Vulnerability Reportopensearchproject/opensearch-dashboards:3.4.0

opensearchproject/opensearch-dashboards:3.4.0
DIGESTsha256:27a0c22806b6cbf6611746053a63961c9c52236f1fa58ca6dfe1f256f7121054

Executive Summary

Threat Score
95/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via Handlebars.compile() (CVE-2026-33937) or Lodash _.template imports (CVE-2026-4800), leading to full system compromise. These vulnerabilities require specific non-default configurations (e.g., Handlebars.compile() with crafted AST, Lodash _.template with attacker-controlled imports), but if reachable, the impact is severe. No full mitigations are available without code changes.

Vulnerabilities

Vulnerability Log

287 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-33937HIGH7.84
handlebars
4.7.7
fixed in 4.7.9
1.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-4800HIGH7.84
lodash
4.17.21
fixed in 4.18.0
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-4800HIGH7.84
lodash-es
4.17.21
fixed in 4.18.0
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-24737HIGH7.06
jspdf
3.0.3
fixed in 4.1.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44490MEDIUM6.97
axios
1.12.2
fixed in 1.16.0, 0.32.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33941MEDIUM6.97
handlebars
4.7.7
fixed in 4.7.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-44705MEDIUM6.97
tmp
0.2.5
fixed in 0.2.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25646MEDIUM6.88
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.11
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-6100MEDIUM6.88
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33938MEDIUM6.88
handlebars
4.7.7
fixed in 4.7.9
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33940MEDIUM6.88
handlebars
4.7.7
fixed in 4.7.9
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-25210MEDIUM6.63
expat
2.6.3-1.amzn2023.0.3
fixed in 2.6.3-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22801MEDIUM6.63
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.9
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-48864MEDIUM6.63
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-25940MEDIUM6.53
jspdf
3.0.3
fixed in 4.2.0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33636MEDIUM6.46
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.12
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61726MEDIUM6.38
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.6
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.7
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-41989MEDIUM6.38
libgcrypt
1.10.2-1.amzn2023.0.2
fixed in 1.10.2-1.amzn2023.0.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
libnghttp2
1.59.0-3.amzn2023.0.1
fixed in 1.59.0-3.amzn2023.0.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-3644MEDIUM6.38
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4224MEDIUM6.38
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-35213MEDIUM6.38
@hapi/content
5.0.2
fixed in 6.0.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69873MEDIUM6.38
ajv
6.12.6
fixed in 8.18.0, 6.14.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69873MEDIUM6.38
ajv
8.12.0
fixed in 8.18.0, 6.14.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44486MEDIUM6.38
axios
1.12.2
fixed in 1.16.0, 0.32.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44487MEDIUM6.38
axios
1.12.2
fixed in 1.16.0, 0.32.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44488MEDIUM6.38
axios
1.12.2
fixed in 1.16.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-44496MEDIUM6.38
axios
1.12.2
fixed in 1.16.0, 0.32.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42038MEDIUM6.38
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42039MEDIUM6.38
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33750MEDIUM6.38
brace-expansion
1.1.12
fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-26278MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 4.5.4, 5.3.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33036MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 5.5.6, 4.5.5
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27942MEDIUM6.38
fast-xml-parser
4.4.1
fixed in 5.3.8, 4.5.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26278MEDIUM6.38
fast-xml-parser
5.2.5
fixed in 4.5.4, 5.3.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33036MEDIUM6.38
fast-xml-parser
5.2.5
fixed in 5.5.6, 4.5.5
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27942MEDIUM6.38
fast-xml-parser
5.2.5
fixed in 5.3.8, 4.5.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33939MEDIUM6.38
handlebars
4.7.7
fixed in 4.7.9
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25535MEDIUM6.38
jspdf
3.0.3
fixed in 4.2.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-26996MEDIUM6.38
minimatch
3.1.2
fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33891MEDIUM6.38
node-forge
1.3.3
fixed in 1.4.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33894MEDIUM6.38
node-forge
1.3.3
fixed in 1.4.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33895MEDIUM6.38
node-forge
1.3.3
fixed in 1.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-15284MEDIUM6.38
qs
6.13.0
fixed in 6.14.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2391MEDIUM6.38
qs
6.13.0
fixed in 6.14.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
10.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
2.0.3
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
3.3.2
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
3.4.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
8.3.2
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
9.0.0
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41907MEDIUM6.38
uuid
9.0.1
fixed in 11.1.1, 12.0.1, 13.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-45736MEDIUM6.38
ws
8.18.0
fixed in 8.20.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42033MEDIUM6.29
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42035MEDIUM6.29
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33896MEDIUM6.18
node-forge
1.3.3
fixed in 1.4.0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-22695MEDIUM6.03
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.9
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-1299MEDIUM6.03
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-4786MEDIUM6.03
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-25896MEDIUM6.03
fast-xml-parser
4.4.1
fixed in 5.3.5, 4.5.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25896MEDIUM6.03
fast-xml-parser
5.2.5
fixed in 5.3.5, 4.5.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33416MEDIUM6
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.12
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-68428MEDIUM6
jspdf
3.0.3
fixed in 4.0.0
1.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-25755MEDIUM5.98
jspdf
3.0.3
fixed in 4.2.0
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-44495MEDIUM5.95
axios
1.12.2
fixed in 1.15.2, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-13151MEDIUM5.9
libtasn1
4.19.0-1.amzn2023.0.5
fixed in 4.19.0-1.amzn2023.0.6
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-41238MEDIUM5.78
dompurify
3.2.4
fixed in 3.4.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41239MEDIUM5.78
dompurify
3.2.4
fixed in 3.4.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41238MEDIUM5.78
dompurify
3.3.0
fixed in 3.4.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41239MEDIUM5.78
dompurify
3.3.0
fixed in 3.4.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-9149MEDIUM5.52
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9150MEDIUM5.52
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42041MEDIUM5.52
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-24133MEDIUM5.52
jspdf
3.0.3
fixed in 4.1.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-31898MEDIUM5.52
jspdf
3.0.3
fixed in 4.2.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27904MEDIUM5.52
minimatch
3.1.2
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33671MEDIUM5.52
picomatch
2.3.1
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-5758MEDIUM5.52
protocol-buffers-schema
3.6.0
fixed in 3.6.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33532MEDIUM5.52
yaml
2.3.4
fixed in 2.8.3, 1.10.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-28162MEDIUM5.27
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.10
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-1757MEDIUM5.27
libxml2
2.10.4-1.amzn2023.0.13
fixed in 2.10.4-1.amzn2023.0.18
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6766MEDIUM5.18
nspr
4.35.0-6.amzn2023.0.1
fixed in 4.35.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6767MEDIUM5.18
nspr
4.35.0-6.amzn2023.0.1
fixed in 4.35.0-7.amzn2023.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6772MEDIUM5.18
nspr
4.35.0-6.amzn2023.0.1
fixed in 4.35.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6766MEDIUM5.18
nss
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6767MEDIUM5.18
nss
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6772MEDIUM5.18
nss
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6766MEDIUM5.18
nss-softokn
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6767MEDIUM5.18
nss-softokn
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6772MEDIUM5.18
nss-softokn
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6766MEDIUM5.18
nss-softokn-freebl
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6767MEDIUM5.18
nss-softokn-freebl
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6772MEDIUM5.18
nss-softokn-freebl
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6766MEDIUM5.18
nss-sysinit
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6767MEDIUM5.18
nss-sysinit
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6772MEDIUM5.18
nss-sysinit
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6766MEDIUM5.18
nss-util
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6767MEDIUM5.18
nss-util
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6772MEDIUM5.18
nss-util
3.90.0-6.amzn2023.0.1
fixed in 3.90.0-7.amzn2023.0.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6019MEDIUM5.18
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.6
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42042MEDIUM5.18
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-15599MEDIUM5.18
dompurify
3.2.4
fixed in 3.2.7
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-0540MEDIUM5.18
dompurify
3.2.4
fixed in 3.3.2, 2.5.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41240MEDIUM5.18
dompurify
3.2.4
fixed in 3.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-0540MEDIUM5.18
dompurify
3.3.0
fixed in 3.3.2, 2.5.9
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41240MEDIUM5.18
dompurify
3.3.0
fixed in 3.4.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42338MEDIUM5.18
ip-address
10.1.0
fixed in 10.1.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42338MEDIUM5.18
ip-address
6.4.0
fixed in 10.1.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31938MEDIUM5.18
jspdf
3.0.3
fixed in 4.2.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40355MEDIUM5.02
krb5-libs
1.21.3-6.amzn2023.0.1
fixed in 1.21.3-7.amzn2023.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40356MEDIUM5.02
krb5-libs
1.21.3-6.amzn2023.0.1
fixed in 1.21.3-7.amzn2023.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-0990MEDIUM5.02
libxml2
2.10.4-1.amzn2023.0.13
fixed in 2.10.4-1.amzn2023.0.16
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.5.5-1.amzn2023.0.4
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-41324MEDIUM5.02
basic-ftp
5.0.5
fixed in 5.3.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33349MEDIUM5.02
fast-xml-parser
4.4.1
fixed in 4.5.5, 5.5.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33349MEDIUM5.02
fast-xml-parser
5.2.5
fixed in 4.5.5, 5.5.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-27903MEDIUM5.02
minimatch
3.1.2
fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-14505MEDIUM4.76
elliptic
6.6.1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.7
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41650MEDIUM4.59
fast-xml-parser
4.4.1
fixed in 5.7.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41650MEDIUM4.59
fast-xml-parser
5.2.5
fixed in 5.7.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-24043MEDIUM4.59
jspdf
3.0.3
fixed in 4.1.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-23865MEDIUM4.5
freetype
2.13.2-5.amzn2023.0.1
fixed in 2.13.2-5.amzn2023.0.2
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
glibc
2.34-231.amzn2023.0.1
fixed in 2.34-231.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
glibc-common
2.34-231.amzn2023.0.1
fixed in 2.34-231.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
glibc-minimal-langpack
2.34-231.amzn2023.0.1
fixed in 2.34-231.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42034MEDIUM4.5
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42036MEDIUM4.5
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42037MEDIUM4.5
axios
1.12.2
fixed in 1.15.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2739MEDIUM4.5
bn.js
4.12.0
fixed in 4.12.3, 5.2.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-2739MEDIUM4.5
bn.js
5.2.1
fixed in 4.12.3, 5.2.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25128MEDIUM4.5
fast-xml-parser
5.2.5
fixed in 5.3.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-13465MEDIUM4.5
lodash
4.17.21
fixed in 4.17.23
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2950MEDIUM4.5
lodash
4.17.21
fixed in 4.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-13465MEDIUM4.5
lodash-es
4.17.21
fixed in 4.17.23
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2950MEDIUM4.5
lodash-es
4.17.21
fixed in 4.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-57352MEDIUM4.5
min-document
2.19.0
fixed in 2.19.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-33672MEDIUM4.5
picomatch
2.3.1
fixed in 4.0.4, 3.0.2, 2.3.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-28164MEDIUM4.25
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.10
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15282MEDIUM4.08
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-0672MEDIUM4.08
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-40175MEDIUM4.08
axios
1.12.2
fixed in 1.15.0, 0.31.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-24040MEDIUM4.08
jspdf
3.0.3
fixed in 4.1.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.4
48.7%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.4
48.7%
High Exploitation Risk
Post-Exploit
CVE-2025-68160MEDIUM4
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33916MEDIUM4
handlebars
4.7.7
fixed in 4.7.9
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-24882LOW3.98
gnupg2-minimal
2.3.7-1.amzn2023.0.5
fixed in 2.3.7-1.amzn2023.0.7
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-11468LOW3.82
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-0865LOW3.82
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34757LOW3.74
libpng
2:1.6.37-10.amzn2023.0.8
fixed in 2:1.6.37-10.amzn2023.0.13
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4786LOW3.62
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-26960LOW3.62
tar
6.2.1
fixed in 7.5.8
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-68973LOW3.57
gnupg2-minimal
2.3.7-1.amzn2023.0.5
fixed in 2.3.7-1.amzn2023.0.6
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-62718LOW3.56
axios
1.12.2
fixed in 1.15.0, 0.31.0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-13034LOW3.47
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW3.47
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-13034LOW3.47
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW3.47
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-69418LOW3.4
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
openssl-libs
1:3.2.2-1.amzn2023.0.3
fixed in 1:3.2.2-1.amzn2023.0.5
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3449LOW3.4
@tootallnate/once
2.0.0
fixed in 3.0.1, 2.0.1
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-14524LOW3.31
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW3.31
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.3
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.3
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-29786LOW3.21
tar
6.2.1
fixed in 7.5.10
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-0989LOW3.15
libxml2
2.10.4-1.amzn2023.0.13
fixed in 2.10.4-1.amzn2023.0.17
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6019LOW3.11
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.6
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-23745LOW3.11
tar
6.2.1
fixed in 7.5.3
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-68121LOW3.06
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.6
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-42043LOW3.06
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-23950LOW3.01
tar
6.2.1
fixed in 7.5.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-27699LOW3
basic-ftp
5.0.5
fixed in 5.2.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6357LOW2.96
python3-pip-wheel
21.3.1-2.amzn2023.0.14
fixed in 21.3.1-2.amzn2023.0.19
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-31802LOW2.8
tar
6.2.1
fixed in 7.5.11
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-8732LOW2.8
libxml2
2.10.4-1.amzn2023.0.13
fixed in 2.10.4-1.amzn2023.0.15
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-4519LOW2.8
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2297LOW2.8
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42264LOW2.78
axios
1.12.2
fixed in 1.15.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42044LOW2.78
axios
1.12.2
fixed in 1.15.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-48863LOW2.7
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
Post-Exploit
CVE-2026-25639LOW2.7
axios
1.12.2
fixed in 1.13.5, 0.30.3
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-44494LOW2.66
axios
1.12.2
fixed in 1.16.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-44492LOW2.63
axios
1.12.2
fixed in 1.16.0, 0.32.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-24842LOW2.51
tar
6.2.1
fixed in 7.5.7
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-15079LOW2.48
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-15079LOW2.48
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6100LOW2.48
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-0992LOW2.46
libxml2
2.10.4-1.amzn2023.0.13
fixed in 2.10.4-1.amzn2023.0.16
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-14017LOW2.45
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-15282LOW2.45
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-0672LOW2.45
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-15224LOW2.4
curl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-15224LOW2.4
libcurl-minimal
8.15.0-4.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-3644LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-4224LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-66418LOW2.29
python3-pip-wheel
21.3.1-2.amzn2023.0.14
fixed in 21.3.1-2.amzn2023.0.15
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-66471LOW2.29
python3-pip-wheel
21.3.1-2.amzn2023.0.14
fixed in 21.3.1-2.amzn2023.0.15
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-21441LOW2.29
python3-pip-wheel
21.3.1-2.amzn2023.0.14
fixed in 21.3.1-2.amzn2023.0.16
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-11468LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-0865LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-1299LOW2.17
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-1703LOW1.99
python3-pip-wheel
21.3.1-2.amzn2023.0.14
fixed in 21.3.1-2.amzn2023.0.17
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-4519LOW1.68
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-2297LOW1.68
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39823NONE0
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.7
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
libcap
2.73-1.amzn2023.0.5
fixed in 2.73-1.amzn2023.0.7
0.6%
Theoretical Threat
Not Applicable
CVE-2026-44974NONE0
@hapi/content
5.0.2
fixed in 6.0.2
Not Applicable
CVE-2026-48049NONE0
@hapi/inert
6.0.5
fixed in 7.1.1
Not Applicable
CVE-2026-44979NONE0
@hapi/wreck
17.2.0
fixed in 18.1.1
Not Applicable
CVE-2026-48022NONE0
@hapi/wreck
17.2.0
fixed in 18.1.2
Not Applicable
CVE-2026-54285NONE0
@opentelemetry/core
1.30.1
fixed in 2.8.0
Not Applicable
GHSA-6475-r3vj-m8vfNONE0
@smithy/config-resolver
4.1.0
fixed in 4.4.0
Not Applicable
GHSA-6475-r3vj-m8vfNONE0
@smithy/config-resolver
4.3.0
fixed in 4.4.0
Not Applicable
CVE-2026-42040NONE0
axios
1.12.2
fixed in 1.15.1, 0.31.1
0.2%
Theoretical Threat
Not Applicable
CVE-2026-44240NONE0
basic-ftp
5.0.5
fixed in 5.3.1
0.5%
Theoretical Threat
Not Applicable
GHSA-6v7q-wjvx-w8wgNONE0
basic-ftp
5.0.5
fixed in 5.2.2
Not Applicable
CVE-2026-49458NONE0
dompurify
3.2.4
fixed in 3.4.6
Not Applicable
CVE-2026-49459NONE0
dompurify
3.2.4
fixed in 3.4.6
Not Applicable
CVE-2026-49978NONE0
dompurify
3.2.4
fixed in 3.4.7
Not Applicable
GHSA-39q2-94rc-95cpNONE0
dompurify
3.2.4
fixed in 3.4.0
Not Applicable
GHSA-76mc-f452-cxcmNONE0
dompurify
3.2.4
fixed in 3.4.7
Not Applicable
GHSA-cj63-jhhr-wcxvNONE0
dompurify
3.2.4
fixed in 3.3.2
Not Applicable
GHSA-cjmm-f4jc-qw8rNONE0
dompurify
3.2.4
fixed in 3.3.2
Not Applicable
GHSA-cmwh-pvxp-8882NONE0
dompurify
3.2.4
fixed in 3.4.11
Not Applicable
GHSA-h8r8-wccr-v5f2NONE0
dompurify
3.2.4
fixed in 3.3.2
Not Applicable
GHSA-gvmj-g25r-r7wrNONE0
dompurify
3.2.4
fixed in 3.4.8
Not Applicable
GHSA-vxr8-fq34-vvx9NONE0
dompurify
3.2.4
fixed in 3.4.9
Not Applicable
GHSA-x4vx-rjvf-j5p4NONE0
dompurify
3.2.4
No fix yet
Not Applicable
CVE-2026-49458NONE0
dompurify
3.3.0
fixed in 3.4.6
Not Applicable
CVE-2026-49459NONE0
dompurify
3.3.0
fixed in 3.4.6
Not Applicable
CVE-2026-49978NONE0
dompurify
3.3.0
fixed in 3.4.7
Not Applicable
GHSA-39q2-94rc-95cpNONE0
dompurify
3.3.0
fixed in 3.4.0
Not Applicable
GHSA-76mc-f452-cxcmNONE0
dompurify
3.3.0
fixed in 3.4.7
Not Applicable
GHSA-cj63-jhhr-wcxvNONE0
dompurify
3.3.0
fixed in 3.3.2
Not Applicable
GHSA-cjmm-f4jc-qw8rNONE0
dompurify
3.3.0
fixed in 3.3.2
Not Applicable
GHSA-cmwh-pvxp-8882NONE0
dompurify
3.3.0
fixed in 3.4.11
Not Applicable
GHSA-h8r8-wccr-v5f2NONE0
dompurify
3.3.0
fixed in 3.3.2
Not Applicable
GHSA-gvmj-g25r-r7wrNONE0
dompurify
3.3.0
fixed in 3.4.8
Not Applicable
GHSA-vxr8-fq34-vvx9NONE0
dompurify
3.3.0
fixed in 3.4.9
Not Applicable
GHSA-x4vx-rjvf-j5p4NONE0
dompurify
3.3.0
No fix yet
Not Applicable
GHSA-r4q5-vmmm-2653NONE0
follow-redirects
1.15.6
fixed in 1.16.0
Not Applicable
CVE-2026-12143NONE0
form-data
4.0.4
fixed in 2.5.6, 3.0.5, 4.0.6
0.3%
Theoretical Threat
Not Applicable
GHSA-7rx3-28cr-v5whNONE0
handlebars
4.7.7
fixed in 4.7.9
Not Applicable
GHSA-442j-39wm-28r2NONE0
handlebars
4.7.7
fixed in 4.7.9
Not Applicable
CVE-2026-48038NONE0
joi
14.3.1
fixed in 18.2.1, 17.13.4
Not Applicable
CVE-2026-46625NONE0
js-cookie
2.2.1
fixed in 3.0.7
0.4%
Theoretical Threat
Not Applicable
CVE-2026-53550NONE0
js-yaml
4.1.1
fixed in 4.2.0
Not Applicable
CVE-2026-8723NONE0
qs
6.13.0
fixed in 6.15.2
0.3%
Theoretical Threat
Not Applicable
GHSA-5c6j-r48x-rmvqNONE0
serialize-javascript
4.0.0
fixed in 7.0.3
Not Applicable
CVE-2024-1899NONE0
showdown
2.1.0
No fix yet
0.8%
Theoretical Threat
Not Applicable
CVE-2026-53655NONE0
tar
6.2.1
fixed in 7.5.16
Not Applicable
CVE-2026-48779NONE0
ws
7.5.10
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
Not Applicable
CVE-2026-48779NONE0
ws
8.18.0
fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0
Not Applicable