 1.1.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-13465 | MEDIUM4.5 | lodash 4.17.21 fixed in 4.17.23 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2950 | MEDIUM4.5 | lodash 4.17.21 fixed in 4.18.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-45296 | MEDIUM4.5 | path-to-regexp 0.1.7 fixed in 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-52798 | MEDIUM4.5 | path-to-regexp 0.1.7 fixed in 0.1.12 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-4867 | MEDIUM4.5 | path-to-regexp 0.1.7 fixed in 0.1.13 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-15467 | MEDIUM4.06 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 48.7% High Exploitation Risk | Post-Exploit |
| CVE-2025-15467 | MEDIUM4.06 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 48.7% High Exploitation Risk | Post-Exploit |
| CVE-2024-13176 | MEDIUM4 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-68160 | MEDIUM4 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-13176 | MEDIUM4 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-68160 | MEDIUM4 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-43796 | MEDIUM4 | express 4.18.1 fixed in 4.20.0, 5.0.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-43799 | MEDIUM4 | send 0.18.0 fixed in 0.19.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-43800 | MEDIUM4 | serve-static 1.15.0 fixed in 1.16.0, 2.1.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-21538 | LOW3.74 | cross-spawn 7.0.3 fixed in 7.0.5, 6.0.6 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-9143 | LOW3.7 | libcrypto3 3.0.12-r1 fixed in 3.0.15-r1 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2024-9143 | LOW3.7 | libssl3 3.0.12-r1 fixed in 3.0.15-r1 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-26960 | LOW3.62 | tar 6.2.0 fixed in 7.5.8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-26519 | LOW3.57 | musl-utils 1.2.3-r5 fixed in 1.2.3-r6 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-4800 | LOW3.53 | lodash 4.17.21 fixed in 4.18.0 | 1.0% Low-Moderate Risk | Post-Exploit |
| CVE-2021-44906 | LOW3.53 | minimist 0.0.10 fixed in 1.2.6, 0.2.4 | 4.6% Low-Moderate Risk | Post-Exploit |
| CVE-2025-69418 | LOW3.4 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-29786 | LOW3.21 | tar 6.2.0 fixed in 7.5.10 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2024-47764 | LOW3.15 | cookie 0.3.1 fixed in 0.7.0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-47764 | LOW3.15 | cookie 0.4.1 fixed in 0.7.0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-47764 | LOW3.15 | cookie 0.4.2 fixed in 0.7.0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-47764 | LOW3.15 | cookie 0.5.0 fixed in 0.7.0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-23745 | LOW3.11 | tar 6.2.0 fixed in 7.5.3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-9232 | LOW3.1 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9232 | LOW3.1 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-7339 | LOW2.89 | on-headers 1.0.2 fixed in 1.1.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-42363 | LOW2.8 | busybox 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42364 | LOW2.8 | busybox 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42365 | LOW2.8 | busybox 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42366 | LOW2.8 | busybox 1.35.0-r29 fixed in 1.35.0-r30 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42363 | LOW2.8 | busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42364 | LOW2.8 | busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42365 | LOW2.8 | busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42366 | LOW2.8 | busybox-binsh 1.35.0-r29 fixed in 1.35.0-r30 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42363 | LOW2.8 | ssl_client 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42364 | LOW2.8 | ssl_client 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42365 | LOW2.8 | ssl_client 1.35.0-r29 fixed in 1.35.0-r31 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2023-42366 | LOW2.8 | ssl_client 1.35.0-r29 fixed in 1.35.0-r30 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-31802 | LOW2.8 | tar 6.2.0 fixed in 7.5.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-64756 | LOW2.7 | glob 10.3.10 fixed in 11.1.0, 10.5.0 | 3.0% Low-Moderate Risk | Post-Exploit |
| CVE-2020-8203 | LOW2.66 | lodash.set 4.3.2 No fix yet | 5.2% Low-Moderate Risk | Post-Exploit |
| CVE-2025-5889 | LOW2.63 | brace-expansion 2.0.1 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-24842 | LOW2.51 | tar 6.2.0 fixed in 7.5.7 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2023-6129 | LOW2.34 | libcrypto3 3.0.12-r1 fixed in 3.0.12-r2 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2023-6129 | LOW2.34 | libssl3 3.0.12-r1 fixed in 3.0.12-r2 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2025-69421 | LOW2.29 | libcrypto3 3.0.12-r1 fixed in 3.0.19-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2025-69421 | LOW2.29 | libssl3 3.0.12-r1 fixed in 3.0.19-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-24001 | LOW2.29 | diff 5.1.0 fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-26278 | LOW2.29 | fast-xml-parser 4.2.5 fixed in 4.5.4, 5.3.6 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2024-28863 | LOW1.99 | tar 6.2.0 fixed in 6.2.1 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-23950 | LOW1.81 | tar 6.2.0 fixed in 7.5.4 | 0.2% Theoretical Threat | Post-Exploit |
| GHSA-6475-r3vj-m8vf | NONE0 | @smithy/config-resolver 2.0.19 fixed in 4.4.0 | — | Not Applicable |
| CVE-2023-52555 | NONE0 | mongo-express 1.0.0 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-53655 | NONE0 | tar 6.2.0 fixed in 7.5.16 | — | Not Applicable |