Vulnerability Reporttwinproduction/gatus:v5.36.0

twinproduction/gatus:stabletwinproduction/gatus:v5.36.0

DIGESTsha256:c5f210d095fa78e6efaa20ffeb14803f2ba4f10615e16a6d12087697149617f0

Executive Summary

Threat ScoreSAFE• Threat score of 0 on 0-100 scale indicates negligible risk• Image is pinned by digest, offering immutability and traceability• High reputation community image with 59M+ pulls and reliable trust verdict• All 18 exposed surface vulnerabilities are low severity (max CVSS 0.0), with no impact on production workloads• Post-exploit findings are limited to low severity (max CVSS 2.69) and do not affect the attack surface

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (59M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. While the scan reports 18 exposed surface and 9 post-exploit-only findings, all are low severity with a maximum CVSS score of 0.0 and 2.69 respectively, posing no practical risk in typical deployments. The image benefits from high community reputation, immutable digest pinning, and a pre-calculated threat score of 0, confirming its suitability for production.

Vulnerabilities

Vulnerability Log

27 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39828	LOW2.69	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39821	LOW2.51	golang.org/x/net v0.54.0 fixed in 0.55.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39829	LOW2.29	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39830	LOW2.29	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42508	LOW2.26	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46595	LOW2.17	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33813	LOW1.99	golang.org/x/image v0.40.0 fixed in 0.42.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-46598	LOW1.62	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42507	LOW1.62	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39827	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.51.0 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-42500	NONE0	golang.org/x/image v0.40.0 fixed in 0.41.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-46599	NONE0	golang.org/x/image v0.40.0 fixed in 0.41.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-46601	NONE0	golang.org/x/image v0.40.0 fixed in 0.43.0	—	Not Applicable
CVE-2026-46602	NONE0	golang.org/x/image v0.40.0 fixed in 0.43.0	—	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.54.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.54.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.54.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.54.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.54.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable