High – sbomify · v26.1.0

High

CVE	Image	Package	Installed	Fixed In	VEX Status
CVE-2025-6021	postgres	libxml2	2.15.1	—
CVE-2026-28389	postgres	openssl	3.6.1	1.0.2zp
CVE-2026-28390	postgres	openssl	3.6.1	1.0.2zp
CVE-2026-2673	postgres	openssl	3.6.1	3.5.6	affected
CVE-2026-4437	postgres	glibc	2.42	—	affected
CVE-2026-28388	postgres	openssl	3.6.1	1.0.2zp
CVE-2026-31790	postgres	openssl	3.6.1	3.0.20
CVE-2025-6021	redis	libxml2	2.15.1	—
CVE-2025-32990	redis	gnutls	3.8.12	—
CVE-2026-28389	redis	openssl	3.6.1	1.0.2zp
CVE-2026-28390	redis	openssl	3.6.1	1.0.2zp
CVE-2026-2673	redis	openssl	3.6.1	3.5.6	affected
CVE-2026-3805	redis	curl	8.18.0	8.19.0
CVE-2026-28388	redis	openssl	3.6.1	1.0.2zp
CVE-2026-31790	redis	openssl	3.6.1	3.0.20
CVE-2026-27135	redis	nghttp2	1.67.1	1.68.1
GHSA-v2wj-q39q-566r	sbomify-app	vite	7.3.1	7.3.2
GHSA-p9ff-h696-f583	sbomify-app	vite	7.3.1	7.3.2
CVE-2026-28389	sbomify-app	openssl	3.6.1	1.0.2zp
CVE-2026-28390	sbomify-app	openssl	3.6.1	1.0.2zp
CVE-2026-2673	sbomify-app	openssl	3.6.1	3.5.6	affected
CVE-2026-28388	sbomify-app	openssl	3.6.1	1.0.2zp
CVE-2026-31790	sbomify-app	openssl	3.6.1	3.0.20
GHSA-5c6j-r48x-rmvq	sbomify-app	serialize-javascript	6.0.2	7.0.3	affected
CVE-2017-12159	sbomify-keycloak	keycloak	26.5.6	—
CVE-2026-28389	sbomify-keycloak	openssl	3.6.1	1.0.2zp
CVE-2026-28390	sbomify-keycloak	openssl	3.6.1	1.0.2zp
CVE-2026-2673	sbomify-keycloak	openssl	3.6.1	3.5.6	affected
CVE-2026-4437	sbomify-keycloak	glibc	2.42	—	affected
CVE-2026-3805	sbomify-keycloak	curl	8.18.0	8.19.0
CVE-2026-28388	sbomify-keycloak	openssl	3.6.1	1.0.2zp
CVE-2026-31790	sbomify-keycloak	openssl	3.6.1	3.0.20
CVE-2026-27135	sbomify-keycloak	nghttp2	1.67.1	1.68.1
CVE-2026-28389	sbomify-caddy-dev	openssl	3.6.1	1.0.2zp
CVE-2026-28390	sbomify-caddy-dev	openssl	3.6.1	1.0.2zp
CVE-2026-2673	sbomify-caddy-dev	openssl	3.6.1	3.5.6	affected
CVE-2026-28388	sbomify-caddy-dev	openssl	3.6.1	1.0.2zp
CVE-2026-31790	sbomify-caddy-dev	openssl	3.6.1	3.0.20

Last updated on April 19, 2026 • David Laing

Critical Medium