Vulnerability Reportvespaengine/vespa:8.703.17

vespaengine/vespa:8.703.17

DIGESTsha256:1e13f096561edbf354a86b849ad052c9fab6d4573dc31fca40fd876cc8c3f41f

Executive Summary

Threat ScoreSAFE• Image from popular community publisher (vespaengine) with 14M+ pulls and pinned by digest (immutable).• Trust verdict is RELIABLE with high reputation score of 90.• All 4 exposed and 3 post-exploit vulnerabilities are low severity (max 5.5).• No high-severity vulnerabilities (none with CVSS >= 6.0) impact the image.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (14M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. It has 4 exposed and 3 post-exploit vulnerabilities, but all are low severity (max CVSS 5.5) and no high-severity issues. The image comes from a reputable community publisher with a high trust score.

Vulnerabilities

Vulnerability Log

18 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-34459	MEDIUM5.5	libxml2 2.9.7-21.el8_10.4 fixed in 2.9.7-21.el8_10.5	2.3% Low-Moderate Risk	Directly Exposed
CVE-2026-45186	MEDIUM5.1	expat 2.5.0-1.el8_10 fixed in 2.5.0-2.el8_10	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-35568	MEDIUM4.84	io.modelcontextprotocol.sdk:mcp-core 0.18.2 fixed in 1.0.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-35177	LOW3.62	vim-minimal 2:8.0.1763-22.el8_10.3 fixed in 2:8.0.1763-23.el8_10	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	openssl-libs 1:1.1.1k-15.el8_6 fixed in 1:1.1.1k-16.el8_6	1.4% Low-Moderate Risk	Post-Exploit
CVE-2024-4741	LOW2.02	openssl-libs 1:1.1.1k-15.el8_6 fixed in 1:1.1.1k-16.el8_6	2.9% Low-Moderate Risk	Post-Exploit
CVE-2026-33811	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Not Applicable
CVE-2026-33814	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39820	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-39836	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-39826	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-34237	NONE0	io.modelcontextprotocol.sdk:mcp-core 0.18.2 fixed in 1.0.1, 1.1.1, 0.18.3	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable