Vulnerability Reportsonatype/nexus3:3.92.1

sonatype/nexus3:3.92.1-alpinesonatype/nexus3:3.92.1

DIGESTsha256:e08d0236154d13fb2a4fb050d9553762a92261b72d92dea99d99bb38ece5cac5

Executive Summary

Threat ScoreDANGEROUS• Critical vulnerability CVE-2026-42581 (CVSS 8.33) in Netty HTTP codec allows HTTP request smuggling, directly exploitable in internet-facing Nexus service.• Multiple high-severity vulnerabilities in OpenSSL (CVE-2026-45447) and OpenJDK (CVE-2026-22016, CVE-2026-34282) could lead to remote code execution or denial of service.• Total of 114 exposed vulnerabilities, including 32 medium-severity (≥6.0) and 1 critical, indicating a large attack surface.• Image is from a verified publisher (Sonatype) with high trust, but vulnerability severity outweighs trust.

75/100DANGEROUS

ReputationVERIFIED• Verified Publisher (Trusted Vendor)• Pinned by digest (Immutable)

TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit HTTP request smuggling via CVE-2026-42581 to intercept or manipulate traffic, and leverage vulnerabilities in OpenSSL and OpenJDK for remote code execution or denial of service. Note: CVE-2026-45447 requires processing PKCS#7 messages, which may not be enabled by default. Immediate remediation is required.

Vulnerabilities

Vulnerability Log

143 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42581	HIGH8.33	io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-45674	MEDIUM6.8	io.netty:netty-resolver-dns 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-47691	MEDIUM6.8	io.netty:netty-resolver-dns 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45447	MEDIUM6.48	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-45447	MEDIUM6.48	libssl3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-22016	MEDIUM6.38	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34282	MEDIUM6.38	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-22016	MEDIUM6.38	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34282	MEDIUM6.38	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-22016	MEDIUM6.38	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34282	MEDIUM6.38	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-22016	MEDIUM6.38	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34282	MEDIUM6.38	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-22016	MEDIUM6.38	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34282	MEDIUM6.38	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-22016	MEDIUM6.38	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34282	MEDIUM6.38	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42585	MEDIUM6.38	io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http2 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-48043	MEDIUM6.38	io.netty:netty-codec-http2 4.2.12.Final fixed in 4.1.135.Final, 4.2.15.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42578	MEDIUM6.38	io.netty:netty-handler-proxy 4.2.12.Final fixed in 4.1.133.Final, 4.2.13.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45292	MEDIUM6.38	io.opentelemetry:opentelemetry-api 1.47.0 fixed in 1.62.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42198	MEDIUM6.38	org.postgresql:postgresql 42.7.2 fixed in 42.7.11	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	MEDIUM6.18	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45445	MEDIUM6.18	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42579	MEDIUM6.18	io.netty:netty-codec-dns 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42584	MEDIUM6.18	io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-45673	MEDIUM5.78	io.netty:netty-resolver-dns 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-41417	MEDIUM5.52	io.netty:netty-codec-http 4.2.12.Final fixed in 4.1.133.Final, 4.2.13.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42580	MEDIUM5.52	io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM5.5	io.netty:netty-handler 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM5.1	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34183	MEDIUM5.1	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22013	MEDIUM4.5	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22021	MEDIUM4.5	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23865	MEDIUM4.5	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22013	MEDIUM4.5	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22021	MEDIUM4.5	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23865	MEDIUM4.5	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22013	MEDIUM4.5	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22021	MEDIUM4.5	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23865	MEDIUM4.5	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22013	MEDIUM4.5	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22021	MEDIUM4.5	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23865	MEDIUM4.5	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22013	MEDIUM4.5	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22021	MEDIUM4.5	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23865	MEDIUM4.5	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22013	MEDIUM4.5	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22021	MEDIUM4.5	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23865	MEDIUM4.5	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-50020	MEDIUM4.5	io.netty:netty-codec-http 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-47244	MEDIUM4.5	io.netty:netty-codec-http2 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-50560	MEDIUM4.5	io.netty:netty-codec-http2 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-23903	MEDIUM4.5	org.apache.shiro:shiro-spring 1.13.0 fixed in 2.1.0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1225	MEDIUM4.25	ch.qos.logback:logback-core 1.5.19 fixed in 1.5.25	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-epoll 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-kqueue 4.2.12.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-3784	LOW3.31	curl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl 8.17.0-r1 fixed in 8.19.0-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-34181	LOW3.21	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42768	LOW3.21	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22008	LOW3.15	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22018	LOW3.15	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22008	LOW3.15	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22018	LOW3.15	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22008	LOW3.15	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22018	LOW3.15	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22008	LOW3.15	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22018	LOW3.15	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22008	LOW3.15	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22018	LOW3.15	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22008	LOW3.15	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22018	LOW3.15	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42764	LOW3.01	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW3.01	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW3.01	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW3.01	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	curl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-7383	LOW2.8	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW2.7	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW2.7	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW2.55	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-22007	LOW2.46	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34268	LOW2.46	openjdk25 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22007	LOW2.46	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34268	LOW2.46	openjdk25-demos 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22007	LOW2.46	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34268	LOW2.46	openjdk25-jdk 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22007	LOW2.46	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34268	LOW2.46	openjdk25-jmods 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22007	LOW2.46	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34268	LOW2.46	openjdk25-jre 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-22007	LOW2.46	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-34268	LOW2.46	openjdk25-jre-headless 25.0.2_p10-r1 fixed in 25.0.3_p9-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-14017	LOW2.45	curl 8.17.0-r1 fixed in 8.19.0-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-23901	LOW2.12	org.apache.shiro:shiro-core 1.13.0 fixed in 2.1.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-1965	LOW2.08	curl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	curl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW2.08	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW1.99	curl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW1.99	libcurl 8.17.0-r1 fixed in 8.19.0-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-45446	LOW1.89	openssl 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-40930	NONE0	libpng 1.6.57-r0 fixed in 1.6.58-r1	0.2% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec-compression 4.2.12.Final fixed in 4.2.13.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-42577	NONE0	io.netty:netty-transport-native-epoll 4.2.12.Final fixed in 4.2.13.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-8149	NONE0	org.bouncycastle:bc-fips 2.1.2 No fix yet	0.2% Theoretical Threat	Not Applicable