Vulnerability Reporttraefik:v3.0

Name: traefik:v3.0 Security Vulnerability Report
Creator: BaseImage
Keywords: traefik:v3.0, Docker security, vulnerability scan, CVE, container security, SBOM

traefik:v3.0

DIGESTsha256:a208c74fd80a566d4ea376053bff73d31616d7af3f1465a7747b8b89ee34d97e

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve denial of service by exploiting vulnerabilities in HTTP/2 and HTTP/3 processing (e.g., CVE-2026-40898, CVE-2026-33814), leading to excessive resource consumption or service hangs. Furthermore, if configured to use the webroot HTTP-01 ACME challenge, a malicious ACME server could leverage CVE-2026-40611 to write or delete arbitrary files on the container filesystem, potentially compromising it. Immediate action is required to either mitigate these issues or replace the image with a more secure version before any production deployment.

Threat Score

100/100

DANGEROUS

Multiple critical vulnerabilities (severity 7.5), including CVE-2026-40898 and CVE-2026-33814, could lead to denial of service by exploiting core HTTP/3 and HTTP/2 processing.
A high-severity vulnerability, CVE-2026-40611 (severity 7.48), allows arbitrary file write and deletion through path traversal if the ACME webroot challenge provider is used.
The image contains 132 exposed vulnerabilities, with 4 critical issues having severity 7.5 or higher, indicating a significant attack surface.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

traefik:v3.0

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

147 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-40898	HIGH7.5	github.com/quic-go/quic-go v0.45.1 fixed in 0.59.1	—	Directly ExposedContext importance: HIGH
CVE-2026-33814	HIGH7.5	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Directly ExposedContext importance: HIGH
CVE-2026-39820	HIGH7.5	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Directly ExposedContext importance: HIGH
CVE-2026-40611	HIGH7.48	github.com/go-acme/lego/v4 v4.17.4 fixed in 4.34.0	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-28387	MEDIUM6.88	libcrypto3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM6.88	libssl3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68121	MEDIUM6.8	stdlib v1.22.4 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-15467	MEDIUM6.66	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-15467	MEDIUM6.66	libssl3 3.3.1-r0 fixed in 3.3.6-r0	0.9% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-40200	MEDIUM6.63	musl 1.2.5-r0 fixed in 1.2.5-r3	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40200	MEDIUM6.63	musl-utils 1.2.5-r0 fixed in 1.2.5-r3	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-22184	MEDIUM6.63	zlib 1.3.1-r1 fixed in 1.3.2-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34986	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.0.2 fixed in 4.1.4	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-27144	MEDIUM6.38	github.com/go-jose/go-jose/v4 v4.0.2 fixed in 4.0.5	0.1% Theoretical Threat	Directly Exposed
CVE-2025-30204	MEDIUM6.38	github.com/golang-jwt/jwt/v4 v4.5.0 fixed in 4.5.2	0.1% Theoretical Threat	Directly Exposed
CVE-2025-30204	MEDIUM6.38	github.com/golang-jwt/jwt/v5 v5.2.1 fixed in 5.2.2	0.1% Theoretical Threat	Directly Exposed
CVE-2025-22869	MEDIUM6.38	golang.org/x/crypto v0.24.0 fixed in 0.35.0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-22868	MEDIUM6.38	golang.org/x/oauth2 v0.21.0 fixed in 0.27.0	0.1% Theoretical Threat	Directly Exposed
CVE-2024-34156	MEDIUM6.38	stdlib v1.22.4 fixed in 1.22.7, 1.23.1	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61726	MEDIUM6.38	stdlib v1.22.4 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM6.38	stdlib v1.22.4 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-25679	MEDIUM6.38	stdlib v1.22.4 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM6.38	stdlib v1.22.4 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32281	MEDIUM6.38	stdlib v1.22.4 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32283	MEDIUM6.38	stdlib v1.22.4 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58183	MEDIUM6.38	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61728	MEDIUM6.38	stdlib v1.22.4 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-12797	MEDIUM6.29	libcrypto3 3.3.1-r0 fixed in 3.3.3-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-12797	MEDIUM6.29	libssl3 3.3.1-r0 fixed in 3.3.3-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33186	MEDIUM6.18	google.golang.org/grpc v1.64.0 fixed in 1.79.3	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-6119	MEDIUM6	libcrypto3 3.3.1-r0 fixed in 3.3.2-r0	6.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-6119	MEDIUM6	libssl3 3.3.1-r0 fixed in 3.3.2-r0	6.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM6	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Directly ExposedContext importance: MEDIUM
CVE-2025-26519	MEDIUM5.95	musl 1.2.5-r0 fixed in 1.2.5-r1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-26519	MEDIUM5.95	musl-utils 1.2.5-r0 fixed in 1.2.5-r1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.27.0 fixed in 1.43.0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-47907	MEDIUM5.95	stdlib v1.22.4 fixed in 1.23.12, 1.24.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libcrypto3 3.3.1-r0 fixed in 3.3.1-r1	5.1% Low-Moderate Risk	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libssl3 3.3.1-r0 fixed in 3.3.1-r1	5.1% Low-Moderate Risk	Directly Exposed
CVE-2024-24791	MEDIUM5.9	stdlib v1.22.4 fixed in 1.21.12, 1.22.5	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.22.4 fixed in 1.23.10, 1.24.4	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-45337	MEDIUM5.66	golang.org/x/crypto v0.24.0 fixed in 0.31.0	30.3% High Exploitation Risk	Directly Exposed
CVE-2024-53259	MEDIUM5.52	github.com/quic-go/quic-go v0.45.1 fixed in 0.48.2	0.8% Theoretical Threat	Directly Exposed
CVE-2025-22872	MEDIUM5.52	golang.org/x/net v0.26.0 fixed in 0.38.0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.22.4 fixed in 1.23.12, 1.24.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.22.4 fixed in 1.24.11, 1.25.5	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.22.4 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM5.4	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.22.4 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-9231	MEDIUM5.02	libcrypto3 3.3.1-r0 fixed in 3.3.5-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-9231	MEDIUM5.02	libssl3 3.3.1-r0 fixed in 3.3.5-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.3.1-r0 fixed in 3.3.6-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.3.1-r0 fixed in 3.3.6-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.22.4 fixed in 1.22.7, 1.23.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-34158	MEDIUM5.02	stdlib v1.22.4 fixed in 1.22.7, 1.23.1	0.2% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.22.4 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.1% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libcrypto3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-31789	MEDIUM5	libssl3 3.3.1-r0 fixed in 3.3.7-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM4.76	libcrypto3 3.3.1-r0 fixed in 3.3.5-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM4.76	libssl3 3.3.1-r0 fixed in 3.3.5-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r0 fixed in 1.2.5-r2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl-utils 1.2.5-r0 fixed in 1.2.5-r2	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r1 fixed in 1.3.2-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.22.4 fixed in 1.25.9, 1.26.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.22.4 fixed in 1.23.8, 1.24.2	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.22.4 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-54799	MEDIUM4.5	github.com/go-acme/lego/v4 v4.17.4 fixed in 4.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-11065	MEDIUM4.5	github.com/go-viper/mapstructure/v2 v2.0.0 fixed in 2.4.0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-59530	MEDIUM4.5	github.com/quic-go/quic-go v0.45.1 fixed in 0.49.1, 0.54.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-64702	MEDIUM4.5	github.com/quic-go/quic-go v0.45.1 fixed in 0.57.0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.24.0 fixed in 0.45.0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.24.0 fixed in 0.45.0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.22.4 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.22.4 fixed in 1.23.9, 1.24.3	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.9, 1.25.3	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.12, 1.25.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.22.4 fixed in 1.24.8, 1.25.2	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-28180	MEDIUM4.3	gopkg.in/square/go-jose.v2 v2.5.1 No fix yet	4.9% Low-Moderate Risk	Directly Exposed
CVE-2024-13176	MEDIUM4	libcrypto3 3.3.1-r0 fixed in 3.3.2-r2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libssl3 3.3.1-r0 fixed in 3.3.2-r2	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34040	LOW3.98	github.com/docker/docker v25.0.5+incompatible fixed in 29.3.1	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-22870	LOW3.74	golang.org/x/net v0.26.0 fixed in 0.36.0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.22.4 fixed in 1.23.7, 1.24.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.22.4 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.1% Theoretical Threat	Directly Exposed
CVE-2024-41110	LOW3.56	github.com/docker/docker v25.0.5+incompatible fixed in 23.0.15, 26.1.5, 27.1.1, 25.0.6	4.1% Low-Moderate Risk	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.3.1-r0 fixed in 3.3.6-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.15	libcrypto3 3.3.1-r0 fixed in 3.3.2-r1	0.9% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.15	libssl3 3.3.1-r0 fixed in 3.3.2-r1	0.9% Theoretical Threat	Directly Exposed
CVE-2026-39836	LOW2.7	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Post-Exploit
CVE-2025-54410	LOW2.65	github.com/docker/docker v25.0.5+incompatible fixed in 25.0.13, 28.0.0	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-9232	LOW2.63	libcrypto3 3.3.1-r0 fixed in 3.3.5-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW2.63	libssl3 3.3.1-r0 fixed in 3.3.5-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-51744	LOW2.63	github.com/golang-jwt/jwt/v4 v4.5.0 fixed in 4.5.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33997	LOW2.48	github.com/docker/docker v25.0.5+incompatible fixed in 29.3.1	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-15558	LOW2.45	github.com/docker/cli v24.0.9+incompatible fixed in 29.2.0	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.22.4 fixed in 1.25.8, 1.26.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-46394	LOW1.68	busybox 1.36.1-r29 fixed in 1.36.1-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.36.1-r29 fixed in 1.36.1-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.36.1-r29 fixed in 1.36.1-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-58251	NONE0	busybox 1.36.1-r29 fixed in 1.36.1-r31	<0.1% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.36.1-r29 fixed in 1.36.1-r31	<0.1% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.36.1-r29 fixed in 1.36.1-r31	<0.1% Theoretical Threat	Not Applicable
CVE-2026-41567	NONE0	github.com/docker/docker v25.0.5+incompatible No fix yet	—	Not Applicable
CVE-2026-42306	NONE0	github.com/docker/docker v25.0.5+incompatible No fix yet	—	Not Applicable
CVE-2026-41568	NONE0	github.com/docker/docker v25.0.5+incompatible No fix yet	—	Not Applicable
GHSA-fv92-fjc5-jj9h	NONE0	github.com/go-viper/mapstructure/v2 v2.0.0 fixed in 2.3.0	—	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 fixed in 1.43.0	<0.1% Theoretical Threat	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 fixed in 1.43.0	<0.1% Theoretical Threat	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.27.0 fixed in 1.40.0	<0.1% Theoretical Threat	Not Applicable
GHSA-xr7q-jx4m-x55m	NONE0	google.golang.org/grpc v1.64.0 fixed in 1.64.1	—	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.22.4 fixed in 1.25.10, 1.26.3	—	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.22.4 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.22.4 fixed in 1.23.10, 1.24.4	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.22.4 fixed in 1.25.11, 1.26.4	—	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.22.4 fixed in 1.25.11, 1.26.4	—	Not Applicable