Vulnerability Reportowasp/dependency-check:12.1.9

owasp/dependency-check:12.1.9

DIGESTsha256:b7faa63f1840928f90bcaa3bb06ecfe19b18a38dc7bf6f30d34c5af6cbaff4ec

Executive Summary

Threat ScoreCAUTION• 78 total vulnerabilities, 14 with severity ≥6.0 (max 6.38) — exceeding the CAUTION threshold for high-volume medium-severity findings.• Key CVEs: CVE-2026-28389, CVE-2026-28390, CVE-2026-34183 — all are DoS vulnerabilities in OpenSSL (libcrypto3, libssl3) that could cause container crash or resource exhaustion.• Trust: POPULAR COMMUNITY image (20M+ pulls) with RELIABLE verdict and pinned digest, reducing supply chain risk.• Post-exploit findings (max severity 4.06) are considered low importance and unlikely to be exploited in this context.• Container runs as a command-line tool (dependency-check.sh --help) and does not typically process attacker-controlled network data, limiting exposure.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (20M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The primary concerns are 78 vulnerabilities (14 with severity ≥6.0), including DoS flaws in OpenSSL (CVE-2026-28389, CVE-2026-34183) that could crash the container or cause resource exhaustion. However, the container runs as a standalone command-line tool and is not a network-facing service, which significantly reduces the likelihood of exploitation. Post-exploit issues are low severity and considered low risk. Strict network segmentation and limiting input to trusted sources would further mitigate exposure.

Vulnerabilities

Vulnerability Log

161 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-3505	MEDIUM6.38	org.bouncycastle:bcpg-jdk18on 1.78 fixed in 1.84	0.4% Theoretical Threat	Directly Exposed
CVE-2026-5598	MEDIUM6.38	org.bouncycastle:bcprov-jdk18on 1.78 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42198	MEDIUM6.38	org.postgresql:postgresql 42.7.5 fixed in 42.7.11	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33750	MEDIUM6.38	brace-expansion 2.0.2 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0636	MEDIUM5.52	org.bouncycastle:bcprov-jdk18on 1.78 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33671	MEDIUM5.52	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11226	MEDIUM5.44	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.19, 1.3.16	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42338	MEDIUM5.18	ip-address 10.1.0 fixed in 10.1.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM5.1	nghttp2-libs 1.65.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-62408	MEDIUM5.02	c-ares 1.34.5-r0 fixed in 1.34.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49146	MEDIUM5.02	org.postgresql:postgresql 42.7.5 fixed in 42.7.7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-12798	MEDIUM4.67	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.13, 1.3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33672	MEDIUM4.5	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1225	MEDIUM4.25	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.25	0.2% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2025-69262	LOW3.98	pnpm 10.21.0 fixed in 10.27.0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-26960	LOW3.62	tar 7.5.2 fixed in 7.5.8	0.3% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-24842	LOW3.34	tar 7.5.2 fixed in 7.5.7	0.5% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-23888	LOW3.31	pnpm 10.21.0 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-23889	LOW3.31	pnpm 10.21.0 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-23890	LOW3.31	pnpm 10.21.0 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-24056	LOW3.31	pnpm 10.21.0 fixed in 10.28.2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-29786	LOW3.21	tar 7.5.2 fixed in 7.5.10	0.3% Theoretical Threat	Post-Exploit
CVE-2026-25210	LOW3.18	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-45446	LOW3.15	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-23745	LOW3.11	tar 7.5.2 fixed in 7.5.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-21710	LOW3.1	nodejs 22.16.0-r2 fixed in 22.22.2-r0	13.1% High Exploitation Risk	Post-Exploit
CVE-2026-26996	LOW3.06	minimatch 9.0.5 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	0.5% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-21713	LOW3.01	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-21717	LOW3.01	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW3.01	tar 7.5.2 fixed in 7.5.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69264	LOW3	pnpm 10.21.0 fixed in 10.26.0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24131	LOW2.8	pnpm 10.21.0 fixed in 10.28.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31802	LOW2.8	tar 7.5.2 fixed in 7.5.11	0.3% Theoretical Threat	Post-Exploit
CVE-2024-12801	LOW2.8	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.13, 1.3.15	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-55130	LOW2.78	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-21637	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-64756	LOW2.7	npm 11.3.0-r1 fixed in 11.6.4-r0	3.0% Low-Moderate Risk	Post-Exploit
CVE-2025-64756	LOW2.7	glob 10.4.5 fixed in 11.1.0, 10.5.0	3.0% Low-Moderate Risk	Post-Exploit
CVE-2026-32178	LOW2.7	Microsoft.NETCore.App.Runtime.linux-musl-x64 8.0.21 fixed in 10.0.6, 9.0.15, 8.0.26	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-55132	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-21714	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2025-69263	LOW2.69	pnpm 10.21.0 fixed in 10.26.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-59465	LOW2.29	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-59466	LOW2.29	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-55131	LOW2.17	nodejs 22.16.0-r2 fixed in 22.22.0-r0	1.0% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-21716	LOW1.94	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2026-21715	LOW1.68	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-5889	LOW1.58	npm 11.3.0-r1 fixed in 11.4.2-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.25.4 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.25.4 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.25.4 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.25.4 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.25.4 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.25.4 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.25.4 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.25.4 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.25.4 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.25.4 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.25.4 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.25.4 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.25.4 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.25.4 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.25.4 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.20.1 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-53655	NONE0	tar 7.5.2 fixed in 7.5.16	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.4 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.4 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.4 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.4 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable