Vulnerability Reportwazuh/wazuh-manager:4.14.4

wazuh/wazuh-manager:4.14.4
DIGESTsha256:5a065930682d728e3939a3a34b7c9bc28d55b22d3d93c2fe3cc19cf76d67e8e8

Executive Summary

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker can remotely exploit HTTP/2 vulnerabilities (CVE-2023-44487, CVE-2023-45288) to cause denial of service, potentially disabling the Wazuh manager and blinding the security team. Additionally, other high-severity flaws could lead to memory corruption or privilege escalation if triggered. No compensating controls can fully mitigate these risks without updating the container.

Vulnerabilities

Vulnerability Log

266 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2023-44487CRITICAL9.75
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.17.0
100.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2023-45288CRITICAL9.75
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.23.0
92.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-27664HIGH7.5
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.0.0-20220906165146-f3363e06e74c
2.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-41723HIGH7.5
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.7.0
4.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-39325HIGH7.5
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.17.0
3.8%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-32149HIGH7.5
golang.org/x/text
v0.3.2
fixed in 0.3.8
1.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2021-3121MEDIUM6.88
github.com/gogo/protobuf
v1.3.1
fixed in 1.3.2
3.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2020-8559MEDIUM6.8
k8s.io/apimachinery
v0.18.3
fixed in 0.16.13, 0.17.9, 0.18.7
6.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-48864MEDIUM6.63
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-25621MEDIUM6.63
github.com/containerd/containerd
v1.3.3
fixed in 1.7.29
0.1%
Theoretical Threat
Directly Exposed
CVE-2021-41103MEDIUM6.63
github.com/containerd/containerd
v1.3.3
fixed in 1.4.11, 1.5.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-25173MEDIUM6.63
github.com/containerd/containerd
v1.3.3
fixed in 1.5.18, 1.6.18
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-40635MEDIUM6.63
github.com/containerd/containerd
v1.3.3
fixed in 1.7.27, 1.6.38
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-23471MEDIUM6.5
github.com/containerd/containerd
v1.3.3
fixed in 1.5.16, 1.6.12
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-33811MEDIUM6.38
libcap
2.73-1.amzn2023.0.6
fixed in 2.73-1.amzn2023.0.7
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
libcap
2.73-1.amzn2023.0.6
fixed in 2.73-1.amzn2023.0.7
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
libcap
2.73-1.amzn2023.0.6
fixed in 2.73-1.amzn2023.0.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-41989MEDIUM6.38
libgcrypt
1.10.2-1.amzn2023.0.2
fixed in 1.10.2-1.amzn2023.0.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
libnghttp2
1.59.0-3.amzn2023.0.1
fixed in 1.59.0-3.amzn2023.0.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
openssl-libs
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-3644MEDIUM6.38
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4224MEDIUM6.38
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32597MEDIUM6.38
PyJWT
2.10.1
fixed in 2.12.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-30922MEDIUM6.38
pyasn1
0.4.8
fixed in 0.6.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-44432MEDIUM6.38
urllib3
2.6.3
fixed in 2.7.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-65637MEDIUM6.38
github.com/sirupsen/logrus
v1.4.2
fixed in 1.8.3, 1.9.1, 1.9.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-43565MEDIUM6.38
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.0.0-20211202192323-5770296d904e
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22869MEDIUM6.38
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.35.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22868MEDIUM6.38
golang.org/x/oauth2
v0.0.0-20200107190931-bf48bf16ab8d
fixed in 0.27.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2021-21334MEDIUM6.3
github.com/containerd/containerd
v1.3.3
fixed in 1.4.4, 1.3.10
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-32760MEDIUM6.3
github.com/containerd/containerd
v1.3.3
fixed in 1.4.8, 1.5.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2026-48526MEDIUM6.29
PyJWT
2.10.1
fixed in 2.13.0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33186MEDIUM6.18
google.golang.org/grpc
v1.29.1
fixed in 1.79.3
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-1299MEDIUM6.03
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-4786MEDIUM6.03
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2021-33194MEDIUM6
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.0.0-20210520170846-37e1c6afe023
7.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2021-38561MEDIUM6
golang.org/x/text
v0.3.2
fixed in 0.3.7
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2020-14040MEDIUM6
golang.org/x/text
v0.3.2
fixed in 0.3.3
1.9%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2019-19794MEDIUM5.9
github.com/miekg/dns
v1.1.15
fixed in 1.1.25
2.1%
Low-Moderate Risk
Directly Exposed
CVE-2021-31525MEDIUM5.9
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.0.0-20210428140749-89ef3d95e781
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-24786MEDIUM5.9
google.golang.org/protobuf
v1.23.0
fixed in 1.33.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2026-9149MEDIUM5.52
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9150MEDIUM5.52
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
openssl-libs
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-26007MEDIUM5.52
cryptography
44.0.1
fixed in 46.0.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-48710MEDIUM5.52
starlette
0.49.1
fixed in 1.0.1
0.9%
Theoretical Threat
Directly Exposed
CVE-2023-2253MEDIUM5.52
github.com/docker/distribution
v2.7.1+incompatible
fixed in 2.8.2-beta.1
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.38.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6100MEDIUM5.5
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2022-41717MEDIUM5.3
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.4.0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-29526MEDIUM5.3
golang.org/x/sys
v0.0.0-20200625212154-ddb9806d33ae
fixed in 0.0.0-20220412211240-33da011f77ad
2.1%
Low-Moderate Risk
Directly Exposed
CVE-2020-15257MEDIUM5.2
github.com/containerd/containerd
v1.3.3
fixed in 1.3.9, 1.4.3
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-6019MEDIUM5.18
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.6
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-3978MEDIUM5.18
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.13.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-40355MEDIUM5.02
krb5-libs
1.21.3-6.amzn2023.0.1
fixed in 1.21.3-7.amzn2023.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40356MEDIUM5.02
krb5-libs
1.21.3-6.amzn2023.0.1
fixed in 1.21.3-7.amzn2023.0.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
openssl-libs
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-48524MEDIUM5.02
PyJWT
2.10.1
fixed in 2.13.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40347MEDIUM5.02
python-multipart
0.0.22
fixed in 0.0.26
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25645MEDIUM4.67
requests
2.32.4
fixed in 2.33.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2022-31030MEDIUM4.67
github.com/containerd/containerd
v1.3.3
fixed in 1.5.13, 1.6.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-25153MEDIUM4.67
github.com/containerd/containerd
v1.3.3
fixed in 1.5.18, 1.6.18
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-64329MEDIUM4.67
github.com/containerd/containerd
v1.3.3
fixed in 1.7.29
0.1%
Theoretical Threat
Directly Exposed
CVE-2020-8565MEDIUM4.67
k8s.io/client-go
v0.18.3
fixed in 0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
libcap
2.73-1.amzn2023.0.6
fixed in 2.73-1.amzn2023.0.7
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-48523MEDIUM4.59
PyJWT
2.10.1
fixed in 2.13.0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
glibc
2.34-231.amzn2023.0.3
fixed in 2.34-231.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
glibc-common
2.34-231.amzn2023.0.3
fixed in 2.34-231.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
glibc-minimal-langpack
2.34-231.amzn2023.0.3
fixed in 2.34-231.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-48525MEDIUM4.5
PyJWT
2.10.1
fixed in 2.13.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27199MEDIUM4.5
Werkzeug
3.1.5
fixed in 3.1.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-34073MEDIUM4.5
cryptography
44.0.1
fixed in 46.0.6
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45409MEDIUM4.5
idna
3.7
fixed in 3.15
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-44431MEDIUM4.5
urllib3
2.6.3
fixed in 2.7.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-10543MEDIUM4.5
github.com/eclipse/paho.mqtt.golang
v1.2.1-0.20200121105743-0d940dd29fd2
fixed in 1.5.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-15282MEDIUM4.08
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-0672MEDIUM4.08
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-11468LOW3.82
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-0865LOW3.82
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
golang.org/x/net
v0.0.0-20200202094626-16171245cfb2
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-48522LOW3.57
PyJWT
2.10.1
fixed in 2.13.0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3805LOW3.21
curl-minimal
8.17.0-1.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.3
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
libcurl-minimal
8.17.0-1.amzn2023.0.1
fixed in 8.17.0-1.amzn2023.0.3
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-6019LOW3.11
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.6
0.2%
Theoretical Threat
Post-Exploit
CVE-2022-23648LOW3.1
github.com/containerd/containerd
v1.3.3
fixed in 1.4.13, 1.5.10, 1.6.1
27.4%
High Exploitation Risk
Post-Exploit
CVE-2026-31790LOW3.01
openssl
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
1.0%
Theoretical Threat
Post-Exploit
CVE-2026-6357LOW2.96
python3-pip-wheel
21.3.1-2.amzn2023.0.16
fixed in 21.3.1-2.amzn2023.0.19
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-6357LOW2.96
pip
23.3.2
fixed in 26.1
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.31.0
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-4519LOW2.8
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2297LOW2.8
python3-libs
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-48795LOW2.76
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.17.0, 0.0.0-20231218163308-9d2ee975ef9f
93.3%
Actively Exploited
Post-Exploit
CVE-2026-48863LOW2.7
libsolv
0.7.22-1.amzn2023.0.2
fixed in 0.7.22-1.amzn2023.0.4
Post-Exploit
CVE-2020-29652LOW2.7
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.0.0-20201216223049-8b5274cf687f
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-27191LOW2.7
golang.org/x/crypto
v0.0.0-20200510223506-06a226fb4e37
fixed in 0.0.0-20220314234659-1baeb1ce4c0b
3.9%
Low-Moderate Risk
Post-Exploit
CVE-2025-8869LOW2.7
pip
23.3.2
fixed in 25.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-3219LOW2.55
pip
23.3.2
fixed in 26.1
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
openssl
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
openssl-fips-provider-latest
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
openssl-libs
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-6100LOW2.48
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-15282LOW2.45
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-0672LOW2.45
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
openssl
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
openssl
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28390LOW2.29
openssl
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.4
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-3644LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-4224LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-11468LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-0865LOW2.29
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-1299LOW2.17
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-4786LOW2.17
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.5
0.2%
Theoretical Threat
Post-Exploit
CVE-2021-22133LOW2.04
go.elastic.co/apm
v1.8.1-0.20200909061013-2aef45b9cf4b
fixed in 1.11.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-2673LOW1.99
openssl
1:3.2.2-1.amzn2023.0.5
fixed in 1:3.5.5-1.amzn2023.0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-1703LOW1.99
python3-pip-wheel
21.3.1-2.amzn2023.0.16
fixed in 21.3.1-2.amzn2023.0.17
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-1703LOW1.99
pip
23.3.2
fixed in 26.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-4519LOW1.68
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-2297LOW1.68
python3
3.9.25-1.amzn2023.0.3
fixed in 3.9.25-1.amzn2023.0.4
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-68121NONE0
stdlib
v1.14.12
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Not Applicable
CVE-2023-24538NONE0
stdlib
v1.14.12
fixed in 1.19.8, 1.20.3
2.3%
Low-Moderate Risk
Not Applicable
CVE-2023-24540NONE0
stdlib
v1.14.12
fixed in 1.19.9, 1.20.4
1.6%
Low-Moderate Risk
Not Applicable
CVE-2024-24790NONE0
stdlib
v1.14.12
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Not Applicable
CVE-2022-23806NONE0
stdlib
v1.14.12
fixed in 1.16.14, 1.17.7
3.0%
Low-Moderate Risk
Not Applicable
CVE-2022-30580NONE0
stdlib
v1.14.12
fixed in 1.17.11, 1.18.3
0.6%
Theoretical Threat
Not Applicable
CVE-2023-29403NONE0
stdlib
v1.14.12
fixed in 1.19.10, 1.20.5
0.4%
Theoretical Threat
Not Applicable
CVE-2021-27918NONE0
stdlib
v1.14.12
fixed in 1.15.9, 1.16.1
2.5%
Low-Moderate Risk
Not Applicable
CVE-2021-33196NONE0
stdlib
v1.14.12
fixed in 1.15.13, 1.16.5
3.5%
Low-Moderate Risk
Not Applicable
CVE-2021-33198NONE0
stdlib
v1.14.12
fixed in 1.15.13, 1.16.5
3.4%
Low-Moderate Risk
Not Applicable
CVE-2021-39293NONE0
stdlib
v1.14.12
fixed in 1.16.8, 1.17.1
6.9%
Low-Moderate Risk
Not Applicable
CVE-2021-41771NONE0
stdlib
v1.14.12
fixed in 1.16.10, 1.17.3
4.4%
Low-Moderate Risk
Not Applicable
CVE-2021-41772NONE0
stdlib
v1.14.12
fixed in 1.16.10, 1.17.3
3.1%
Low-Moderate Risk
Not Applicable
CVE-2021-44716NONE0
stdlib
v1.14.12
fixed in 1.16.12, 1.17.5
4.0%
Low-Moderate Risk
Not Applicable
CVE-2022-23772NONE0
stdlib
v1.14.12
fixed in 1.16.14, 1.17.7
2.8%
Low-Moderate Risk
Not Applicable
CVE-2022-24675NONE0
stdlib
v1.14.12
fixed in 1.17.9, 1.18.1
5.3%
Low-Moderate Risk
Not Applicable
CVE-2022-24921NONE0
stdlib
v1.14.12
fixed in 1.16.15, 1.17.8
3.2%
Low-Moderate Risk
Not Applicable
CVE-2022-27664NONE0
stdlib
v1.14.12
fixed in 1.18.6, 1.19.1
2.4%
Low-Moderate Risk
Not Applicable
CVE-2022-28131NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.9%
Low-Moderate Risk
Not Applicable
CVE-2022-28327NONE0
stdlib
v1.14.12
fixed in 1.17.9, 1.18.1
3.9%
Low-Moderate Risk
Not Applicable
CVE-2022-2879NONE0
stdlib
v1.14.12
fixed in 1.18.7, 1.19.2
1.6%
Low-Moderate Risk
Not Applicable
CVE-2022-2880NONE0
stdlib
v1.14.12
fixed in 1.18.7, 1.19.2
1.1%
Low-Moderate Risk
Not Applicable
CVE-2022-29804NONE0
stdlib
v1.14.12
fixed in 1.17.11, 1.18.3
1.9%
Low-Moderate Risk
Not Applicable
CVE-2022-30630NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Not Applicable
CVE-2022-30631NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Not Applicable
CVE-2022-30632NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Not Applicable
CVE-2022-30633NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Not Applicable
CVE-2022-30634NONE0
stdlib
v1.14.12
fixed in 1.17.11, 1.18.3
1.6%
Low-Moderate Risk
Not Applicable
CVE-2022-30635NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.4%
Low-Moderate Risk
Not Applicable
CVE-2022-32189NONE0
stdlib
v1.14.12
fixed in 1.17.13, 1.18.5
2.0%
Low-Moderate Risk
Not Applicable
CVE-2022-41715NONE0
stdlib
v1.14.12
fixed in 1.18.7, 1.19.2
1.3%
Low-Moderate Risk
Not Applicable
CVE-2022-41716NONE0
stdlib
v1.14.12
fixed in 1.18.8, 1.19.3
0.8%
Theoretical Threat
Not Applicable
CVE-2022-41720NONE0
stdlib
v1.14.12
fixed in 1.18.9, 1.19.4
1.2%
Low-Moderate Risk
Not Applicable
CVE-2022-41722NONE0
stdlib
v1.14.12
fixed in 1.19.6, 1.20.1
1.7%
Low-Moderate Risk
Not Applicable
CVE-2022-41723NONE0
stdlib
v1.14.12
fixed in 1.19.6, 1.20.1
4.6%
Low-Moderate Risk
Not Applicable
CVE-2022-41724NONE0
stdlib
v1.14.12
fixed in 1.19.6, 1.20.1
1.1%
Low-Moderate Risk
Not Applicable
CVE-2022-41725NONE0
stdlib
v1.14.12
fixed in 1.19.6, 1.20.1
1.2%
Low-Moderate Risk
Not Applicable
CVE-2023-24534NONE0
stdlib
v1.14.12
fixed in 1.19.8, 1.20.3
1.9%
Low-Moderate Risk
Not Applicable
CVE-2023-24536NONE0
stdlib
v1.14.12
fixed in 1.19.8, 1.20.3
1.5%
Low-Moderate Risk
Not Applicable
CVE-2023-24537NONE0
stdlib
v1.14.12
fixed in 1.19.8, 1.20.3
1.4%
Low-Moderate Risk
Not Applicable
CVE-2023-39325NONE0
stdlib
v1.14.12
fixed in 1.20.10, 1.21.3
3.8%
Low-Moderate Risk
Not Applicable
CVE-2023-45283NONE0
stdlib
v1.14.12
fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5
2.8%
Low-Moderate Risk
Not Applicable
CVE-2023-45287NONE0
stdlib
v1.14.12
fixed in 1.20.0
1.3%
Low-Moderate Risk
Not Applicable
CVE-2023-45288NONE0
stdlib
v1.14.12
fixed in 1.21.9, 1.22.2
92.0%
Actively Exploited
Not Applicable
CVE-2024-34156NONE0
stdlib
v1.14.12
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Not Applicable
CVE-2025-61726NONE0
stdlib
v1.14.12
fixed in 1.24.12, 1.25.6
0.8%
Theoretical Threat
Not Applicable
CVE-2025-61729NONE0
stdlib
v1.14.12
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Not Applicable
CVE-2026-25679NONE0
stdlib
v1.14.12
fixed in 1.25.8, 1.26.1
0.5%
Theoretical Threat
Not Applicable
CVE-2026-32280NONE0
stdlib
v1.14.12
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-32281NONE0
stdlib
v1.14.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32283NONE0
stdlib
v1.14.12
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-33811NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Not Applicable
CVE-2026-33814NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-39820NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-39836NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2025-58183NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-61728NONE0
stdlib
v1.14.12
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Not Applicable
CVE-2021-33195NONE0
stdlib
v1.14.12
fixed in 1.15.13, 1.16.5
3.1%
Low-Moderate Risk
Not Applicable
CVE-2023-24539NONE0
stdlib
v1.14.12
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Not Applicable
CVE-2023-29400NONE0
stdlib
v1.14.12
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Not Applicable
CVE-2025-47907NONE0
stdlib
v1.14.12
fixed in 1.23.12, 1.24.6
0.3%
Theoretical Threat
Not Applicable
CVE-2025-4673NONE0
stdlib
v1.14.12
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Not Applicable
CVE-2021-3114NONE0
stdlib
v1.14.12
fixed in 1.14.14, 1.15.7
2.6%
Low-Moderate Risk
Not Applicable
CVE-2021-34558NONE0
stdlib
v1.14.12
fixed in 1.15.14, 1.16.6
7.0%
Low-Moderate Risk
Not Applicable
CVE-2022-1705NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.1%
Low-Moderate Risk
Not Applicable
CVE-2022-32148NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
1.1%
Low-Moderate Risk
Not Applicable
CVE-2023-29406NONE0
stdlib
v1.14.12
fixed in 1.19.11, 1.20.6
1.3%
Low-Moderate Risk
Not Applicable
CVE-2024-24785NONE0
stdlib
v1.14.12
fixed in 1.21.8, 1.22.1
0.8%
Theoretical Threat
Not Applicable
CVE-2025-47906NONE0
stdlib
v1.14.12
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Not Applicable
CVE-2025-61727NONE0
stdlib
v1.14.12
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32282NONE0
stdlib
v1.14.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2023-39318NONE0
stdlib
v1.14.12
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Not Applicable
CVE-2023-39319NONE0
stdlib
v1.14.12
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Not Applicable
CVE-2026-32289NONE0
stdlib
v1.14.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2021-31525NONE0
stdlib
v1.14.12
fixed in 1.15.12, 1.16.4
3.7%
Low-Moderate Risk
Not Applicable
CVE-2021-36221NONE0
stdlib
v1.14.12
fixed in 1.15.15, 1.16.7
3.1%
Low-Moderate Risk
Not Applicable
CVE-2024-24783NONE0
stdlib
v1.14.12
fixed in 1.21.8, 1.22.1
0.7%
Theoretical Threat
Not Applicable
CVE-2024-24791NONE0
stdlib
v1.14.12
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Not Applicable
CVE-2024-34155NONE0
stdlib
v1.14.12
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Not Applicable
CVE-2024-34158NONE0
stdlib
v1.14.12
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Not Applicable
CVE-2024-45336NONE0
stdlib
v1.14.12
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Not Applicable
CVE-2022-1962NONE0
stdlib
v1.14.12
fixed in 1.17.12, 1.18.4
0.9%
Theoretical Threat
Not Applicable
CVE-2024-24789NONE0
stdlib
v1.14.12
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Not Applicable
CVE-2026-32288NONE0
stdlib
v1.14.12
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2024-24784NONE0
stdlib
v1.14.12
fixed in 1.21.8, 1.22.1
1.0%
Low-Moderate Risk
Not Applicable
CVE-2025-22871NONE0
stdlib
v1.14.12
fixed in 1.23.8, 1.24.2
0.7%
Theoretical Threat
Not Applicable
CVE-2026-27142NONE0
stdlib
v1.14.12
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39826NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2021-33197NONE0
stdlib
v1.14.12
fixed in 1.15.13, 1.16.5
2.3%
Low-Moderate Risk
Not Applicable
CVE-2022-29526NONE0
stdlib
v1.14.12
fixed in 1.17.10, 1.18.2
2.1%
Low-Moderate Risk
Not Applicable
CVE-2022-41717NONE0
stdlib
v1.14.12
fixed in 1.18.9, 1.19.4
5.6%
Low-Moderate Risk
Not Applicable
CVE-2023-24532NONE0
stdlib
v1.14.12
fixed in 1.19.7, 1.20.2
0.8%
Theoretical Threat
Not Applicable
CVE-2023-29409NONE0
stdlib
v1.14.12
fixed in 1.19.12, 1.20.7, 1.21.0-rc.4
1.3%
Low-Moderate Risk
Not Applicable
CVE-2023-39326NONE0
stdlib
v1.14.12
fixed in 1.20.12, 1.21.5
1.2%
Low-Moderate Risk
Not Applicable
CVE-2023-45284NONE0
stdlib
v1.14.12
fixed in 1.20.11, 1.21.4
0.9%
Theoretical Threat
Not Applicable
CVE-2023-45289NONE0
stdlib
v1.14.12
fixed in 1.21.8, 1.22.1
1.1%
Low-Moderate Risk
Not Applicable
CVE-2023-45290NONE0
stdlib
v1.14.12
fixed in 1.21.8, 1.22.1
1.2%
Low-Moderate Risk
Not Applicable
CVE-2025-22866NONE0
stdlib
v1.14.12
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-22873NONE0
stdlib
v1.14.12
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Not Applicable
CVE-2025-47912NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58185NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-58187NONE0
stdlib
v1.14.12
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58188NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.3%
Theoretical Threat
Not Applicable
CVE-2025-58189NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-61723NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61724NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-61725NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61730NONE0
stdlib
v1.14.12
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Not Applicable
CVE-2025-58186NONE0
stdlib
v1.14.12
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2021-44717NONE0
stdlib
v1.14.12
fixed in 1.16.12, 1.17.5
1.9%
Low-Moderate Risk
Not Applicable
CVE-2025-22870NONE0
stdlib
v1.14.12
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Not Applicable
CVE-2024-45341NONE0
stdlib
v1.14.12
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.4%
Theoretical Threat
Not Applicable
CVE-2022-30629NONE0
stdlib
v1.14.12
fixed in 1.17.11, 1.18.3
0.9%
Theoretical Threat
Not Applicable
CVE-2026-27139NONE0
stdlib
v1.14.12
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
libcap
2.73-1.amzn2023.0.6
fixed in 2.73-1.amzn2023.0.7
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
libcap
2.73-1.amzn2023.0.6
fixed in 2.73-1.amzn2023.0.7
0.6%
Theoretical Threat
Not Applicable
GHSA-537c-gmf6-5ccfNONE0
cryptography
44.0.1
fixed in 48.0.1
Not Applicable
CVE-2026-42561NONE0
python-multipart
0.0.22
fixed in 0.0.27
0.3%
Theoretical Threat
Not Applicable
CVE-2026-53539NONE0
python-multipart
0.0.22
fixed in 0.0.30
Not Applicable
CVE-2026-53537NONE0
python-multipart
0.0.22
fixed in 0.0.30
Not Applicable
CVE-2026-53538NONE0
python-multipart
0.0.22
fixed in 0.0.30
Not Applicable
CVE-2026-53540NONE0
python-multipart
0.0.22
fixed in 0.0.31
Not Applicable
CVE-2026-48818NONE0
starlette
0.49.1
fixed in 1.1.0
Not Applicable
CVE-2026-54283NONE0
starlette
0.49.1
fixed in 1.3.1
Not Applicable
CVE-2026-48817NONE0
starlette
0.49.1
fixed in 1.1.0
Not Applicable
CVE-2026-54282NONE0
starlette
0.49.1
fixed in 1.3.0
Not Applicable
GHSA-7ww5-4wqc-m92cNONE0
github.com/containerd/containerd
v1.3.3
fixed in 1.6.26, 1.7.11
Not Applicable
GHSA-5j5w-g665-5m35NONE0
github.com/containerd/containerd
v1.3.3
fixed in 1.4.12, 1.5.8
Not Applicable
GHSA-c9cp-9c75-9v8cNONE0
github.com/containerd/containerd
v1.3.3
fixed in 1.5.11, 1.6.2
Not Applicable
GHSA-qq97-vm5h-rrhgNONE0
github.com/docker/distribution
v2.7.1+incompatible
fixed in 2.8.0
Not Applicable
GHSA-77vh-xpmg-72qhNONE0
github.com/opencontainers/image-spec
v1.0.2-0.20190823105129-775207bd45b6
fixed in 1.0.2
Not Applicable
GHSA-m425-mq94-257gNONE0
google.golang.org/grpc
v1.29.1
fixed in 1.56.3, 1.57.1, 1.58.3
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.14.12
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.14.12
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.14.12
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.14.12
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.14.12
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable