Vulnerability Reporttimberio/vector:nightly-2026-06-18-distroless-libc

timberio/vector:nightly-2026-06-18-distroless-libc

DIGESTsha256:1f9374087f898f20cbb1094c3c21849008c5f14a7bb8f0ac9973f0eddc51f1b6

Executive Summary

Threat ScoreSAFE• Trusted publisher (Timberio) with verified image and pinned by digest• No high-severity vulnerabilities (max exposed severity 4.67, max post-exploit severity 3.53)• No findings in top exposed surface or post-exploit analysis

0/100SAFE

ReputationVERIFIED• Verified Publisher (Trusted Vendor)• Pinned by digest (Immutable)

TRUSTED

This image is safe for production use. Although the image contains 9 exposed and 16 post-exploit vulnerabilities, all are low severity (max 4.67) and no exploitable high-risk issues were identified. The image is published by a trusted vendor, immutable via digest pinning, and has no critical or high-severity findings that would impact production deployment.

Vulnerabilities

Vulnerability Log

26 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgomp1 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.4% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2019-1010022	LOW3.53	libc6 2.36-9+deb12u14 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2026-34180	LOW3.4	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010023	LOW3.17	libc6 2.36-9+deb12u14 No fix yet	3.1% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.3% Theoretical Threat	Post-Exploit
CVE-2018-20796	LOW2.7	libc6 2.36-9+deb12u14 No fix yet	5.8% Low-Moderate Risk	Post-Exploit
CVE-2019-9192	LOW2.7	libc6 2.36-9+deb12u14 No fix yet	2.4% Low-Moderate Risk	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.2% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010024	LOW1.91	libc6 2.36-9+deb12u14 No fix yet	3.2% Low-Moderate Risk	Post-Exploit
CVE-2019-1010025	LOW1.91	libc6 2.36-9+deb12u14 No fix yet	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.36-9+deb12u14 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42766	LOW1.62	libssl3 3.0.20-1~deb12u1 fixed in 3.0.20-1~deb12u2	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42767	LOW1.62	libssl3 3.0.20-1~deb12u1 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2010-4756	LOW1.44	libc6 2.36-9+deb12u14 No fix yet	2.6% Low-Moderate Risk	Post-Exploit
CVE-2022-27943	NONE0	gcc-12-base 12.2.0-14+deb12u1 No fix yet	0.9% Theoretical Threat	Not Applicable
CVE-2025-27587	NONE0	libssl3 3.0.20-1~deb12u1 No fix yet	0.4% Theoretical Threat	Not Applicable