0 critical · 37 high · 67 medium · 21 low · 125 total (deduped by CVE)
Image datagrok/grok_connect:bleeding-edge · digest sha256:6649cc5eaf3ad5be84c6b86b082bf3f3a9f3be753102c6ac00304fc7d61142b4
| Vulnerability | Severity | Package | Installed | Fixed in | CVSS | Description |
|---|---|---|---|---|---|---|
| CVE-2021-35515 | HIGH | org.apache.commons:commons-compress | 1.20 | 1.21 | 7.5 | CVE-2021-35515 |
| CVE-2021-35516 | HIGH | org.apache.commons:commons-compress | 1.20 | 1.21 | 7.5 | CVE-2021-35516 |
| CVE-2021-35517 | HIGH | org.apache.commons:commons-compress | 1.20 | 1.21 | 7.5 | CVE-2021-35517 |
| CVE-2021-36090 | HIGH | org.apache.commons:commons-compress | 1.20 | 1.21 | 7.5 | CVE-2021-36090 |
| CVE-2021-39239 | HIGH | org.apache.jena:jena-core | 3.17.0 | 4.2.0 | 7.5 | CVE-2021-39239 |
| CVE-2023-1370 | HIGH | net.minidev:json-smart | 2.4.7 | 2.4.9 | 7.5 | CVE-2023-1370 |
| CVE-2024-21634 | HIGH | software.amazon.ion:ion-java | 1.0.2 | — | 7.5 | CVE-2024-21634 |
| CVE-2024-47554 | HIGH | commons-io:commons-io | 2.11.0 | 2.14.0 | 4.3 | CVE-2024-47554 |
| CVE-2024-7254 | HIGH | com.google.protobuf:protobuf-java | 3.21.12 | 3.25.5 | 7.5 | CVE-2024-7254 |
| CVE-2024-7254 | HIGH | com.google.protobuf:protobuf-java | 3.21.9 | 3.25.5 | 7.5 | CVE-2024-7254 |
| CVE-2025-24970 | HIGH | io.netty:netty-handler | 4.1.94.Final | 4.1.118.Final | 7.5 | CVE-2025-24970 |
| CVE-2025-48734 | HIGH | commons-beanutils:commons-beanutils | 1.9.4 | 1.11.0 | 8.8 | CVE-2025-48734 |
| CVE-2025-52999 | HIGH | com.fasterxml.jackson.core:jackson-core | 2.13.4 | 2.15.0 | CVE-2025-52999 | |
| CVE-2025-52999 | HIGH | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | CVE-2025-52999 | |
| CVE-2025-52999 | HIGH | com.fasterxml.jackson.core:jackson-core | 2.14.1 | 2.15.0 | CVE-2025-52999 | |
| CVE-2025-55163 | HIGH | io.netty:netty-codec-http2 | 4.1.101.Final | 4.1.124.Final | 7.5 | CVE-2025-55163 |
| CVE-2025-59419 | HIGH | io.netty:netty-codec-smtp | 4.1.101.Final | 4.1.128.Final | CVE-2025-59419 | |
| CVE-2026-2332 | HIGH | org.eclipse.jetty:jetty-http | 9.4.57.v20241219 | — | 9.1 | CVE-2026-2332 |
| CVE-2026-33870 | HIGH | io.netty:netty-codec-http | 4.1.101.Final | 4.1.132.Final | 7.5 | CVE-2026-33870 |
| CVE-2026-33871 | HIGH | io.netty:netty-codec-http2 | 4.1.101.Final | 4.1.132.Final | 7.5 | CVE-2026-33871 |
| CVE-2026-42579 | HIGH | io.netty:netty-codec-dns | 4.1.101.Final | 4.1.133.Final | 9.1 | CVE-2026-42579 |
| CVE-2026-42583 | HIGH | io.netty:netty-codec | 4.1.94.Final | 4.1.133.Final | 7.5 | CVE-2026-42583 |
| CVE-2026-42584 | HIGH | io.netty:netty-codec-http | 4.1.101.Final | 4.1.133.Final | 9.1 | CVE-2026-42584 |
| CVE-2026-42587 | HIGH | io.netty:netty-codec-http | 4.1.101.Final | 4.1.133.Final | 7.5 | CVE-2026-42587 |
| CVE-2026-42587 | HIGH | io.netty:netty-codec-http2 | 4.1.101.Final | 4.1.133.Final | 7.5 | CVE-2026-42587 |
| CVE-2026-44249 | HIGH | io.netty:netty-handler | 4.1.94.Final | 4.1.135.Final | 8.1 | CVE-2026-44249 |
| CVE-2026-44250 | HIGH | io.netty:netty-codec-redis | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-44250 |
| CVE-2026-44890 | HIGH | io.netty:netty-codec-redis | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-44890 |
| CVE-2026-44893 | HIGH | io.netty:netty-codec-haproxy | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-44893 |
| CVE-2026-45416 | HIGH | io.netty:netty-handler | 4.1.94.Final | 4.1.135.Final | 7.5 | CVE-2026-45416 |
| CVE-2026-45674 | HIGH | io.netty:netty-resolver-dns | 4.1.101.Final | 4.1.135.Final | 10 | CVE-2026-45674 |
| CVE-2026-46340 | HIGH | io.netty:netty-transport-sctp | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-46340 |
| CVE-2026-47691 | HIGH | io.netty:netty-resolver-dns | 4.1.101.Final | 4.1.135.Final | 10 | CVE-2026-47691 |
| CVE-2026-48006 | HIGH | io.netty:netty-codec-redis | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-48006 |
| CVE-2026-48059 | HIGH | io.netty:netty-codec-haproxy | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-48059 |
| CVE-2026-50010 | HIGH | io.netty:netty-handler | 4.1.94.Final | 4.1.135.Final | 7.5 | CVE-2026-50010 |
| CVE-2026-50011 | HIGH | io.netty:netty-codec-redis | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-50011 |
| CVE-2026-54512 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | 2.18.8 | 8.1 | CVE-2026-54512 |
| CVE-2026-54512 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.14.0 | 2.18.8 | 8.1 | CVE-2026-54512 |
| CVE-2026-54512 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.14.1 | 2.18.8 | 8.1 | CVE-2026-54512 |
| CVE-2026-54512 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.16.0 | 2.18.8 | 8.1 | CVE-2026-54512 |
| CVE-2026-54513 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | 2.18.8 | 8.1 | CVE-2026-54513 |
| CVE-2026-54513 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.14.0 | 2.18.8 | 8.1 | CVE-2026-54513 |
| CVE-2026-54513 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.14.1 | 2.18.8 | 8.1 | CVE-2026-54513 |
| CVE-2026-54513 | HIGH | com.fasterxml.jackson.core:jackson-databind | 2.16.0 | 2.18.8 | 8.1 | CVE-2026-54513 |
| GHSA-2r2c-cx56-8933 | HIGH | org.jline:jline-remote-telnet | 3.22.0 | 4.2.1 | GHSA-2r2c-cx56-8933 | |
| GHSA-47qp-hqvx-6r3f | HIGH | org.jline:jline-remote-telnet | 3.22.0 | 4.2.1 | GHSA-47qp-hqvx-6r3f | |
| CVE-2021-31879 | MEDIUM | wget | 1.21.2-2ubuntu1.1 | — | 6.1 | CVE-2021-31879 |
| CVE-2023-2976 | MEDIUM | com.google.guava:guava | 31.1-jre | 32.0.0-android | 7.1 | CVE-2023-2976 |
| CVE-2024-12798 | MEDIUM | ch.qos.logback:logback-core | 1.2.13 | 1.3.15 | CVE-2024-12798 | |
| CVE-2024-23944 | MEDIUM | org.apache.zookeeper:zookeeper | 3.7.2 | — | 5.3 | CVE-2024-23944 |
| CVE-2024-25710 | MEDIUM | org.apache.commons:commons-compress | 1.20 | 1.26.0 | 5.5 | CVE-2024-25710 |
| CVE-2024-29025 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.108.Final | 5.3 | CVE-2024-29025 |
| CVE-2024-29131 | MEDIUM | org.apache.commons:commons-configuration2 | 2.9.0 | 2.10.1 | 7.3 | CVE-2024-29131 |
| CVE-2024-29133 | MEDIUM | org.apache.commons:commons-configuration2 | 2.9.0 | 2.10.1 | 5.4 | CVE-2024-29133 |
| CVE-2024-47535 | MEDIUM | io.netty:netty-common | 4.1.86.Final | 4.1.115.Final | 5.5 | CVE-2024-47535 |
| CVE-2024-47535 | MEDIUM | io.netty:netty-common | 4.1.94.Final | 4.1.115.Final | 5.5 | CVE-2024-47535 |
| CVE-2024-6763 | MEDIUM | org.eclipse.jetty:jetty-http | 9.4.57.v20241219 | 12.0.12 | 5.3 | CVE-2024-6763 |
| CVE-2025-11226 | MEDIUM | ch.qos.logback:logback-core | 1.2.13 | 1.3.16 | CVE-2025-11226 | |
| CVE-2025-15649 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 5.5 | CVE-2025-15649 |
| CVE-2025-25193 | MEDIUM | io.netty:netty-common | 4.1.86.Final | 4.1.118.Final | 5.5 | CVE-2025-25193 |
| CVE-2025-25193 | MEDIUM | io.netty:netty-common | 4.1.94.Final | 4.1.118.Final | 5.5 | CVE-2025-25193 |
| CVE-2025-48924 | MEDIUM | commons-lang:commons-lang | 2.4 | — | 5.3 | CVE-2025-48924 |
| CVE-2025-48924 | MEDIUM | commons-lang:commons-lang | 2.6 | — | 5.3 | CVE-2025-48924 |
| CVE-2025-48924 | MEDIUM | org.apache.commons:commons-lang3 | 3.12.0 | 3.18.0 | 5.3 | CVE-2025-48924 |
| CVE-2025-53864 | MEDIUM | com.nimbusds:nimbus-jose-jwt | 9.37.2 | 9.37.4 | CVE-2025-53864 | |
| CVE-2025-58057 | MEDIUM | io.netty:netty-codec | 4.1.94.Final | 4.1.125.Final | 7.5 | CVE-2025-58057 |
| CVE-2025-67735 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.129.Final | 6.5 | CVE-2025-67735 |
| CVE-2025-68161 | MEDIUM | org.apache.logging.log4j:log4j-core | 2.17.1 | 2.25.3 | 4.8 | CVE-2025-68161 |
| CVE-2025-68161 | MEDIUM | org.apache.logging.log4j:log4j-core | 2.20.0 | 2.25.3 | 4.8 | CVE-2025-68161 |
| CVE-2026-11850 | MEDIUM | krb5 | 1.19.2-2ubuntu0.7 | — | 5 | CVE-2026-11850 |
| CVE-2026-12087 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 9.1 | CVE-2026-12087 |
| CVE-2026-13595 | MEDIUM | util-linux | 2.37.2-4ubuntu3.5 | — | 5.3 | CVE-2026-13595 |
| CVE-2026-13757 | MEDIUM | p11-kit | 0.24.0-6build1 | — | 6.2 | CVE-2026-13757 |
| CVE-2026-27456 | MEDIUM | util-linux | 2.37.2-4ubuntu3.5 | — | 4.7 | CVE-2026-27456 |
| CVE-2026-34477 | MEDIUM | org.apache.logging.log4j:log4j-core | 2.17.1 | 2.25.4 | 5.9 | CVE-2026-34477 |
| CVE-2026-34477 | MEDIUM | org.apache.logging.log4j:log4j-core | 2.20.0 | 2.25.4 | 5.9 | CVE-2026-34477 |
| CVE-2026-34480 | MEDIUM | org.apache.logging.log4j:log4j-core | 2.17.1 | 2.25.4 | 7.5 | CVE-2026-34480 |
| CVE-2026-34480 | MEDIUM | org.apache.logging.log4j:log4j-core | 2.20.0 | 2.25.4 | 7.5 | CVE-2026-34480 |
| CVE-2026-40355 | MEDIUM | krb5 | 1.19.2-2ubuntu0.7 | — | 7.5 | CVE-2026-40355 |
| CVE-2026-40356 | MEDIUM | krb5 | 1.19.2-2ubuntu0.7 | — | 7.5 | CVE-2026-40356 |
| CVE-2026-4046 | MEDIUM | glibc | 2.35-0ubuntu3.13 | — | 7.5 | CVE-2026-4046 |
| CVE-2026-41417 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.133.Final | 5.3 | CVE-2026-41417 |
| CVE-2026-42497 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 7.5 | CVE-2026-42497 |
| CVE-2026-42580 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.133.Final | 6.5 | CVE-2026-42580 |
| CVE-2026-42581 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.133.Final | 9.8 | CVE-2026-42581 |
| CVE-2026-42585 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.133.Final | 7.5 | CVE-2026-42585 |
| CVE-2026-42586 | MEDIUM | io.netty:netty-codec-redis | 4.1.101.Final | 4.1.133.Final | 7.1 | CVE-2026-42586 |
| CVE-2026-44248 | MEDIUM | io.netty:netty-codec-mqtt | 4.1.101.Final | 4.1.133.Final | 7.5 | CVE-2026-44248 |
| CVE-2026-45205 | MEDIUM | org.apache.commons:commons-configuration2 | 2.9.0 | 2.15.0 | 5.3 | CVE-2026-45205 |
| CVE-2026-45536 | MEDIUM | io.netty:netty-transport-native-epoll | 4.1.101.Final | 4.1.135.Final | 4 | CVE-2026-45536 |
| CVE-2026-45536 | MEDIUM | io.netty:netty-transport-native-kqueue | 4.1.101.Final | 4.1.135.Final | 4 | CVE-2026-45536 |
| CVE-2026-45673 | MEDIUM | io.netty:netty-resolver-dns | 4.1.101.Final | 4.1.135.Final | 6.8 | CVE-2026-45673 |
| CVE-2026-47244 | MEDIUM | io.netty:netty-codec-http2 | 4.1.101.Final | 4.1.135.Final | 5.3 | CVE-2026-47244 |
| CVE-2026-48043 | MEDIUM | io.netty:netty-codec-http2 | 4.1.101.Final | 4.1.135.Final | 7.5 | CVE-2026-48043 |
| CVE-2026-48959 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 7.5 | CVE-2026-48959 |
| CVE-2026-48961 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 7.3 | CVE-2026-48961 |
| CVE-2026-48962 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 7.3 | CVE-2026-48962 |
| CVE-2026-50020 | MEDIUM | io.netty:netty-codec-http | 4.1.101.Final | 4.1.135.Final | 5.3 | CVE-2026-50020 |
| CVE-2026-50193 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | 2.14.0 | 7.5 | CVE-2026-50193 |
| CVE-2026-50560 | MEDIUM | io.netty:netty-codec-http2 | 4.1.101.Final | 4.1.135.Final | 5.3 | CVE-2026-50560 |
| CVE-2026-53612 | MEDIUM | util-linux | 2.37.2-4ubuntu3.5 | — | CVE-2026-53612 | |
| CVE-2026-53613 | MEDIUM | util-linux | 2.37.2-4ubuntu3.5 | — | CVE-2026-53613 | |
| CVE-2026-53614 | MEDIUM | util-linux | 2.37.2-4ubuntu3.5 | — | CVE-2026-53614 | |
| CVE-2026-53615 | MEDIUM | util-linux | 2.37.2-4ubuntu3.5 | — | CVE-2026-53615 | |
| CVE-2026-5435 | MEDIUM | glibc | 2.35-0ubuntu3.13 | — | 7.3 | CVE-2026-5435 |
| CVE-2026-54369 | MEDIUM | acl | 2.3.1-1 | — | 7.1 | CVE-2026-54369 |
| CVE-2026-54370 | MEDIUM | acl | 2.3.1-1 | — | 6.3 | CVE-2026-54370 |
| CVE-2026-54371 | MEDIUM | attr | 1:2.5.1-1build1 | — | 7.1 | CVE-2026-54371 |
| CVE-2026-54411 | MEDIUM | pam | 1.4.0-11ubuntu2.6 | — | CVE-2026-54411 | |
| CVE-2026-5450 | MEDIUM | glibc | 2.35-0ubuntu3.13 | — | 9.8 | CVE-2026-5450 |
| CVE-2026-54514 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | 2.18.8 | 5.3 | CVE-2026-54514 |
| CVE-2026-54514 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.14.0 | 2.18.8 | 5.3 | CVE-2026-54514 |
| CVE-2026-54514 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.14.1 | 2.18.8 | 5.3 | CVE-2026-54514 |
| CVE-2026-54514 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.16.0 | 2.18.8 | 5.3 | CVE-2026-54514 |
| CVE-2026-54515 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.13.4.2 | — | 5.3 | CVE-2026-54515 |
| CVE-2026-54515 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.14.0 | — | 5.3 | CVE-2026-54515 |
| CVE-2026-54515 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.14.1 | — | 5.3 | CVE-2026-54515 |
| CVE-2026-54515 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.16.0 | — | 5.3 | CVE-2026-54515 |
| CVE-2026-54515 | MEDIUM | com.fasterxml.jackson.core:jackson-databind | 2.18.8 | — | 5.3 | CVE-2026-54515 |
| CVE-2026-58469 | MEDIUM | wget | 1.21.2-2ubuntu1.1 | — | 7.5 | CVE-2026-58469 |
| CVE-2026-58470 | MEDIUM | wget | 1.21.2-2ubuntu1.1 | — | 5.3 | CVE-2026-58470 |
| CVE-2026-58471 | MEDIUM | wget | 1.21.2-2ubuntu1.1 | — | 7.1 | CVE-2026-58471 |
| CVE-2026-58472 | MEDIUM | wget | 1.21.2-2ubuntu1.1 | — | 7.1 | CVE-2026-58472 |
| CVE-2026-5928 | MEDIUM | glibc | 2.35-0ubuntu3.13 | — | 7.5 | CVE-2026-5928 |
| CVE-2026-6238 | MEDIUM | glibc | 2.35-0ubuntu3.13 | — | 6.5 | CVE-2026-6238 |
| CVE-2026-7017 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 7.1 | CVE-2026-7017 |
| CVE-2026-9538 | MEDIUM | perl | 5.34.0-3ubuntu1.7 | — | 7.5 | CVE-2026-9538 |
| GHSA-72hv-8253-57qq | MEDIUM | com.fasterxml.jackson.core:jackson-core | 2.13.4 | 2.18.6 | GHSA-72hv-8253-57qq | |
| GHSA-72hv-8253-57qq | MEDIUM | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | GHSA-72hv-8253-57qq | |
| GHSA-72hv-8253-57qq | MEDIUM | com.fasterxml.jackson.core:jackson-core | 2.14.1 | 2.18.6 | GHSA-72hv-8253-57qq | |
| GHSA-72hv-8253-57qq | MEDIUM | com.fasterxml.jackson.core:jackson-core | 2.16.0 | 2.18.6 | GHSA-72hv-8253-57qq | |
| CVE-2020-8908 | LOW | com.google.guava:guava | 31.1-jre | 32.0.0-android | 3.3 | CVE-2020-8908 |
| CVE-2022-27943 | LOW | gcc-12 | 12.3.0-1ubuntu1~22.04.3 | — | 5.5 | CVE-2022-27943 |
| CVE-2022-41409 | LOW | pcre2 | 10.39-3ubuntu0.1 | — | 7.5 | CVE-2022-41409 |
| CVE-2022-4899 | LOW | libzstd | 1.4.8+dfsg-3build1 | — | 7.5 | CVE-2022-4899 |
| CVE-2023-29383 | LOW | shadow | 1:4.8.1-2ubuntu2.2 | — | 3.3 | CVE-2023-29383 |
| CVE-2023-50495 | LOW | ncurses | 6.3-2ubuntu0.2 | — | 6.5 | CVE-2023-50495 |
| CVE-2024-10524 | LOW | wget | 1.21.2-2ubuntu1.1 | — | CVE-2024-10524 | |
| CVE-2024-12801 | LOW | ch.qos.logback:logback-core | 1.2.13 | 1.3.15 | CVE-2024-12801 | |
| CVE-2024-2236 | LOW | libgcrypt20 | 1.9.4-3ubuntu3.2 | — | 5.9 | CVE-2024-2236 |
| CVE-2024-56433 | LOW | shadow | 1:4.8.1-2ubuntu2.2 | — | CVE-2024-56433 | |
| CVE-2025-11143 | LOW | org.eclipse.jetty:jetty-http | 9.4.57.v20241219 | — | 6.5 | CVE-2025-11143 |
| CVE-2025-5278 | LOW | coreutils | 8.32-4.1ubuntu1.3 | — | 4.4 | CVE-2025-5278 |
| CVE-2025-58056 | LOW | io.netty:netty-codec-http | 4.1.101.Final | 4.1.125.Final | 7.5 | CVE-2025-58056 |
| CVE-2025-6141 | LOW | ncurses | 6.3-2ubuntu0.2 | — | 3.3 | CVE-2025-6141 |
| CVE-2026-10532 | LOW | ch.qos.logback:logback-core | 1.2.13 | 1.5.35 | CVE-2026-10532 | |
| CVE-2026-1225 | LOW | ch.qos.logback:logback-core | 1.2.13 | 1.5.25 | CVE-2026-1225 | |
| CVE-2026-42250 | LOW | bzip2 | 1.0.8-5build1 | — | CVE-2026-42250 | |
| CVE-2026-42578 | LOW | io.netty:netty-handler-proxy | 4.1.101.Final | 4.1.133.Final | 7.5 | CVE-2026-42578 |
| CVE-2026-57062 | LOW | gnupg2 | 2.2.27-3ubuntu2.5 | — | CVE-2026-57062 | |
| CVE-2026-9828 | LOW | ch.qos.logback:logback-core | 1.2.13 | 1.5.33 | CVE-2026-9828 | |
| CVE-2017-11164 | MINIMAL | pcre3 | 2:8.39-13ubuntu0.22.04.1 | — | 7.5 | CVE-2017-11164 |
Suppressed as not_affected by VEX statement (see the OpenVEX doc): CVE-2025-59250