Vulnerability Reportowasp/dependency-check:12.1.6

owasp/dependency-check:12.1.6

DIGESTsha256:37e3c1156f00107c164c29bca9ca41944b433b57211c4309a135c02833959a39

Executive Summary

Threat ScoreCAUTION• 18 exposed vulnerabilities with CVSS >=6.0, including CVE-2026-25210 (libexpat, severity 6.63) and CVE-2026-28388 (OpenSSL, severity 6.38).• CVE-2026-25210 in libexpat could allow code execution when processing malicious XML, which is directly applicable to the dependency-check tool's input.• OpenSSL vulnerabilities (CVE-2026-28388, CVE-2026-28389) are denial-of-service and require non-default configurations (e.g., delta CRL or CMS processing) unlikely in this CLI context.• Image is from a popular community (owasp) with high reputation but not officially verified.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (20M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit CVE-2026-25210 in libexpat to achieve code execution via crafted XML files processed by the dependency-check tool, or trigger denial of service through OpenSSL vulnerabilities such as CVE-2026-28388. Updating libexpat to version 2.7.4 or later fully mitigates the code execution risk, while OpenSSL vulnerabilities require specific flags (e.g., X509_V_FLAG_USE_DELTAS) that are not enabled by default, reducing their practical impact.

Vulnerabilities

Vulnerability Log

179 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-25210	MEDIUM6.63	libexpat 2.7.2-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.2-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.2-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.2-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-3505	MEDIUM6.38	org.bouncycastle:bcpg-jdk18on 1.78 fixed in 1.84	0.4% Theoretical Threat	Directly Exposed
CVE-2026-5598	MEDIUM6.38	org.bouncycastle:bcprov-jdk18on 1.78 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42198	MEDIUM6.38	org.postgresql:postgresql 42.7.5 fixed in 42.7.11	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33750	MEDIUM6.38	brace-expansion 2.0.2 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-58050	MEDIUM6.18	pcre2 10.43-r1 fixed in 10.46-r0	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-9231	MEDIUM5.9	libcrypto3 3.5.2-r0 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9231	MEDIUM5.9	libssl3 3.5.2-r0 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libcrypto3 3.5.2-r0 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libssl3 3.5.2-r0 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.2-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0636	MEDIUM5.52	org.bouncycastle:bcprov-jdk18on 1.78 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2025-11226	MEDIUM5.44	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.19, 1.3.16	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42338	MEDIUM5.18	ip-address 10.0.1 fixed in 10.1.1	0.3% Theoretical Threat	Directly Exposed
CVE-2025-62408	MEDIUM5.02	c-ares 1.34.5-r0 fixed in 1.34.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49146	MEDIUM5.02	org.postgresql:postgresql 42.7.5 fixed in 42.7.7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.2-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.2-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.2-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl-utils 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-12798	MEDIUM4.67	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.13, 1.3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1225	MEDIUM4.25	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.25	0.2% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.2-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69262	LOW3.98	pnpm 10.17.1 fixed in 10.27.0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-27135	LOW3.83	nghttp2-libs 1.65.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly Exposed
CVE-2025-55131	LOW3.62	nodejs 22.16.0-r2 fixed in 22.22.0-r0	1.0% Theoretical Threat	Post-Exploit
CVE-2026-26960	LOW3.62	tar 7.4.4 fixed in 7.5.8	0.3% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-23888	LOW3.31	pnpm 10.17.1 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-23889	LOW3.31	pnpm 10.17.1 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-23890	LOW3.31	pnpm 10.17.1 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-24056	LOW3.31	pnpm 10.17.1 fixed in 10.28.2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-29786	LOW3.21	tar 7.4.4 fixed in 7.5.10	0.3% Theoretical Threat	Post-Exploit
CVE-2025-9086	LOW3.18	libcurl 8.14.1-r1 fixed in 8.14.1-r2	1.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-23745	LOW3.11	tar 7.4.4 fixed in 7.5.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-21710	LOW3.1	nodejs 22.16.0-r2 fixed in 22.22.2-r0	13.1% High Exploitation Risk	Post-Exploit
CVE-2025-9232	LOW3.1	libcrypto3 3.5.2-r0 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-9232	LOW3.1	libssl3 3.5.2-r0 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-21713	LOW3.01	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-21717	LOW3.01	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW3.01	tar 7.4.4 fixed in 7.5.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.2-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69264	LOW3	pnpm 10.17.1 fixed in 10.26.0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.2-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2025-55248	LOW2.91	Microsoft.NETCore.App.Runtime.linux-musl-x64 8.0.20 fixed in 9.0.10, 8.0.21	0.7% Theoretical Threat	Post-Exploit
CVE-2026-24131	LOW2.8	pnpm 10.17.1 fixed in 10.28.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31802	LOW2.8	tar 7.4.4 fixed in 7.5.11	0.3% Theoretical Threat	Post-Exploit
CVE-2024-12801	LOW2.8	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.13, 1.3.15	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libcrypto3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.2-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-55130	LOW2.78	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-21637	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-64756	LOW2.7	npm 11.3.0-r1 fixed in 11.6.4-r0	3.0% Low-Moderate Risk	Post-Exploit
CVE-2025-64756	LOW2.7	glob 10.4.5 fixed in 11.1.0, 10.5.0	3.0% Low-Moderate Risk	Post-Exploit
CVE-2026-32178	LOW2.7	Microsoft.NETCore.App.Runtime.linux-musl-x64 8.0.20 fixed in 10.0.6, 9.0.15, 8.0.26	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-55132	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-21714	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2025-69263	LOW2.69	pnpm 10.17.1 fixed in 10.26.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24842	LOW2.51	tar 7.4.4 fixed in 7.5.7	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.2-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.2-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-10148	LOW2.45	libcurl 8.14.1-r1 fixed in 8.14.1-r2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl-utils 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libcrypto3 3.5.2-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libssl3 3.5.2-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-59465	LOW2.29	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-59466	LOW2.29	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-26996	LOW2.29	minimatch 9.0.5 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat 2.7.2-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-21716	LOW1.94	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2026-21715	LOW1.68	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-5889	LOW1.58	npm 11.3.0-r1 fixed in 11.4.2-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.25.1 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.25.1 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.25.1 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.25.1 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.25.1 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.25.1 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.25.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.25.1 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.25.1 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.25.1 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.25.1 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.25.1 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.20.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-53655	NONE0	tar 7.4.4 fixed in 7.5.16	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.1 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.1 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable