This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2026-4800 to achieve remote code execution, or use CVE-2025-62718 to bypass proxy restrictions and access internal services. While the image is from a verified publisher (Redislabs) and pinned by digest, the presence of 86 exposed vulnerabilities with 3 at high severity (max 7.92) makes deployment unacceptable without complete remediation. Note that some vulnerabilities require specific conditions (e.g., proxy usage for axios CVEs, or untrusted template imports for lodash) that may reduce their exploitability in certain environments, but the overall risk remains critical.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-62718 | HIGH7.92 | axios 1.12.2 fixed in 1.15.0, 0.31.0 | 1.1% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4800 | HIGH7.84 | lodash 4.17.21 fixed in 4.18.0 | 1.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4800 | HIGH7.84 | lodash 4.17.23 fixed in 4.18.0 | 1.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42043 | MEDIUM6.8 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-28388 | MEDIUM6.38 | libcrypto3 3.3.6-r0 fixed in 3.3.7-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libcrypto3 3.3.6-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libcrypto3 3.3.6-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libssl3 3.3.6-r0 fixed in 3.3.7-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libssl3 3.3.6-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libssl3 3.3.6-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-44486 | MEDIUM6.38 | axios 1.12.2 fixed in 1.16.0, 0.32.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-44487 | MEDIUM6.38 | axios 1.12.2 fixed in 1.16.0, 0.32.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-44488 | MEDIUM6.38 | axios 1.12.2 fixed in 1.16.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44496 | MEDIUM6.38 | axios 1.12.2 fixed in 1.16.0, 0.32.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42038 | MEDIUM6.38 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42039 | MEDIUM6.38 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33750 | MEDIUM6.38 | brace-expansion 1.1.12 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33750 | MEDIUM6.38 | brace-expansion 2.0.1 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33750 | MEDIUM6.38 | brace-expansion 2.0.2 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-24001 | MEDIUM6.38 | diff 4.0.2 fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-24001 | MEDIUM6.38 | diff 5.2.0 fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-26996 | MEDIUM6.38 | minimatch 3.1.2 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-26996 | MEDIUM6.38 | minimatch 9.0.5 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-3304 | MEDIUM6.38 | multer 2.0.2 fixed in 2.1.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-3520 | MEDIUM6.38 | multer 2.0.2 fixed in 2.1.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-4926 | MEDIUM6.38 | path-to-regexp 8.2.0 fixed in 8.4.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33151 | MEDIUM6.38 | socket.io-parser 4.2.4 fixed in 3.3.5, 3.4.4, 4.2.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 11.1.0 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-41907 | MEDIUM6.38 | uuid 8.3.2 fixed in 11.1.1, 12.0.1, 13.0.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-45736 | MEDIUM6.38 | ws 8.17.1 fixed in 8.20.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42033 | MEDIUM6.29 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42035 | MEDIUM6.29 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42264 | MEDIUM6.18 | axios 1.12.2 fixed in 1.15.2 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42044 | MEDIUM6.18 | axios 1.12.2 fixed in 1.15.2 | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-25639 | MEDIUM6 | axios 1.12.2 fixed in 1.13.5, 0.30.3 | 1.2% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-26519 | MEDIUM5.95 | musl 1.2.5-r8 fixed in 1.2.5-r9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-26519 | MEDIUM5.95 | musl-utils 1.2.5-r8 fixed in 1.2.5-r9 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44495 | MEDIUM5.95 | axios 1.12.2 fixed in 1.15.2, 0.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-44494 | MEDIUM5.91 | axios 1.12.2 fixed in 1.16.0 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44492 | MEDIUM5.85 | axios 1.12.2 fixed in 1.16.0, 0.32.0 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-44490 | MEDIUM5.58 | axios 1.12.2 fixed in 1.16.0, 0.32.0 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42041 | MEDIUM5.52 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27904 | MEDIUM5.52 | minimatch 3.1.2 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27904 | MEDIUM5.52 | minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33532 | MEDIUM5.52 | yaml 2.4.1 fixed in 2.8.3, 1.10.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-35515 | MEDIUM5.18 | @nestjs/core 11.0.20 fixed in 11.1.18 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42042 | MEDIUM5.18 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42338 | MEDIUM5.18 | ip-address 9.0.5 fixed in 10.1.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2359 | MEDIUM5.1 | multer 2.0.2 fixed in 2.1.0 | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-15284 | MEDIUM5.1 | qs 6.13.0 fixed in 6.14.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-2391 | MEDIUM5.1 | qs 6.13.0 fixed in 6.14.2 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-15284 | MEDIUM5.1 | qs 6.14.0 fixed in 6.14.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-2391 | MEDIUM5.1 | qs 6.14.0 fixed in 6.14.2 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-31790 | MEDIUM5.02 | libcrypto3 3.3.6-r0 fixed in 3.3.7-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libssl3 3.3.6-r0 fixed in 3.3.7-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-27903 | MEDIUM5.02 | minimatch 3.1.2 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27903 | MEDIUM5.02 | minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-4923 | MEDIUM5.02 | path-to-regexp 8.2.0 fixed in 8.4.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | libcrypto3 3.3.6-r0 fixed in 3.3.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | libssl3 3.3.6-r0 fixed in 3.3.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl 1.2.5-r8 fixed in 1.2.5-r10 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl-utils 1.2.5-r8 fixed in 1.2.5-r10 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42034 | MEDIUM4.5 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42036 | MEDIUM4.5 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42037 | MEDIUM4.5 | axios 1.12.2 fixed in 1.15.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-31808 | MEDIUM4.5 | file-type 16.5.4 fixed in 21.3.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31808 | MEDIUM4.5 | file-type 20.4.1 fixed in 21.3.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32630 | MEDIUM4.5 | file-type 20.4.1 fixed in 21.3.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-13465 | MEDIUM4.5 | lodash 4.17.21 fixed in 4.17.23 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2950 | MEDIUM4.5 | lodash 4.17.21 fixed in 4.18.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2950 | MEDIUM4.5 | lodash 4.17.23 fixed in 4.18.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-28387 | MEDIUM4.13 | libcrypto3 3.3.6-r0 fixed in 3.3.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-28387 | MEDIUM4.13 | libssl3 3.3.6-r0 fixed in 3.3.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-40175 | MEDIUM4.08 | axios 1.12.2 fixed in 1.15.0, 0.31.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-21538 | LOW3.74 | cross-spawn 7.0.3 fixed in 7.0.5, 6.0.6 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-26960 | LOW3.62 | tar 6.2.1 fixed in 7.5.8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-26960 | LOW3.62 | tar 7.4.3 fixed in 7.5.8 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-3449 | LOW3.4 | @tootallnate/once 1.1.2 fixed in 3.0.1, 2.0.1 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-29786 | LOW3.21 | tar 6.2.1 fixed in 7.5.10 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-29786 | LOW3.21 | tar 7.4.3 fixed in 7.5.10 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-23745 | LOW3.11 | tar 6.2.1 fixed in 7.5.3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-23745 | LOW3.11 | tar 7.4.3 fixed in 7.5.3 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-31802 | LOW2.8 | tar 6.2.1 fixed in 7.5.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-31802 | LOW2.8 | tar 7.4.3 fixed in 7.5.11 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-64756 | LOW2.7 | glob 10.4.5 fixed in 11.1.0, 10.5.0 | 3.0% Low-Moderate Risk | Post-Exploit |
| CVE-2025-5889 | LOW2.63 | brace-expansion 2.0.1 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-24842 | LOW2.51 | tar 6.2.1 fixed in 7.5.7 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-24842 | LOW2.51 | tar 7.4.3 fixed in 7.5.7 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | LOW2.39 | musl 1.2.5-r8 fixed in 1.2.5-r11 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | LOW2.39 | musl-utils 1.2.5-r8 fixed in 1.2.5-r11 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-22184 | LOW2.39 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-23950 | LOW1.81 | tar 6.2.1 fixed in 7.5.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-23950 | LOW1.81 | tar 7.4.3 fixed in 7.5.4 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox 1.37.0-r9 fixed in 1.37.0-r14 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox-binsh 1.37.0-r9 fixed in 1.37.0-r14 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | ssl_client 1.37.0-r9 fixed in 1.37.0-r14 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2024-58251 | NONE0 | busybox 1.37.0-r9 fixed in 1.37.0-r14 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | busybox-binsh 1.37.0-r9 fixed in 1.37.0-r14 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | ssl_client 1.37.0-r9 fixed in 1.37.0-r14 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42040 | NONE0 | axios 1.12.2 fixed in 1.15.1, 0.31.1 | 0.2% Theoretical Threat | Not Applicable |
| GHSA-r4q5-vmmm-2653 | NONE0 | follow-redirects 1.15.6 fixed in 1.16.0 | — | Not Applicable |
| CVE-2026-12143 | NONE0 | form-data 4.0.4 fixed in 2.5.6, 3.0.5, 4.0.6 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-46625 | NONE0 | js-cookie 3.0.5 fixed in 3.0.7 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-53550 | NONE0 | js-yaml 4.1.1 fixed in 4.2.0 | — | Not Applicable |
| CVE-2026-8723 | NONE0 | qs 6.13.0 fixed in 6.15.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-8723 | NONE0 | qs 6.14.0 fixed in 6.15.2 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-53655 | NONE0 | tar 6.2.1 fixed in 7.5.16 | — | Not Applicable |
| CVE-2026-53655 | NONE0 | tar 7.4.3 fixed in 7.5.16 | — | Not Applicable |
| CVE-2026-48779 | NONE0 | ws 8.17.1 fixed in 5.2.5, 6.2.4, 7.5.11, 8.21.0 | — | Not Applicable |