Vulnerability Reportowasp/dependency-check:12.2.2

owasp/dependency-check:latestowasp/dependency-check:12.2.2

DIGESTsha256:ad169904106250816059f113d374d63a49a7cb0fd2c5e476d05c4fb814cc77b9

Executive Summary

Threat ScoreSAFE• Image is popular with 20M+ pulls and pinned by digest, ensuring immutability.• 10 vulnerabilities found but all are low severity (max 5.35) and none are exposed on the network surface.• No high or critical severity findings; post-exploit-only vulnerabilities also low (max 2.92).

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (20M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. It contains 10 low-severity vulnerabilities (highest CVSS 5.35) that are not exposed on the network and require local access to exploit, posing negligible risk in a standard deployment. The image is from a trusted community source (OWASP) and pinned by digest, ensuring consistency.

Vulnerabilities

Vulnerability Log

50 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW1.93	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42338	LOW1.87	ip-address 10.1.0 fixed in 10.1.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW1.62	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW1.62	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW1.62	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW1.62	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33811	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-53655	NONE0	tar 7.5.13 fixed in 7.5.16	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable