Vulnerability Reporttimberio/vector:nightly-2026-06-17-distroless-libc

timberio/vector:nightly-2026-06-17-distroless-libc

DIGESTsha256:b9dc5f8593a894b8a1d9b178a76ae00e50b9a0766707d5ff79e26897d7402372

Executive Summary

Threat ScoreSAFE• Threat score is 0, indicating no exploitable risks in this context.• No high-severity vulnerabilities found; max exposed severity is 4.67.• Image is from a verified publisher (Timberio) and pinned by digest, ensuring integrity.

0/100SAFE

ReputationVERIFIED• Verified Publisher (Trusted Vendor)• Pinned by digest (Immutable)

TRUSTED

This image is safe for production use. Although 9 exposed and 17 post-exploit vulnerabilities were detected, all are low severity (max CVSS 4.67) and none are exposed in a way that would allow remote exploitation. The image is trusted, verified, and pinned by digest, reducing supply chain risks.

Vulnerabilities

Vulnerability Log

26 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2022-27943	MEDIUM4.67	gcc-12-base 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgomp1 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.4% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2019-1010022	LOW3.53	libc6 2.36-9+deb12u14 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010023	LOW3.17	libc6 2.36-9+deb12u14 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.3% Theoretical Threat	Post-Exploit
CVE-2018-20796	LOW2.7	libc6 2.36-9+deb12u14 No fix yet	5.8% Low-Moderate Risk	Post-Exploit
CVE-2019-9192	LOW2.7	libc6 2.36-9+deb12u14 No fix yet	2.4% Low-Moderate Risk	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010024	LOW1.91	libc6 2.36-9+deb12u14 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010025	LOW1.91	libc6 2.36-9+deb12u14 No fix yet	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.36-9+deb12u14 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW1.62	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW1.62	libssl3 3.0.20-1~deb12u1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34180	LOW1.53	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.5% Theoretical Threat	Post-Exploit
CVE-2010-4756	LOW1.44	libc6 2.36-9+deb12u14 No fix yet	2.6% Low-Moderate Risk	Post-Exploit
CVE-2025-27587	NONE0	libssl3 3.0.20-1~deb12u1 No fix yet	0.4% Theoretical Threat	Not Applicable