Vulnerability Reportvespaengine/vespa:8.702.91

vespaengine/vespa:8.702.91

DIGESTsha256:48a32d8510fe621c596cfb7a09bbe14dd5aee6e2fc40dd16a444aec93f08a518

Executive Summary

Threat ScoreSAFE• Vulnerability severity low (max 5.5); no high-severity issues• No exposed or post-exploit findings beyond low severity• High community trust (90/100, 14M+ pulls) and pinned by digest

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (14M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. While it contains 4 exposed and 3 post-exploit vulnerabilities, all are low severity (max 5.5) and no exploitable CVEs are present. The image has a strong reputation with over 14 million pulls and is pinned by digest for immutability.

Vulnerabilities

Vulnerability Log

18 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-34459	MEDIUM5.5	libxml2 2.9.7-21.el8_10.4 fixed in 2.9.7-21.el8_10.5	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-45186	MEDIUM5.1	expat 2.5.0-1.el8_10 fixed in 2.5.0-2.el8_10	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-35568	MEDIUM4.84	io.modelcontextprotocol.sdk:mcp-core 0.18.2 fixed in 1.0.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-35177	LOW3.62	vim-minimal 2:8.0.1763-22.el8_10.3 fixed in 2:8.0.1763-23.el8_10	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl-libs 1:1.1.1k-15.el8_6 fixed in 1:1.1.1k-16.el8_6	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-4741	LOW2.02	openssl-libs 1:1.1.1k-15.el8_6 fixed in 1:1.1.1k-16.el8_6	2.9% Low-Moderate Risk	Post-Exploit
CVE-2026-33811	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-34237	NONE0	io.modelcontextprotocol.sdk:mcp-core 0.18.2 fixed in 1.0.1, 1.1.1, 0.18.3	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable