Vulnerability Reportowasp/dependency-check:12.2.0

owasp/dependency-check:12.2.0

DIGESTsha256:26736a16c4ece8f05058e2b89b29e217fda2b33f768a6bc6251a5cf2a0e286da

Executive Summary

Threat ScoreCAUTION• 13 exposed surface vulnerabilities with severity ≥6.0, including CVE-2026-25210, CVE-2026-28390, and CVE-2026-34183.• Total of 77 exposed vulnerabilities, highest severity 6.63 (CVE-2026-25210).• Container from OWASP, popular community image (20M+ pulls, pinned by digest) but not official/verified.• No critical (≥7.0) vulnerabilities, but volume of medium-severity issues is concerning.• Container processes potentially untrusted files (dependency scanning), making libraries like libexpat and OpenSSL exploitable.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (20M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. It contains 77 exposed vulnerabilities, 13 with severity at least 6.0, including CVE-2026-25210 which can lead to information disclosure or data corruption when parsing malicious XML files—relevant to the dependency scanning use case. Multiple OpenSSL vulnerabilities (CVE-2026-28390, CVE-2026-34183) could cause denial of service via crafted network traffic. Although no critical vulnerabilities exist, the high number of exploitable medium-severity issues in core libraries necessitates caution.

Vulnerabilities

Vulnerability Log

151 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-25210	MEDIUM6.63	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-3505	MEDIUM6.38	org.bouncycastle:bcpg-jdk18on 1.78 fixed in 1.84	0.4% Theoretical Threat	Directly Exposed
CVE-2026-5598	MEDIUM6.38	org.bouncycastle:bcprov-jdk18on 1.78 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42198	MEDIUM6.38	org.postgresql:postgresql 42.7.8 fixed in 42.7.11	0.4% Theoretical Threat	Directly Exposed
CVE-2026-33750	MEDIUM6.38	brace-expansion 2.0.2 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-24842	MEDIUM5.58	tar 7.5.2 fixed in 7.5.7	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0636	MEDIUM5.52	org.bouncycastle:bcprov-jdk18on 1.78 fixed in 1.84	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-33671	MEDIUM5.52	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11226	MEDIUM5.44	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.19, 1.3.16	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42338	MEDIUM5.18	ip-address 10.1.0 fixed in 10.1.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM5.1	nghttp2-libs 1.65.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-26996	MEDIUM5.1	minimatch 9.0.5 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.3-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-12798	MEDIUM4.67	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.13, 1.3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33672	MEDIUM4.5	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1225	MEDIUM4.25	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.25	0.2% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.4-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-40200	LOW3.98	musl-utils 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-26960	LOW3.62	tar 7.5.2 fixed in 7.5.8	0.3% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-23890	LOW3.31	pnpm 10.27.0 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-24056	LOW3.31	pnpm 10.27.0 fixed in 10.28.2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-29786	LOW3.21	tar 7.5.2 fixed in 7.5.10	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-23745	LOW3.11	tar 7.5.2 fixed in 7.5.3	0.3% Theoretical Threat	Post-Exploit
CVE-2026-21710	LOW3.1	nodejs 22.16.0-r2 fixed in 22.22.2-r0	13.1% High Exploitation Risk	Post-Exploit
CVE-2026-21713	LOW3.01	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-21717	LOW3.01	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW3.01	tar 7.5.2 fixed in 7.5.4	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.4-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-6042	LOW2.8	musl-utils 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24131	LOW2.8	pnpm 10.27.0 fixed in 10.28.2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31802	LOW2.8	tar 7.5.2 fixed in 7.5.11	0.3% Theoretical Threat	Post-Exploit
CVE-2024-12801	LOW2.8	ch.qos.logback:logback-core 1.2.13 fixed in 1.5.13, 1.3.15	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libcrypto3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.4-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-55130	LOW2.78	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-21637	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.0-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-32178	LOW2.7	Microsoft.NETCore.App.Runtime.linux-musl-x64 8.0.22 fixed in 10.0.6, 9.0.15, 8.0.26	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-55132	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-21714	LOW2.7	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libcrypto3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libcrypto3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-69421	LOW2.29	libssl3 3.5.4-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2026-28388	LOW2.29	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28389	LOW2.29	libssl3 3.5.4-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-59465	LOW2.29	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-59466	LOW2.29	nodejs 22.16.0-r2 fixed in 22.22.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-55131	LOW2.17	nodejs 22.16.0-r2 fixed in 22.22.0-r0	1.0% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat 2.7.3-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-23888	LOW1.99	pnpm 10.27.0 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-23889	LOW1.99	pnpm 10.27.0 fixed in 10.28.1	0.4% Theoretical Threat	Post-Exploit
CVE-2026-21716	LOW1.94	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2026-21715	LOW1.68	nodejs 22.16.0-r2 fixed in 22.22.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r19 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.25.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.25.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.25.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.25.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r19 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.20.1 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-53655	NONE0	tar 7.5.2 fixed in 7.5.16	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable