Vulnerability Reporttrinodb/trino:476

trinodb/trino:476

DIGESTsha256:00125e40d063bc4816d165482f6044872b18b56026fb959d3b28ce1f96ffbbee

Executive Summary

Threat ScoreDANGEROUS• 188 total vulnerabilities found, including 5 with severity >= 7.0 and max severity 8.1.• Critical request smuggling vulnerability in Jetty (CVE-2026-2332, severity 7.73) allows an external attacker to bypass security controls and access sensitive data.• HTTP/2 denial-of-service vulnerability in Jetty (CVE-2025-5115, severity 7.5) enables remote resource exhaustion without authentication.• High-severity libssh out-of-bounds read (CVE-2025-5318, severity 8.1) could leak sensitive memory contents.• Other high-risk flaws include RCE in commons-beanutils (CVE-2025-48734) and multiple libssh issues.• Despite high community reputation and over 22 million pulls, these unpatched vulnerabilities pose significant risk to production deployments.

100/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (22M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit Jetty request smuggling or HTTP/2 DoS to compromise the Trino service, leading to data theft, service disruption, or potential remote code execution via the BeanUtils vulnerability. Note that CVE-2025-48734 requires external control of property paths, which is not a default Trino configuration, but other high-severity issues are directly exploitable. Immediate remediation or use of an alternative image is strongly advised.

Vulnerabilities

Vulnerability Log

317 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-5318	HIGH8.1	libssh 0.10.4-13.el9 fixed in 0.10.4-15.el9_7	2.4% Low-Moderate Risk	Directly Exposed
CVE-2026-2332	HIGH7.73	org.eclipse.jetty:jetty-http 12.0.22 fixed in 12.1.7, 12.0.33	0.4% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2025-5115	HIGH7.5	org.eclipse.jetty.http2:jetty-http2-common 12.0.22 fixed in 12.0.25, 12.1.0.beta3	1.6% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2025-5372	HIGH7.48	libssh 0.10.4-13.el9 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-48734	HIGH7.04	commons-beanutils:commons-beanutils 1.10.0 fixed in 1.11.0	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-0966	MEDIUM6.97	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.6% Theoretical Threat	Directly Exposed
CVE-2026-0861	MEDIUM6.88	glibc 2.34-168.el9_6.14 fixed in 2.34-231.el9_7.10	0.4% Theoretical Threat	Directly Exposed
CVE-2026-28387	MEDIUM6.88	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-59250	MEDIUM6.88	com.microsoft.sqlserver:mssql-jdbc 12.10.0.jre11 fixed in 10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11	0.7% Theoretical Threat	Directly Exposed
CVE-2026-44249	MEDIUM6.88	io.netty:netty-handler 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2021-22144	MEDIUM6.5	org.elasticsearch:elasticsearch 7.10.2 fixed in 6.8.17, 7.13.3	1.7% Low-Moderate Risk	Directly Exposed
CVE-2025-6176	MEDIUM6.38	libbrotli 1.0.9-7.el9_5 fixed in 1.0.9-9.el9_7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	libnghttp2 1.43.0-6.el9 fixed in 1.43.0-6.el9_7.1	0.6% Theoretical Threat	Directly Exposed
CVE-2026-3731	MEDIUM6.38	libssh 0.10.4-13.el9 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-3.el9_8	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-41409	MEDIUM6.38	pcre2 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Directly Exposed
CVE-2025-67721	MEDIUM6.38	io.airlift:aircompressor 2.0.2 fixed in 2.0.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-67721	MEDIUM6.38	io.airlift:aircompressor-v3 3.2 fixed in 3.4	0.4% Theoretical Threat	Directly Exposed
CVE-2025-55163	MEDIUM6.38	io.grpc:grpc-netty-shaded 1.70.0 fixed in 1.75.0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-44894	MEDIUM6.38	io.netty:netty-codec-classes-quic 4.2.1.Final fixed in 4.2.15.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2025-58057	MEDIUM6.38	io.netty:netty-codec-compression 4.2.1.Final fixed in 4.2.5.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-44893	MEDIUM6.38	io.netty:netty-codec-haproxy 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-48059	MEDIUM6.38	io.netty:netty-codec-haproxy 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-33870	MEDIUM6.38	io.netty:netty-codec-http 4.2.1.Final fixed in 4.1.132.Final, 4.2.10.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42585	MEDIUM6.38	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2025-58056	MEDIUM6.38	io.netty:netty-codec-http 4.2.1.Final fixed in 4.1.125.Final, 4.2.5.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2025-55163	MEDIUM6.38	io.netty:netty-codec-http2 4.2.1.Final fixed in 4.2.4.Final, 4.1.124.Final	0.9% Theoretical Threat	Directly Exposed
CVE-2026-33871	MEDIUM6.38	io.netty:netty-codec-http2 4.2.1.Final fixed in 4.1.132.Final, 4.2.11.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42587	MEDIUM6.38	io.netty:netty-codec-http2 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-48043	MEDIUM6.38	io.netty:netty-codec-http2 4.2.1.Final fixed in 4.1.135.Final, 4.2.15.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-44248	MEDIUM6.38	io.netty:netty-codec-mqtt 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44250	MEDIUM6.38	io.netty:netty-codec-redis 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-44890	MEDIUM6.38	io.netty:netty-codec-redis 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-48006	MEDIUM6.38	io.netty:netty-codec-redis 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50011	MEDIUM6.38	io.netty:netty-codec-redis 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45416	MEDIUM6.38	io.netty:netty-handler 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-50010	MEDIUM6.38	io.netty:netty-handler 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42578	MEDIUM6.38	io.netty:netty-handler-proxy 4.2.1.Final fixed in 4.1.133.Final, 4.2.13.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-46340	MEDIUM6.38	io.netty:netty-transport-sctp 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.6% Theoretical Threat	Directly Exposed
CVE-2026-45292	MEDIUM6.38	io.opentelemetry:opentelemetry-api 1.50.0 fixed in 1.62.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45292	MEDIUM6.38	io.opentelemetry:opentelemetry-extension-trace-propagators 1.50.0 fixed in 1.62.0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1605	MEDIUM6.38	org.eclipse.jetty:jetty-server 12.0.22 fixed in 12.1.6, 12.0.32	0.4% Theoretical Threat	Directly Exposed
CVE-2023-46673	MEDIUM6.38	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.14, 8.10.3	0.8% Theoretical Threat	Directly Exposed
CVE-2024-23444	MEDIUM6.38	org.elasticsearch:elasticsearch 7.10.2 fixed in 8.13.0, 7.17.23	0.2% Theoretical Threat	Directly Exposed
CVE-2024-23450	MEDIUM6.38	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.19, 8.13.0	0.9% Theoretical Threat	Directly Exposed
CVE-2024-43709	MEDIUM6.38	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.21, 8.13.3	0.6% Theoretical Threat	Directly Exposed
CVE-2024-52979	MEDIUM6.38	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.25, 8.16.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-66566	MEDIUM6.38	org.lz4:lz4-java 1.8.0 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2025-9624	MEDIUM6.38	org.opensearch:opensearch-common 2.19.2 fixed in 3.3.0, 2.19.4	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42198	MEDIUM6.38	org.postgresql:postgresql 42.7.6 fixed in 42.7.11	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-24281	MEDIUM6.29	org.apache.zookeeper:zookeeper 3.9.3 fixed in 3.8.6, 3.9.5	0.3% Theoretical Threat	Directly Exposed
CVE-2025-37731	MEDIUM6.29	org.elasticsearch:elasticsearch 7.10.2 fixed in 8.19.8, 9.1.8, 9.2.2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-37731	MEDIUM6.29	org.elasticsearch:elasticsearch 7.17.28 fixed in 8.19.8, 9.1.8, 9.2.2	0.2% Theoretical Threat	Directly Exposed
CVE-2026-43869	MEDIUM6.21	org.apache.thrift:libthrift 0.21.0 fixed in 0.23.0	0.3% Theoretical Threat	Directly Exposed
CVE-2023-2976	MEDIUM6.03	com.google.guava:guava 29.0-android fixed in 32.0.0-android	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42586	MEDIUM6.03	io.netty:netty-codec-redis 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	glibc 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.19	0.4% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	glibc-common 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.19	0.4% Theoretical Threat	Directly Exposed
CVE-2025-4802	MEDIUM5.95	glibc-minimal-langpack 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.19	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4878	MEDIUM5.95	libcap 2.48-9.el9_2 fixed in 2.48-10.el9_8.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.9	libtasn1 4.16.0-9.el9 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2024-41996	MEDIUM5.9	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-22185	MEDIUM5.78	openldap 2.6.8-4.el9 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45673	MEDIUM5.78	io.netty:netty-resolver-dns 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-35554	MEDIUM5.78	org.apache.kafka:kafka-clients 4.0.0 fixed in 3.9.2, 4.0.2, 4.1.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM5.6	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-4.el9_7	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc 2.34-168.el9_6.14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-common 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-common 2.34-168.el9_6.14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-4437	MEDIUM5.52	glibc-minimal-langpack 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	glibc-minimal-langpack 2.34-168.el9_6.14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2025-5351	MEDIUM5.52	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.5% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-fips-provider 3.0.7-6.el9_5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-fips-provider-so 3.0.7-6.el9_5 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2025-67735	MEDIUM5.52	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.8.Final, 4.1.129.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-41417	MEDIUM5.52	io.netty:netty-codec-http 4.2.1.Final fixed in 4.1.133.Final, 4.2.13.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42580	MEDIUM5.52	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34214	MEDIUM5.52	io.trino:trino-iceberg 476 fixed in 480	0.2% Theoretical Threat	Directly Exposed
CVE-2025-11143	MEDIUM5.52	org.eclipse.jetty:jetty-http 12.0.22 fixed in 12.0.31, 12.1.5	0.2% Theoretical Threat	Directly Exposed
CVE-2023-49921	MEDIUM5.52	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.16, 8.11.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-12183	MEDIUM5.52	org.lz4:lz4-java 1.8.0 fixed in 1.8.1	0.7% Theoretical Threat	Directly Exposed
CVE-2025-11226	MEDIUM5.44	ch.qos.logback:logback-core 1.5.18 fixed in 1.5.19, 1.3.16	0.2% Theoretical Threat	Directly Exposed
CVE-2026-0964	MEDIUM5.35	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2025-59419	MEDIUM5.3	io.netty:netty-codec-smtp 4.2.1.Final fixed in 4.2.7.Final, 4.1.128.Final	1.6% Low-Moderate Risk	Directly Exposed
CVE-2021-22135	MEDIUM5.3	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.11.2, 6.8.15	1.2% Low-Moderate Risk	Directly Exposed
CVE-2025-11187	MEDIUM5.18	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22227	MEDIUM5.18	io.projectreactor.netty:reactor-netty-http 1.0.48 fixed in 1.3.0-M5, 1.2.8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc 2.34-168.el9_6.14 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-15281	MEDIUM5.02	glibc 2.34-168.el9_6.14 fixed in 2.34-231.el9_7.10	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-common 2.34-168.el9_6.14 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	glibc-minimal-langpack 2.34-168.el9_6.14 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2025-3576	MEDIUM5.02	krb5-libs 1.21.1-6.el9 fixed in 1.21.1-8.el9_6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-40355	MEDIUM5.02	krb5-libs 1.21.1-6.el9 fixed in 1.21.1-10.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-40356	MEDIUM5.02	krb5-libs 1.21.1-6.el9 fixed in 1.21.1-10.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-fips-provider 3.0.7-6.el9_5 No fix yet	1.0% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-fips-provider-so 3.0.7-6.el9_5 No fix yet	1.0% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-2.el9_8	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2025-49146	MEDIUM5.02	org.postgresql:postgresql 42.7.6 fixed in 42.7.7	0.5% Theoretical Threat	Directly Exposed
CVE-2025-37727	MEDIUM4.84	org.elasticsearch:elasticsearch 7.10.2 fixed in 8.18.8, 8.19.5, 9.0.8, 9.1.5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-37727	MEDIUM4.84	org.elasticsearch:elasticsearch 7.17.28 fixed in 8.18.8, 8.19.5, 9.0.8, 9.1.5	0.2% Theoretical Threat	Directly Exposed
CVE-2025-5702	MEDIUM4.76	glibc 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.20	0.2% Theoretical Threat	Directly Exposed
CVE-2025-5702	MEDIUM4.76	glibc-common 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.20	0.2% Theoretical Threat	Directly Exposed
CVE-2025-5702	MEDIUM4.76	glibc-minimal-langpack 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.20	0.2% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libgcc 11.5.0-5.el9_5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc 11.5.0-5.el9_5 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2026-0967	MEDIUM4.67	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Directly Exposed
CVE-2021-46195	MEDIUM4.67	libstdc++ 11.5.0-5.el9_5 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++ 11.5.0-5.el9_5 No fix yet	0.9% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.2.11-40.el9 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-3293	MEDIUM4.67	net.snowflake:snowflake-jdbc 3.24.2 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-0915	MEDIUM4.5	glibc 2.34-168.el9_6.14 fixed in 2.34-231.el9_7.10	0.6% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-common 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4046	MEDIUM4.5	glibc-minimal-langpack 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Directly Exposed
CVE-2026-50020	MEDIUM4.5	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-47244	MEDIUM4.5	io.netty:netty-codec-http2 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.5% Theoretical Threat	Directly Exposed
CVE-2026-50560	MEDIUM4.5	io.netty:netty-codec-http2 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.3% Theoretical Threat	Directly Exposed
CVE-2024-29131	MEDIUM4.4	org.apache.commons:commons-configuration2 2.8.0 fixed in 2.10.1	2.1% Low-Moderate Risk	Directly Exposed
CVE-2024-29133	MEDIUM4.4	org.apache.commons:commons-configuration2 2.8.0 fixed in 2.10.1	1.7% Low-Moderate Risk	Directly Exposed
CVE-2021-22134	MEDIUM4.3	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.11.0	1.1% Low-Moderate Risk	Directly Exposed
CVE-2026-42250	MEDIUM4.25	bzip2-libs 1.0.8-10.el9_5 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc 2.34-168.el9_6.14 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc 2.34-168.el9_6.14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-common 2.34-168.el9_6.14 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-common 2.34-168.el9_6.14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	glibc-minimal-langpack 2.34-168.el9_6.14 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	glibc-minimal-langpack 2.34-168.el9_6.14 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-11850	MEDIUM4.25	krb5-libs 1.21.1-6.el9 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.5% Theoretical Threat	Directly Exposed
CVE-2026-1225	MEDIUM4.25	ch.qos.logback:logback-core 1.5.18 fixed in 1.5.25	0.2% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-8114	MEDIUM4	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6276	LOW3.82	libcurl 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-4877	LOW3.82	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31417	LOW3.74	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.13, 8.9.2	0.2% Theoretical Threat	Directly Exposed
CVE-2025-48924	LOW3.7	org.apache.commons:commons-lang3 3.17.0 fixed in 3.18.0	2.2% Low-Moderate Risk	Directly Exposed
CVE-2025-58457	LOW3.65	org.apache.zookeeper:zookeeper 3.9.3 fixed in 3.9.4	0.3% Theoretical Threat	Directly Exposed
CVE-2023-4156	LOW3.62	gawk 5.1.0-6.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2005-2541	LOW3.6	tar 2:1.34-7.el9 No fix yet	4.0% Low-Moderate Risk	Post-Exploit
CVE-2025-8058	LOW3.57	glibc 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.23	0.2% Theoretical Threat	Directly Exposed
CVE-2025-8058	LOW3.57	glibc-common 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.23	0.2% Theoretical Threat	Directly Exposed
CVE-2025-8058	LOW3.57	glibc-minimal-langpack 2.34-168.el9_6.14 fixed in 2.34-168.el9_6.23	0.2% Theoretical Threat	Directly Exposed
CVE-2024-11053	LOW3.54	curl-minimal 7.76.1-31.el9 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-11053	LOW3.54	libcurl 7.76.1-31.el9 No fix yet	1.4% Low-Moderate Risk	Post-Exploit
CVE-2023-31419	LOW3.51	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.13, 8.9.1	60.7% Actively Exploited	Post-Exploit
CVE-2025-13034	LOW3.47	curl-minimal 7.76.1-31.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	curl-minimal 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-13034	LOW3.47	libcurl 7.76.1-31.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-1965	LOW3.47	libcurl 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-4438	LOW3.4	glibc 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-common 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2026-4438	LOW3.4	glibc-minimal-langpack 2.34-168.el9_6.14 fixed in 2.34-270.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.1-7.el9_7	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-epoll 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45536	LOW3.4	io.netty:netty-transport-native-kqueue 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Directly Exposed
CVE-2026-3784	LOW3.31	curl-minimal 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl-minimal 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl-minimal 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	curl-minimal 7.76.1-31.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-3784	LOW3.31	libcurl 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	libcurl 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	libcurl 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	libcurl 7.76.1-31.el9 No fix yet	0.6% Theoretical Threat	Post-Exploit
CVE-2026-33056	LOW3.31	tar 2:1.34-7.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	curl-minimal 7.76.1-31.el9 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-3805	LOW3.21	libcurl 7.76.1-31.el9 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-5958	LOW3.21	sed 4.8-9.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-9086	LOW3.18	curl-minimal 7.76.1-31.el9 fixed in 7.76.1-35.el9_7.3	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-9086	LOW3.18	libcurl 7.76.1-31.el9 fixed in 7.76.1-35.el9_7.3	1.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-45674	LOW3.06	io.netty:netty-resolver-dns 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Post-Exploit
CVE-2026-47691	LOW3.06	io.netty:netty-resolver-dns 4.2.1.Final fixed in 4.2.15.Final, 4.1.135.Final	0.2% Theoretical Threat	Post-Exploit
CVE-2025-4878	LOW3.06	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Directly Exposed
CVE-2021-22145	LOW3.04	org.elasticsearch.client:elasticsearch-rest-client 7.10.2 fixed in 7.13.4	76.2% Actively Exploited	Post-Exploit
CVE-2026-31789	LOW3	openssl-libs 1:3.2.2-6.el9_5.1 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42581	LOW3	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Post-Exploit
CVE-2025-5987	LOW2.92	libssh 0.10.4-13.el9 fixed in 0.10.4-17.el9_7	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-3783	LOW2.91	curl-minimal 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	libcurl 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-45582	LOW2.86	tar 2:1.34-7.el9 fixed in 2:1.34-9.el9_7	0.4% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 2:1.34-7.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-0965	LOW2.8	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Directly Exposed
CVE-2020-8908	LOW2.8	com.google.guava:guava 29.0-android fixed in 32.0.0-android	1.0% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	openssl-libs 1:3.2.2-6.el9_5.1 fixed in 1:3.5.5-4.el9_8	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42579	LOW2.78	io.netty:netty-codec-dns 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42584	LOW2.78	io.netty:netty-codec-http 4.2.1.Final fixed in 4.2.13.Final, 4.1.133.Final	0.3% Theoretical Threat	Post-Exploit
CVE-2026-2100	LOW2.7	p11-kit 0.25.3-3.el9_5 fixed in 0.26.2-1.el9	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-2100	LOW2.7	p11-kit-trust 0.25.3-3.el9_5 fixed in 0.26.2-1.el9	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-24308	LOW2.7	org.apache.zookeeper:zookeeper 3.9.3 fixed in 3.9.5, 3.8.6	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-31418	LOW2.7	org.elasticsearch:elasticsearch 7.10.2 fixed in 7.17.13, 8.9.0	1.2% Low-Moderate Risk	Post-Exploit
CVE-2026-4873	LOW2.7	curl-minimal 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl-minimal 7.76.1-31.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl-minimal 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	libcurl 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	libcurl 7.76.1-31.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	libcurl 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2024-7264	LOW2.69	curl-minimal 7.76.1-31.el9 No fix yet	16.2% High Exploitation Risk	Post-Exploit
CVE-2024-7264	LOW2.69	libcurl 7.76.1-31.el9 No fix yet	16.2% High Exploitation Risk	Post-Exploit
CVE-2025-8277	LOW2.63	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.4% Theoretical Threat	Directly Exposed
CVE-2026-0968	LOW2.63	libssh 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.4% Theoretical Threat	Directly Exposed
CVE-2025-15079	LOW2.48	curl-minimal 7.76.1-31.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-15079	LOW2.48	libcurl 7.76.1-31.el9 No fix yet	0.5% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	curl-minimal 7.76.1-31.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	libcurl 7.76.1-31.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl-minimal 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	libcurl 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-64118	LOW2.4	tar 2:1.34-7.el9 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2024-9681	LOW2.34	curl-minimal 7.76.1-31.el9 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-9681	LOW2.34	libcurl 7.76.1-31.el9 No fix yet	2.0% Low-Moderate Risk	Post-Exploit
CVE-2026-5773	LOW2.29	curl-minimal 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW2.29	curl-minimal 7.76.1-31.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW2.29	libcurl 7.76.1-31.el9 No fix yet	0.4% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 8.32-39.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils-common 8.32-39.el9 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2024-56433	LOW1.84	shadow-utils 2:4.9-12.el9 fixed in 2:4.9-15.el9	0.4% Theoretical Threat	Post-Exploit
CVE-2023-39804	LOW1.68	tar 2:1.34-7.el9 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-68121	NONE0	stdlib v1.24.2 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Not Applicable
CVE-2025-5372	NONE0	libssh-config 0.10.4-13.el9 No fix yet	0.4% Theoretical Threat	Not Applicable
CVE-2026-0966	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.6% Theoretical Threat	Not Applicable
CVE-2025-5318	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-15.el9_7	2.4% Low-Moderate Risk	Not Applicable
CVE-2025-5987	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-17.el9_7	1.4% Low-Moderate Risk	Not Applicable
CVE-2026-3731	NONE0	libssh-config 0.10.4-13.el9 No fix yet	0.6% Theoretical Threat	Not Applicable
CVE-2022-41409	NONE0	pcre2-syntax 10.40-6.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2025-22874	NONE0	stdlib v1.24.2 fixed in 1.24.4	0.3% Theoretical Threat	Not Applicable
CVE-2025-61726	NONE0	stdlib v1.24.2 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Not Applicable
CVE-2025-61729	NONE0	stdlib v1.24.2 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Not Applicable
CVE-2026-25679	NONE0	stdlib v1.24.2 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Not Applicable
CVE-2026-32280	NONE0	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-32281	NONE0	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-32283	NONE0	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Not Applicable
CVE-2026-33811	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2025-58183	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-61728	NONE0	stdlib v1.24.2 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Not Applicable
CVE-2022-29458	NONE0	ncurses-base 6.2-10.20210508.el9 fixed in 6.2-10.20210508.el9_6.2	1.3% Low-Moderate Risk	Not Applicable
CVE-2022-29458	NONE0	ncurses-libs 6.2-10.20210508.el9 fixed in 6.2-10.20210508.el9_6.2	1.3% Low-Moderate Risk	Not Applicable
CVE-2025-47907	NONE0	stdlib v1.24.2 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Not Applicable
CVE-2025-4673	NONE0	stdlib v1.24.2 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Not Applicable
CVE-2025-5351	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.5% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-base 6.2-10.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2023-50495	NONE0	ncurses-libs 6.2-10.20210508.el9 No fix yet	1.0% Theoretical Threat	Not Applicable
CVE-2025-47906	NONE0	stdlib v1.24.2 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Not Applicable
CVE-2025-61727	NONE0	stdlib v1.24.2 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Not Applicable
CVE-2026-32282	NONE0	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-0964	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.4% Theoretical Threat	Not Applicable
CVE-2026-32289	NONE0	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-0967	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Not Applicable
CVE-2026-32288	NONE0	stdlib v1.24.2 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Not Applicable
CVE-2026-27142	NONE0	stdlib v1.24.2 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-22873	NONE0	stdlib v1.24.2 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Not Applicable
CVE-2025-47912	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-58185	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-58187	NONE0	stdlib v1.24.2 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Not Applicable
CVE-2025-58188	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Not Applicable
CVE-2025-58189	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Not Applicable
CVE-2025-61723	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Not Applicable
CVE-2025-61724	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-61725	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Not Applicable
CVE-2025-61730	NONE0	stdlib v1.24.2 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.24.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2025-58186	NONE0	stdlib v1.24.2 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Not Applicable
CVE-2025-8114	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Not Applicable
CVE-2025-4877	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Not Applicable
CVE-2025-48924	NONE0	commons-lang:commons-lang 2.6 No fix yet	2.2% Low-Moderate Risk	Not Applicable
CVE-2025-4878	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Not Applicable
CVE-2026-0965	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.2% Theoretical Threat	Not Applicable
CVE-2025-8277	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.4% Theoretical Threat	Not Applicable
CVE-2026-0968	NONE0	libssh-config 0.10.4-13.el9 fixed in 0.10.4-18.el9	0.4% Theoretical Threat	Not Applicable
CVE-2026-27139	NONE0	stdlib v1.24.2 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Not Applicable
CVE-2026-8178	NONE0	com.amazon.redshift:redshift-jdbc42 2.1.0.30 fixed in 2.2.2	0.6% Theoretical Threat	Not Applicable
GHSA-72hv-8253-57qq	NONE0	com.fasterxml.jackson.core:jackson-core 2.19.0 fixed in 2.21.1, 2.18.6	—	Not Applicable
CVE-2026-45799	NONE0	com.squareup.wire:wire-runtime-jvm 5.2.1 No fix yet	—	Not Applicable
CVE-2026-50009	NONE0	io.netty:netty-codec-classes-quic 4.2.1.Final fixed in 4.2.15.Final	0.2% Theoretical Threat	Not Applicable
CVE-2026-42583	NONE0	io.netty:netty-codec-compression 4.2.1.Final fixed in 4.2.13.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-42577	NONE0	io.netty:netty-transport-native-epoll 4.2.1.Final fixed in 4.2.13.Final	0.4% Theoretical Threat	Not Applicable
CVE-2026-45205	NONE0	org.apache.commons:commons-configuration2 2.11.0 fixed in 2.15.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-45205	NONE0	org.apache.commons:commons-configuration2 2.8.0 fixed in 2.15.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-33558	NONE0	org.apache.kafka:kafka-clients 4.0.0 fixed in 3.9.2, 4.0.1	0.5% Theoretical Threat	Not Applicable
CVE-2025-59059	NONE0	org.apache.ranger:ranger-plugins-common 2.6.0 fixed in 2.8.0	1.2% Low-Moderate Risk	Not Applicable
CVE-2024-52980	NONE0	org.elasticsearch:elasticsearch 7.17.28 fixed in 8.15.1	0.4% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.24.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.24.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.24.2 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.24.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable