{
  "schemaVersion": 1,
  "generatedAt": "2026-06-05T18:37:24.947Z",
  "evaluationDate": "2026-06-05",
  "policy": {
    "blockingSeverities": [
      "CRITICAL",
      "HIGH"
    ],
    "waiverRequirements": [
      "CVE or vulnerability ID",
      "explicit target",
      "owner",
      "approver",
      "Jira or tracking issue",
      "decision",
      "rationale",
      "expiry",
      "compensating controls",
      "remediation plan",
      "approval evidence",
      "customer-safe public rationale",
      "customer-safe public compensating controls"
    ],
    "scope": {
      "defaultMode": "blocking",
      "manifestFile": "scan-manifest.json",
      "reportOnlyMode": "Findings from report-only scan reports are retained as evidence but do not fail the release gate."
    }
  },
  "status": "pass",
  "totals": {
    "reports": 17,
    "findings": 1343,
    "blockingFindings": 0,
    "violations": 0,
    "waived": 0,
    "reportOnlyFindings": 1343,
    "invalidWaivers": 0,
    "expiredWaivers": 0
  },
  "violations": [],
  "waived": [],
  "reportOnly": [
    {
      "id": "CVE-2026-3061",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.116-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Media"
    },
    {
      "id": "CVE-2026-3062",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.116-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Tint"
    },
    {
      "id": "CVE-2026-3913",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-4439",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in WebGL"
    },
    {
      "id": "CVE-2026-4440",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in WebGL"
    },
    {
      "id": "CVE-2026-4441",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-6296",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-7898",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-7910",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-8509",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-8510",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-8511",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-8512",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-8513",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-8514",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-8515",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in HID"
    },
    {
      "id": "CVE-2026-8516",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in DataTransfer"
    },
    {
      "id": "CVE-2026-8517",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Object lifecycle issue in WebShare"
    },
    {
      "id": "CVE-2026-8518",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Blink"
    },
    {
      "id": "CVE-2026-8519",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-8520",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Race in Payments"
    },
    {
      "id": "CVE-2026-8521",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Tab Groups"
    },
    {
      "id": "CVE-2026-8522",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Downloads"
    },
    {
      "id": "CVE-2026-9872",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9873",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9874",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-9875",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9876",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9878",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9879",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9880",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebGL"
    },
    {
      "id": "CVE-2026-9881",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9883",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9884",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Browser"
    },
    {
      "id": "CVE-2026-9885",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in UI"
    },
    {
      "id": "CVE-2026-9886",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9888",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebView"
    },
    {
      "id": "CVE-2026-9889",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Dawn"
    },
    {
      "id": "CVE-2026-9890",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-9891",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-9892",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9893",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10000",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10001",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PerformanceManager"
    },
    {
      "id": "CVE-2026-10002",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-10003",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-10005",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-10006",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebAudio"
    },
    {
      "id": "CVE-2026-10007",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed ..."
    },
    {
      "id": "CVE-2026-10008",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-10009",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-10010",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Input"
    },
    {
      "id": "CVE-2026-10011",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-10012",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10013",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebCodecs"
    },
    {
      "id": "CVE-2026-10014",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-10015",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WTF"
    },
    {
      "id": "CVE-2026-10016",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-10019",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-3536",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-3537",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "Object lifecycle issue in PowerVR in Google Chrome on Android prior to ..."
    },
    {
      "id": "CVE-2026-3538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-3539",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Object lifecycle issue in DevTools"
    },
    {
      "id": "CVE-2026-3540",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebAudio"
    },
    {
      "id": "CVE-2026-3541",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in CSS"
    },
    {
      "id": "CVE-2026-3542",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebAssembly"
    },
    {
      "id": "CVE-2026-3543",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-3544",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebCodecs"
    },
    {
      "id": "CVE-2026-3545",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Insufficient data validation in Navigation"
    },
    {
      "id": "CVE-2026-3909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.80-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Skia"
    },
    {
      "id": "CVE-2026-3910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.80-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-3914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WebML"
    },
    {
      "id": "CVE-2026-3915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-3916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Web Speech"
    },
    {
      "id": "CVE-2026-3917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in Agents"
    },
    {
      "id": "CVE-2026-3918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMCP"
    },
    {
      "id": "CVE-2026-3919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-3920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in WebML"
    },
    {
      "id": "CVE-2026-3921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in TextEncoding"
    },
    {
      "id": "CVE-2026-3922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in MediaStream"
    },
    {
      "id": "CVE-2026-3923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-3924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in WindowDialog"
    },
    {
      "id": "CVE-2026-3932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "Insufficient policy enforcement in PDF in Google Chrome on Android pri ..."
    },
    {
      "id": "CVE-2026-4442",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in CSS"
    },
    {
      "id": "CVE-2026-4443",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebAudio"
    },
    {
      "id": "CVE-2026-4444",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Stack buffer overflow in WebRTC"
    },
    {
      "id": "CVE-2026-4446",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-4447",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-4448",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-4449",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Blink"
    },
    {
      "id": "CVE-2026-4450",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-4451",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Navigation"
    },
    {
      "id": "CVE-2026-4452",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-4453",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Dawn"
    },
    {
      "id": "CVE-2026-4454",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-4455",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-4456",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Digital Credentials API"
    },
    {
      "id": "CVE-2026-4457",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-4458",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-4459",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in WebAudio"
    },
    {
      "id": "CVE-2026-4460",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Skia"
    },
    {
      "id": "CVE-2026-4461",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-4462",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Blink"
    },
    {
      "id": "CVE-2026-4463",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebRTC"
    },
    {
      "id": "CVE-2026-4673",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebAudio"
    },
    {
      "id": "CVE-2026-4674",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in CSS"
    },
    {
      "id": "CVE-2026-4675",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebGL"
    },
    {
      "id": "CVE-2026-4676",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-4677",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebAudio"
    },
    {
      "id": "CVE-2026-4678",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGPU"
    },
    {
      "id": "CVE-2026-4679",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Fonts"
    },
    {
      "id": "CVE-2026-4680",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Use after free in FedCM"
    },
    {
      "id": "CVE-2026-5272",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in GPU"
    },
    {
      "id": "CVE-2026-5273",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in CSS"
    },
    {
      "id": "CVE-2026-5274",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Codecs"
    },
    {
      "id": "CVE-2026-5275",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-5276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in WebUSB"
    },
    {
      "id": "CVE-2026-5277",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-5278",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Web MIDI"
    },
    {
      "id": "CVE-2026-5279",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Object corruption in V8"
    },
    {
      "id": "CVE-2026-5280",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in WebCodecs"
    },
    {
      "id": "CVE-2026-5281",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-5282",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebCodecs"
    },
    {
      "id": "CVE-2026-5283",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-5284",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-5285",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-5286",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-5287",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-5858",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Google Chrome: Arbitrary code execution via heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-5859",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WebML"
    },
    {
      "id": "CVE-2026-5860",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-5861",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in V8"
    },
    {
      "id": "CVE-2026-5862",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-5863",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-5864",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebAudio"
    },
    {
      "id": "CVE-2026-5865",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-5866",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-5867",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-5868",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-5869",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-5870",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-5871",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-5872",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in Blink"
    },
    {
      "id": "CVE-2026-5873",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in V8"
    },
    {
      "id": "CVE-2026-5874",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Google Chrome: Sandbox escape via use-after-free in PrivateAI"
    },
    {
      "id": "CVE-2026-5883",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-6297",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Proxy"
    },
    {
      "id": "CVE-2026-6298",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Skia"
    },
    {
      "id": "CVE-2026-6299",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Prerender"
    },
    {
      "id": "CVE-2026-6300",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in CSS"
    },
    {
      "id": "CVE-2026-6301",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Turbofan"
    },
    {
      "id": "CVE-2026-6302",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Video"
    },
    {
      "id": "CVE-2026-6303",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Codecs"
    },
    {
      "id": "CVE-2026-6304",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Graphite"
    },
    {
      "id": "CVE-2026-6305",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-6306",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-6307",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Turbofan"
    },
    {
      "id": "CVE-2026-6308",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Media"
    },
    {
      "id": "CVE-2026-6309",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Viz"
    },
    {
      "id": "CVE-2026-6310",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-6311",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Accessibility"
    },
    {
      "id": "CVE-2026-6312",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in Passwords"
    },
    {
      "id": "CVE-2026-6313",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in CORS"
    },
    {
      "id": "CVE-2026-6314",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-6315",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Permissions"
    },
    {
      "id": "CVE-2026-6316",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Forms"
    },
    {
      "id": "CVE-2026-6317",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-6358",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-6359",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Video"
    },
    {
      "id": "CVE-2026-6360",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-6361",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-6362",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Codecs"
    },
    {
      "id": "CVE-2026-6919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.116-1~deb13u1",
      "title": "Google Chrome: Chromium: chromium-browser: Use after free in DevTools"
    },
    {
      "id": "CVE-2026-6920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.116-1~deb13u1",
      "title": "Google Chrome: Chromium: chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-7333",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-7334",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-7335",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in media"
    },
    {
      "id": "CVE-2026-7336",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-7337",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-7338",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-7341",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-7342",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebView"
    },
    {
      "id": "CVE-2026-7343",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-7344",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-7345",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Feedback"
    },
    {
      "id": "CVE-2026-7346",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Tint"
    },
    {
      "id": "CVE-2026-7347",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-7348",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Codecs"
    },
    {
      "id": "CVE-2026-7349",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-7350",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-7351",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Race in MHTML"
    },
    {
      "id": "CVE-2026-7352",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-7353",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Skia"
    },
    {
      "id": "CVE-2026-7354",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Angle"
    },
    {
      "id": "CVE-2026-7356",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Navigation"
    },
    {
      "id": "CVE-2026-7357",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-7358",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Animation"
    },
    {
      "id": "CVE-2026-7359",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-7360",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Compositing"
    },
    {
      "id": "CVE-2026-7361",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in iOS"
    },
    {
      "id": "CVE-2026-7363",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Canvas"
    },
    {
      "id": "CVE-2026-7896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Blink"
    },
    {
      "id": "CVE-2026-7897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Mobile"
    },
    {
      "id": "CVE-2026-7899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in V8"
    },
    {
      "id": "CVE-2026-7900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-7901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-7902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in V8"
    },
    {
      "id": "CVE-2026-7903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-7904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Fonts"
    },
    {
      "id": "CVE-2026-7905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-7906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in SVG"
    },
    {
      "id": "CVE-2026-7907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-7908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Fullscreen"
    },
    {
      "id": "CVE-2026-7909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ServiceWorker"
    },
    {
      "id": "CVE-2026-7911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-7912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Integer overflow in GPU"
    },
    {
      "id": "CVE-2026-7913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in DevTools"
    },
    {
      "id": "CVE-2026-7914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Accessibility"
    },
    {
      "id": "CVE-2026-7915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient data validation in DevTools"
    },
    {
      "id": "CVE-2026-7916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient data validation in InterestGroups"
    },
    {
      "id": "CVE-2026-7917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Fullscreen"
    },
    {
      "id": "CVE-2026-7918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-7919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-7920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-7921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-7922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in ServiceWorker"
    },
    {
      "id": "CVE-2026-7923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Skia"
    },
    {
      "id": "CVE-2026-7924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Dawn"
    },
    {
      "id": "CVE-2026-7925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-7926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in PresentationAPI"
    },
    {
      "id": "CVE-2026-7927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Runtime"
    },
    {
      "id": "CVE-2026-7928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-7929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in MediaRecording"
    },
    {
      "id": "CVE-2026-8523",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Mojo"
    },
    {
      "id": "CVE-2026-8524",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in WebAudio"
    },
    {
      "id": "CVE-2026-8525",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-8526",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in WebRTC"
    },
    {
      "id": "CVE-2026-8527",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in Downloads"
    },
    {
      "id": "CVE-2026-8528",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in SiteIsolation"
    },
    {
      "id": "CVE-2026-8529",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in Codecs"
    },
    {
      "id": "CVE-2026-8530",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-8531",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-8532",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in XML"
    },
    {
      "id": "CVE-2026-8533",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-8534",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in GPU"
    },
    {
      "id": "CVE-2026-8535",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in Media"
    },
    {
      "id": "CVE-2026-8536",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in ReadingMode"
    },
    {
      "id": "CVE-2026-8537",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in ViewTransitions"
    },
    {
      "id": "CVE-2026-8538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in GPU"
    },
    {
      "id": "CVE-2026-8539",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Script injection in SanitizerAPI"
    },
    {
      "id": "CVE-2026-8540",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-8541",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in UI"
    },
    {
      "id": "CVE-2026-8542",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-8543",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in FileSystem"
    },
    {
      "id": "CVE-2026-8544",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-8545",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Object corruption in Compositing"
    },
    {
      "id": "CVE-2026-8546",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-8547",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in Passwords"
    },
    {
      "id": "CVE-2026-8548",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in Media"
    },
    {
      "id": "CVE-2026-8549",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-8550",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Google Lens"
    },
    {
      "id": "CVE-2026-8551",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Downloads"
    },
    {
      "id": "CVE-2026-8552",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in GPU"
    },
    {
      "id": "CVE-2026-8553",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-8554",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Type Confusion in ANGLE"
    },
    {
      "id": "CVE-2026-8555",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in GTK"
    },
    {
      "id": "CVE-2026-8556",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-8557",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-8558",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in Fonts"
    },
    {
      "id": "CVE-2026-8559",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in Internationalization"
    },
    {
      "id": "CVE-2026-9111",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9112",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9113",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-9114",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in QUIC"
    },
    {
      "id": "CVE-2026-9115",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in Service Worker"
    },
    {
      "id": "CVE-2026-9116",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in ServiceWorker"
    },
    {
      "id": "CVE-2026-9117",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Type Confusion in GFX"
    },
    {
      "id": "CVE-2026-9118",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-9119",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebRTC"
    },
    {
      "id": "CVE-2026-9120",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9877",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9887",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Proxy"
    },
    {
      "id": "CVE-2026-9894",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9895",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-9896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-9898",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in GPU"
    },
    {
      "id": "CVE-2026-9899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Site Isolation"
    },
    {
      "id": "CVE-2026-9904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Dawn"
    },
    {
      "id": "CVE-2026-9908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in ANGLE"
    },
    {
      "id": "CVE-2026-9911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in GPU"
    },
    {
      "id": "CVE-2026-9913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-9914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Tint"
    },
    {
      "id": "CVE-2026-9919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-9921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-9924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebGL"
    },
    {
      "id": "CVE-2026-9930",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Dawn"
    },
    {
      "id": "CVE-2026-9931",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9933",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9934",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-9935",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9936",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GFX"
    },
    {
      "id": "CVE-2026-9937",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9938",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-9939",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebCodecs"
    },
    {
      "id": "CVE-2026-9940",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9941",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9942",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9943",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9945",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-9946",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9947",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XML"
    },
    {
      "id": "CVE-2026-9948",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9950",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in iOS"
    },
    {
      "id": "CVE-2026-9951",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9952",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAudio"
    },
    {
      "id": "CVE-2026-9953",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9954",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in TabStrip"
    },
    {
      "id": "CVE-2026-9955",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9956",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in iOS"
    },
    {
      "id": "CVE-2026-9957",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-9958",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-9959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebRTC"
    },
    {
      "id": "CVE-2026-9960",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in PDFium"
    },
    {
      "id": "CVE-2026-9961",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in SurfaceCapture"
    },
    {
      "id": "CVE-2026-9962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9963",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Uninitialized Use in iOS"
    },
    {
      "id": "CVE-2026-9964",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9965",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9966",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in XML"
    },
    {
      "id": "CVE-2026-9967",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9968",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-9969",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9970",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9971",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9972",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Gamepad"
    },
    {
      "id": "CVE-2026-9973",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9974",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9975",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in ANGLE"
    },
    {
      "id": "CVE-2026-9976",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in USB"
    },
    {
      "id": "CVE-2026-9977",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebShare"
    },
    {
      "id": "CVE-2026-9978",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-9979",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Input"
    },
    {
      "id": "CVE-2026-9980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Printing"
    },
    {
      "id": "CVE-2026-9981",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9982",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9983",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Skia"
    },
    {
      "id": "CVE-2026-9984",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9985",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-9986",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in OptimizationGuide"
    },
    {
      "id": "CVE-2026-9987",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9988",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9989",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9990",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9991",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9992",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9993",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9994",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9995",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebXR"
    },
    {
      "id": "CVE-2026-9996",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebRTC"
    },
    {
      "id": "CVE-2026-9997",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9998",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9999",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-3061",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.116-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Media"
    },
    {
      "id": "CVE-2026-3062",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.116-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Tint"
    },
    {
      "id": "CVE-2026-3913",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-4439",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in WebGL"
    },
    {
      "id": "CVE-2026-4440",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in WebGL"
    },
    {
      "id": "CVE-2026-4441",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-6296",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-7898",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-7910",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-8509",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-8510",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-8511",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-8512",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-8513",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-8514",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-8515",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in HID"
    },
    {
      "id": "CVE-2026-8516",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in DataTransfer"
    },
    {
      "id": "CVE-2026-8517",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Object lifecycle issue in WebShare"
    },
    {
      "id": "CVE-2026-8518",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Blink"
    },
    {
      "id": "CVE-2026-8519",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-8520",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Race in Payments"
    },
    {
      "id": "CVE-2026-8521",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Tab Groups"
    },
    {
      "id": "CVE-2026-8522",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Downloads"
    },
    {
      "id": "CVE-2026-9872",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9873",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9874",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-9875",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9876",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9878",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9879",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9880",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebGL"
    },
    {
      "id": "CVE-2026-9881",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9883",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9884",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Browser"
    },
    {
      "id": "CVE-2026-9885",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in UI"
    },
    {
      "id": "CVE-2026-9886",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9888",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebView"
    },
    {
      "id": "CVE-2026-9889",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Dawn"
    },
    {
      "id": "CVE-2026-9890",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-9891",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-9892",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9893",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10000",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10001",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PerformanceManager"
    },
    {
      "id": "CVE-2026-10002",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-10003",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-10005",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-10006",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebAudio"
    },
    {
      "id": "CVE-2026-10007",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed ..."
    },
    {
      "id": "CVE-2026-10008",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-10009",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-10010",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Input"
    },
    {
      "id": "CVE-2026-10011",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-10012",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10013",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebCodecs"
    },
    {
      "id": "CVE-2026-10014",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-10015",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WTF"
    },
    {
      "id": "CVE-2026-10016",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-10019",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-3536",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-3537",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "Object lifecycle issue in PowerVR in Google Chrome on Android prior to ..."
    },
    {
      "id": "CVE-2026-3538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-3539",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Object lifecycle issue in DevTools"
    },
    {
      "id": "CVE-2026-3540",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebAudio"
    },
    {
      "id": "CVE-2026-3541",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in CSS"
    },
    {
      "id": "CVE-2026-3542",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebAssembly"
    },
    {
      "id": "CVE-2026-3543",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-3544",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebCodecs"
    },
    {
      "id": "CVE-2026-3545",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "145.0.7632.159-1~deb13u1",
      "title": "chromium-browser: Insufficient data validation in Navigation"
    },
    {
      "id": "CVE-2026-3909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.80-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Skia"
    },
    {
      "id": "CVE-2026-3910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.80-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-3914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WebML"
    },
    {
      "id": "CVE-2026-3915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-3916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Web Speech"
    },
    {
      "id": "CVE-2026-3917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in Agents"
    },
    {
      "id": "CVE-2026-3918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMCP"
    },
    {
      "id": "CVE-2026-3919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-3920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in WebML"
    },
    {
      "id": "CVE-2026-3921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in TextEncoding"
    },
    {
      "id": "CVE-2026-3922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in MediaStream"
    },
    {
      "id": "CVE-2026-3923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-3924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "chromium-browser: Use after free in WindowDialog"
    },
    {
      "id": "CVE-2026-3932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.71-1~deb13u1",
      "title": "Insufficient policy enforcement in PDF in Google Chrome on Android pri ..."
    },
    {
      "id": "CVE-2026-4442",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in CSS"
    },
    {
      "id": "CVE-2026-4443",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebAudio"
    },
    {
      "id": "CVE-2026-4444",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Stack buffer overflow in WebRTC"
    },
    {
      "id": "CVE-2026-4446",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-4447",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-4448",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-4449",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Blink"
    },
    {
      "id": "CVE-2026-4450",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-4451",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Navigation"
    },
    {
      "id": "CVE-2026-4452",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-4453",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Dawn"
    },
    {
      "id": "CVE-2026-4454",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-4455",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-4456",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Digital Credentials API"
    },
    {
      "id": "CVE-2026-4457",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-4458",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-4459",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in WebAudio"
    },
    {
      "id": "CVE-2026-4460",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Skia"
    },
    {
      "id": "CVE-2026-4461",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-4462",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Blink"
    },
    {
      "id": "CVE-2026-4463",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.153-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebRTC"
    },
    {
      "id": "CVE-2026-4673",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebAudio"
    },
    {
      "id": "CVE-2026-4674",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in CSS"
    },
    {
      "id": "CVE-2026-4675",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebGL"
    },
    {
      "id": "CVE-2026-4676",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-4677",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebAudio"
    },
    {
      "id": "CVE-2026-4678",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGPU"
    },
    {
      "id": "CVE-2026-4679",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Fonts"
    },
    {
      "id": "CVE-2026-4680",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.164-1~deb13u1",
      "title": "chromium-browser: Use after free in FedCM"
    },
    {
      "id": "CVE-2026-5272",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in GPU"
    },
    {
      "id": "CVE-2026-5273",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in CSS"
    },
    {
      "id": "CVE-2026-5274",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Codecs"
    },
    {
      "id": "CVE-2026-5275",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-5276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in WebUSB"
    },
    {
      "id": "CVE-2026-5277",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-5278",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Web MIDI"
    },
    {
      "id": "CVE-2026-5279",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Object corruption in V8"
    },
    {
      "id": "CVE-2026-5280",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in WebCodecs"
    },
    {
      "id": "CVE-2026-5281",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-5282",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebCodecs"
    },
    {
      "id": "CVE-2026-5283",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-5284",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-5285",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-5286",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-5287",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "146.0.7680.177-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-5858",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Google Chrome: Arbitrary code execution via heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-5859",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WebML"
    },
    {
      "id": "CVE-2026-5860",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-5861",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in V8"
    },
    {
      "id": "CVE-2026-5862",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-5863",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-5864",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebAudio"
    },
    {
      "id": "CVE-2026-5865",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-5866",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-5867",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-5868",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-5869",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-5870",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-5871",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-5872",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in Blink"
    },
    {
      "id": "CVE-2026-5873",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in V8"
    },
    {
      "id": "CVE-2026-5874",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Google Chrome: Sandbox escape via use-after-free in PrivateAI"
    },
    {
      "id": "CVE-2026-5883",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.55-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-6297",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Proxy"
    },
    {
      "id": "CVE-2026-6298",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Skia"
    },
    {
      "id": "CVE-2026-6299",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Prerender"
    },
    {
      "id": "CVE-2026-6300",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in CSS"
    },
    {
      "id": "CVE-2026-6301",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Turbofan"
    },
    {
      "id": "CVE-2026-6302",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Video"
    },
    {
      "id": "CVE-2026-6303",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Codecs"
    },
    {
      "id": "CVE-2026-6304",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Graphite"
    },
    {
      "id": "CVE-2026-6305",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-6306",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-6307",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Turbofan"
    },
    {
      "id": "CVE-2026-6308",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Media"
    },
    {
      "id": "CVE-2026-6309",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Viz"
    },
    {
      "id": "CVE-2026-6310",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-6311",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Accessibility"
    },
    {
      "id": "CVE-2026-6312",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in Passwords"
    },
    {
      "id": "CVE-2026-6313",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in CORS"
    },
    {
      "id": "CVE-2026-6314",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-6315",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Permissions"
    },
    {
      "id": "CVE-2026-6316",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Forms"
    },
    {
      "id": "CVE-2026-6317",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-6358",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-6359",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Video"
    },
    {
      "id": "CVE-2026-6360",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-6361",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in PDFium"
    },
    {
      "id": "CVE-2026-6362",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.101-1~deb13u1",
      "title": "chromium-browser: Use after free in Codecs"
    },
    {
      "id": "CVE-2026-6919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.116-1~deb13u1",
      "title": "Google Chrome: Chromium: chromium-browser: Use after free in DevTools"
    },
    {
      "id": "CVE-2026-6920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.116-1~deb13u1",
      "title": "Google Chrome: Chromium: chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-7333",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-7334",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-7335",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in media"
    },
    {
      "id": "CVE-2026-7336",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-7337",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-7338",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-7341",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-7342",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebView"
    },
    {
      "id": "CVE-2026-7343",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-7344",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-7345",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Feedback"
    },
    {
      "id": "CVE-2026-7346",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Tint"
    },
    {
      "id": "CVE-2026-7347",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-7348",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Codecs"
    },
    {
      "id": "CVE-2026-7349",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-7350",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-7351",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Race in MHTML"
    },
    {
      "id": "CVE-2026-7352",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-7353",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Skia"
    },
    {
      "id": "CVE-2026-7354",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Angle"
    },
    {
      "id": "CVE-2026-7356",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Navigation"
    },
    {
      "id": "CVE-2026-7357",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-7358",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Animation"
    },
    {
      "id": "CVE-2026-7359",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-7360",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Compositing"
    },
    {
      "id": "CVE-2026-7361",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in iOS"
    },
    {
      "id": "CVE-2026-7363",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "147.0.7727.137-1~deb13u1",
      "title": "chromium-browser: Use after free in Canvas"
    },
    {
      "id": "CVE-2026-7896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Blink"
    },
    {
      "id": "CVE-2026-7897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Mobile"
    },
    {
      "id": "CVE-2026-7899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in V8"
    },
    {
      "id": "CVE-2026-7900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-7901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-7902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in V8"
    },
    {
      "id": "CVE-2026-7903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-7904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Fonts"
    },
    {
      "id": "CVE-2026-7905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-7906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in SVG"
    },
    {
      "id": "CVE-2026-7907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-7908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Fullscreen"
    },
    {
      "id": "CVE-2026-7909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ServiceWorker"
    },
    {
      "id": "CVE-2026-7911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-7912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Integer overflow in GPU"
    },
    {
      "id": "CVE-2026-7913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in DevTools"
    },
    {
      "id": "CVE-2026-7914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Accessibility"
    },
    {
      "id": "CVE-2026-7915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient data validation in DevTools"
    },
    {
      "id": "CVE-2026-7916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Insufficient data validation in InterestGroups"
    },
    {
      "id": "CVE-2026-7917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Fullscreen"
    },
    {
      "id": "CVE-2026-7918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-7919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-7920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-7921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-7922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in ServiceWorker"
    },
    {
      "id": "CVE-2026-7923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Skia"
    },
    {
      "id": "CVE-2026-7924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Dawn"
    },
    {
      "id": "CVE-2026-7925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-7926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in PresentationAPI"
    },
    {
      "id": "CVE-2026-7927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Runtime"
    },
    {
      "id": "CVE-2026-7928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-7929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.96-1~deb13u1",
      "title": "chromium-browser: Use after free in MediaRecording"
    },
    {
      "id": "CVE-2026-8523",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Mojo"
    },
    {
      "id": "CVE-2026-8524",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in WebAudio"
    },
    {
      "id": "CVE-2026-8525",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-8526",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in WebRTC"
    },
    {
      "id": "CVE-2026-8527",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in Downloads"
    },
    {
      "id": "CVE-2026-8528",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in SiteIsolation"
    },
    {
      "id": "CVE-2026-8529",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in Codecs"
    },
    {
      "id": "CVE-2026-8530",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-8531",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in WebML"
    },
    {
      "id": "CVE-2026-8532",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in XML"
    },
    {
      "id": "CVE-2026-8533",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-8534",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in GPU"
    },
    {
      "id": "CVE-2026-8535",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in Media"
    },
    {
      "id": "CVE-2026-8536",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in ReadingMode"
    },
    {
      "id": "CVE-2026-8537",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in ViewTransitions"
    },
    {
      "id": "CVE-2026-8538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in GPU"
    },
    {
      "id": "CVE-2026-8539",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Script injection in SanitizerAPI"
    },
    {
      "id": "CVE-2026-8540",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-8541",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in UI"
    },
    {
      "id": "CVE-2026-8542",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-8543",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in FileSystem"
    },
    {
      "id": "CVE-2026-8544",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-8545",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Object corruption in Compositing"
    },
    {
      "id": "CVE-2026-8546",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-8547",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in Passwords"
    },
    {
      "id": "CVE-2026-8548",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in Media"
    },
    {
      "id": "CVE-2026-8549",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-8550",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Google Lens"
    },
    {
      "id": "CVE-2026-8551",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Downloads"
    },
    {
      "id": "CVE-2026-8552",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Heap buffer overflow in GPU"
    },
    {
      "id": "CVE-2026-8553",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-8554",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Type Confusion in ANGLE"
    },
    {
      "id": "CVE-2026-8555",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in GTK"
    },
    {
      "id": "CVE-2026-8556",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-8557",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-8558",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Out of bounds write in Fonts"
    },
    {
      "id": "CVE-2026-8559",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.167-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Integer overflow in Internationalization"
    },
    {
      "id": "CVE-2026-9111",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9112",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9113",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-9114",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in QUIC"
    },
    {
      "id": "CVE-2026-9115",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in Service Worker"
    },
    {
      "id": "CVE-2026-9116",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Insufficient policy enforcement in ServiceWorker"
    },
    {
      "id": "CVE-2026-9117",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Type Confusion in GFX"
    },
    {
      "id": "CVE-2026-9118",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-9119",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebRTC"
    },
    {
      "id": "CVE-2026-9120",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.178-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9877",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9887",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Proxy"
    },
    {
      "id": "CVE-2026-9894",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9895",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-9896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-9898",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in GPU"
    },
    {
      "id": "CVE-2026-9899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Site Isolation"
    },
    {
      "id": "CVE-2026-9904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Dawn"
    },
    {
      "id": "CVE-2026-9908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in ANGLE"
    },
    {
      "id": "CVE-2026-9911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in GPU"
    },
    {
      "id": "CVE-2026-9913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-9914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Tint"
    },
    {
      "id": "CVE-2026-9919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-9921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-9924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebGL"
    },
    {
      "id": "CVE-2026-9930",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Dawn"
    },
    {
      "id": "CVE-2026-9931",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9933",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9934",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-9935",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9936",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GFX"
    },
    {
      "id": "CVE-2026-9937",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9938",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-9939",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebCodecs"
    },
    {
      "id": "CVE-2026-9940",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9941",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9942",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9943",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9945",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-9946",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9947",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XML"
    },
    {
      "id": "CVE-2026-9948",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9950",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in iOS"
    },
    {
      "id": "CVE-2026-9951",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9952",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAudio"
    },
    {
      "id": "CVE-2026-9953",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9954",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in TabStrip"
    },
    {
      "id": "CVE-2026-9955",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9956",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in iOS"
    },
    {
      "id": "CVE-2026-9957",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-9958",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-9959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebRTC"
    },
    {
      "id": "CVE-2026-9960",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in PDFium"
    },
    {
      "id": "CVE-2026-9961",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in SurfaceCapture"
    },
    {
      "id": "CVE-2026-9962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9963",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Uninitialized Use in iOS"
    },
    {
      "id": "CVE-2026-9964",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9965",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9966",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in XML"
    },
    {
      "id": "CVE-2026-9967",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9968",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-9969",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9970",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9971",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9972",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Gamepad"
    },
    {
      "id": "CVE-2026-9973",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9974",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9975",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in ANGLE"
    },
    {
      "id": "CVE-2026-9976",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in USB"
    },
    {
      "id": "CVE-2026-9977",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebShare"
    },
    {
      "id": "CVE-2026-9978",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-9979",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Input"
    },
    {
      "id": "CVE-2026-9980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Printing"
    },
    {
      "id": "CVE-2026-9981",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9982",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9983",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Skia"
    },
    {
      "id": "CVE-2026-9984",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9985",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-9986",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in OptimizationGuide"
    },
    {
      "id": "CVE-2026-9987",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9988",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9989",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9990",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9991",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9992",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9993",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9994",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9995",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebXR"
    },
    {
      "id": "CVE-2026-9996",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebRTC"
    },
    {
      "id": "CVE-2026-9997",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9998",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9999",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "145.0.7632.109-1~deb13u3",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-5773",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "curl",
      "installedVersion": "8.18.0-1~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse"
    },
    {
      "id": "CVE-2026-6276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "curl",
      "installedVersion": "8.18.0-1~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "dirmngr",
      "installedVersion": "2.4.7-21+deb13u1+b1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gnupg",
      "installedVersion": "2.4.7-21+deb13u1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gnupg-l10n",
      "installedVersion": "2.4.7-21+deb13u1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpg",
      "installedVersion": "2.4.7-21+deb13u1+b1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpg-agent",
      "installedVersion": "2.4.7-21+deb13u1+b1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpgconf",
      "installedVersion": "2.4.7-21+deb13u1+b1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpgsm",
      "installedVersion": "2.4.7-21+deb13u1+b1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-4878",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcap2",
      "installedVersion": "1:2.75-10+b3",
      "fixedVersion": "1:2.75-10+deb13u1",
      "title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
    },
    {
      "id": "CVE-2026-4878",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcap2-bin",
      "installedVersion": "1:2.75-10+b3",
      "fixedVersion": "1:2.75-10+deb13u1",
      "title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
    },
    {
      "id": "CVE-2026-34980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcups2t64",
      "installedVersion": "2.4.10-3+deb13u2",
      "fixedVersion": "",
      "title": "cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network"
    },
    {
      "id": "CVE-2026-5773",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl3t64-gnutls",
      "installedVersion": "8.18.0-1~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse"
    },
    {
      "id": "CVE-2026-6276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl3t64-gnutls",
      "installedVersion": "8.18.0-1~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers"
    },
    {
      "id": "CVE-2026-5773",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl4t64",
      "installedVersion": "8.18.0-1~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse"
    },
    {
      "id": "CVE-2026-6276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl4t64",
      "installedVersion": "8.18.0-1~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers"
    },
    {
      "id": "CVE-2025-59375",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libexpat1",
      "installedVersion": "2.7.1-2",
      "fixedVersion": "",
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "id": "CVE-2026-25210",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libexpat1",
      "installedVersion": "2.7.1-2",
      "fixedVersion": "",
      "title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation"
    },
    {
      "id": "CVE-2026-45186",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libexpat1",
      "installedVersion": "2.7.1-2",
      "fixedVersion": "",
      "title": "libexpat: denial of service via crafted XML input"
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgbm1",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2026-5201",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgdk-pixbuf-2.0-0",
      "installedVersion": "2.42.12+dfsg-4",
      "fixedVersion": "2.42.12+dfsg-4+deb13u1",
      "title": "gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image"
    },
    {
      "id": "CVE-2026-5201",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgdk-pixbuf2.0-common",
      "installedVersion": "2.42.12+dfsg-4",
      "fixedVersion": "2.42.12+dfsg-4+deb13u1",
      "title": "gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image"
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgl1-mesa-dri",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libglx-mesa0",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2026-33845",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgnutls30t64",
      "installedVersion": "3.8.9-3+deb13u2",
      "fixedVersion": "3.8.9-3+deb13u4",
      "title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
    },
    {
      "id": "CVE-2026-42010",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgnutls30t64",
      "installedVersion": "3.8.9-3+deb13u2",
      "fixedVersion": "3.8.9-3+deb13u4",
      "title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
    },
    {
      "id": "CVE-2026-33846",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgnutls30t64",
      "installedVersion": "3.8.9-3+deb13u2",
      "fixedVersion": "3.8.9-3+deb13u4",
      "title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
    },
    {
      "id": "CVE-2026-3833",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgnutls30t64",
      "installedVersion": "3.8.9-3+deb13u2",
      "fixedVersion": "3.8.9-3+deb13u4",
      "title": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison"
    },
    {
      "id": "CVE-2026-42009",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgnutls30t64",
      "installedVersion": "3.8.9-3+deb13u2",
      "fixedVersion": "3.8.9-3+deb13u4",
      "title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
    },
    {
      "id": "CVE-2026-2921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgstreamer-plugins-base1.0-0",
      "installedVersion": "1.26.2-1",
      "fixedVersion": "1.26.2-1+deb13u1",
      "title": "GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling"
    },
    {
      "id": "CVE-2026-41254",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "liblcms2-2",
      "installedVersion": "2.16-2",
      "fixedVersion": "2.16-2+deb13u2",
      "title": "Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize"
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libncursesw6",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2026-27135",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libnghttp2-14",
      "installedVersion": "1.64.0-1.1",
      "fixedVersion": "1.64.0-1.1+deb13u1",
      "title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
    },
    {
      "id": "CVE-2026-2781",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libnss3",
      "installedVersion": "2:3.110-1",
      "fixedVersion": "2:3.110-1+deb13u1",
      "title": "firefox: thunderbird: Integer overflow in the Libraries component in NSS"
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-10118",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpoppler147",
      "installedVersion": "25.03.0-5+deb13u2",
      "fixedVersion": "",
      "title": "poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2025-13836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u1",
      "title": "cpython: Excessive read buffering DoS in http.client"
    },
    {
      "id": "CVE-2026-3644",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Incomplete control character validation in http.cookies"
    },
    {
      "id": "CVE-2026-4224",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
    },
    {
      "id": "CVE-2026-6100",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2025-13836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u1",
      "title": "cpython: Excessive read buffering DoS in http.client"
    },
    {
      "id": "CVE-2026-3644",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Incomplete control character validation in http.cookies"
    },
    {
      "id": "CVE-2026-4224",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
    },
    {
      "id": "CVE-2026-6100",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-stdlib",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2025-13836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-stdlib",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u1",
      "title": "cpython: Excessive read buffering DoS in http.client"
    },
    {
      "id": "CVE-2026-3644",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-stdlib",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Incomplete control character validation in http.cookies"
    },
    {
      "id": "CVE-2026-4224",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-stdlib",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
    },
    {
      "id": "CVE-2026-6100",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-stdlib",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    },
    {
      "id": "CVE-2026-37555",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libsndfile1",
      "installedVersion": "1.2.2-2+b1",
      "fixedVersion": "",
      "title": "libsndfile: integer overflow in ima_reader_init()"
    },
    {
      "id": "CVE-2026-7598",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssh2-1t64",
      "installedVersion": "1.11.1-1",
      "fixedVersion": "",
      "title": "libssh2: integer overflow via large username or password arguments"
    },
    {
      "id": "CVE-2026-31789",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3t64",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing"
    },
    {
      "id": "CVE-2026-28387",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3t64",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication"
    },
    {
      "id": "CVE-2026-28388",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3t64",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing"
    },
    {
      "id": "CVE-2026-28389",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3t64",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing"
    },
    {
      "id": "CVE-2026-28390",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3t64",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
    },
    {
      "id": "CVE-2026-4775",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libtiff6",
      "installedVersion": "4.7.0-3+deb13u1",
      "fixedVersion": "4.7.0-3+deb13u2",
      "title": "libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing"
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libtinfo6",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2006-10003",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libxml-parser-perl",
      "installedVersion": "2.47-1+b3",
      "fixedVersion": "2.47-2~deb13u1",
      "title": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files"
    },
    {
      "id": "CVE-2026-6732",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libxml2",
      "installedVersion": "2.12.7+dfsg+really2.9.14-2.1+deb13u2",
      "fixedVersion": "",
      "title": "libxml2: libxml2: Denial of Service via crafted XSD-validated document"
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "mesa-libgallium",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "ncurses-base",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "ncurses-bin",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2026-31789",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing"
    },
    {
      "id": "CVE-2026-28387",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication"
    },
    {
      "id": "CVE-2026-28388",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing"
    },
    {
      "id": "CVE-2026-28389",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing"
    },
    {
      "id": "CVE-2026-28390",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
    },
    {
      "id": "CVE-2026-31789",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl-provider-legacy",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing"
    },
    {
      "id": "CVE-2026-28387",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl-provider-legacy",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication"
    },
    {
      "id": "CVE-2026-28388",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl-provider-legacy",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing"
    },
    {
      "id": "CVE-2026-28389",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl-provider-legacy",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing"
    },
    {
      "id": "CVE-2026-28390",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "openssl-provider-legacy",
      "installedVersion": "3.5.4-1~deb13u2",
      "fixedVersion": "3.5.5-1~deb13u2",
      "title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-23949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3-jaraco.context",
      "installedVersion": "6.0.1-1",
      "fixedVersion": "6.0.1-1+deb13u1",
      "title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives"
    },
    {
      "id": "CVE-2026-23949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3-pkg-resources",
      "installedVersion": "78.1.1-0.1",
      "fixedVersion": "",
      "title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives"
    },
    {
      "id": "CVE-2026-23949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3-setuptools",
      "installedVersion": "78.1.1-0.1",
      "fixedVersion": "",
      "title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2025-13836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u1",
      "title": "cpython: Excessive read buffering DoS in http.client"
    },
    {
      "id": "CVE-2026-3644",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Incomplete control character validation in http.cookies"
    },
    {
      "id": "CVE-2026-4224",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
    },
    {
      "id": "CVE-2026-6100",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2025-13836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u1",
      "title": "cpython: Excessive read buffering DoS in http.client"
    },
    {
      "id": "CVE-2026-3644",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Incomplete control character validation in http.cookies"
    },
    {
      "id": "CVE-2026-4224",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
    },
    {
      "id": "CVE-2026-6100",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13-minimal",
      "installedVersion": "3.13.5-2",
      "fixedVersion": "3.13.5-2+deb13u2",
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    },
    {
      "id": "CVE-2022-4055",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "registry.payment-gateway.app/gotenberg:8.27.0@sha256:d71ab8c13b6bd47c7bc81195082005dfb17eaa75e8b1fadd347a64ee66ed98d5 (debian 13.3)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "xdg-utils",
      "installedVersion": "1.2.1-2",
      "fixedVersion": "",
      "title": "xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments"
    },
    {
      "id": "CVE-2026-40890",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/gomarkdown/markdown",
      "installedVersion": "v0.0.0-20260217112301-37c66b85d6ab",
      "fixedVersion": "0.0.0-20260411013819-759bbc3e3207",
      "title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-27137",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.26.1",
      "title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33810",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-27137",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.26.1",
      "title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33810",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl-utils",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2025-6965",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "sqlite-libs",
      "installedVersion": "3.41.2-r3",
      "fixedVersion": "3.41.2-r4",
      "title": "sqlite: Integer Truncation in SQLite"
    },
    {
      "id": "CVE-2025-31115",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "xz-libs",
      "installedVersion": "5.4.3-r0",
      "fixedVersion": "5.4.3-r1",
      "title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder"
    },
    {
      "id": "CVE-2026-32597",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "PyJWT",
      "installedVersion": "2.10.1",
      "fixedVersion": "2.12.0",
      "title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)"
    },
    {
      "id": "CVE-2026-21226",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "azure-core",
      "installedVersion": "1.32.0",
      "fixedVersion": "1.38.0",
      "title": "Azure Core is vulnerable to deserialization of untrusted data"
    },
    {
      "id": "CVE-2026-26007",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cryptography",
      "installedVersion": "43.0.1",
      "fixedVersion": "46.0.5",
      "title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    },
    {
      "id": "CVE-2026-26007",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cryptography",
      "installedVersion": "44.0.0",
      "fixedVersion": "46.0.5",
      "title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    },
    {
      "id": "CVE-2026-27459",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyOpenSSL",
      "installedVersion": "24.2.1",
      "fixedVersion": "26.0.0",
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    },
    {
      "id": "CVE-2026-27459",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyOpenSSL",
      "installedVersion": "25.0.0",
      "fixedVersion": "26.0.0",
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    },
    {
      "id": "CVE-2026-23490",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyasn1",
      "installedVersion": "0.6.1",
      "fixedVersion": "0.6.2",
      "title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID"
    },
    {
      "id": "CVE-2026-30922",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyasn1",
      "installedVersion": "0.6.1",
      "fixedVersion": "0.6.3",
      "title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
    },
    {
      "id": "CVE-2022-40897",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "65.5.1",
      "title": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
    },
    {
      "id": "CVE-2022-40897",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "65.5.1",
      "title": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
    },
    {
      "id": "CVE-2024-6345",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "70.0.0",
      "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
    },
    {
      "id": "CVE-2024-6345",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "70.0.0",
      "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
    },
    {
      "id": "CVE-2025-47273",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "78.1.1",
      "title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
    },
    {
      "id": "CVE-2025-47273",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "78.1.1",
      "title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
    },
    {
      "id": "CVE-2025-47273",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "70.3.0",
      "fixedVersion": "78.1.1",
      "title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
    },
    {
      "id": "CVE-2025-66418",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.6.0",
      "title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
    },
    {
      "id": "CVE-2025-66471",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.6.0",
      "title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
    },
    {
      "id": "CVE-2026-21441",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.6.3",
      "title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
    },
    {
      "id": "CVE-2026-44431",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.7.0",
      "title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
    },
    {
      "id": "CVE-2026-24049",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "wheel",
      "installedVersion": "0.44.0",
      "fixedVersion": "0.46.2",
      "title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
    },
    {
      "id": "CVE-2026-24049",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "wheel",
      "installedVersion": "0.45.1",
      "fixedVersion": "0.46.2",
      "title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2024-34156",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.22.7, 1.23.1",
      "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v4",
      "installedVersion": "v4.5.1",
      "fixedVersion": "4.5.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2026-42151",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/prometheus/prometheus",
      "installedVersion": "v0.301.0",
      "fixedVersion": "0.311.3",
      "title": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API"
    },
    {
      "id": "CVE-2026-42154",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/prometheus/prometheus",
      "installedVersion": "v0.301.0",
      "fixedVersion": "0.311.3",
      "title": "github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2026-33186",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "google.golang.org/grpc",
      "installedVersion": "v1.69.4",
      "fixedVersion": "1.79.3",
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-44973",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/go-git/go-billy/v5",
      "installedVersion": "v5.6.0",
      "fixedVersion": "5.9.0",
      "title": "Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v4",
      "installedVersion": "v4.5.1",
      "fixedVersion": "4.5.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.31.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-22868",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/oauth2",
      "installedVersion": "v0.24.0",
      "fixedVersion": "0.27.0",
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "id": "CVE-2026-33186",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "google.golang.org/grpc",
      "installedVersion": "v1.67.1",
      "fixedVersion": "1.79.3",
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.31.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2024-34156",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.22.7, 1.23.1",
      "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2024-6119",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcrypto3",
      "installedVersion": "3.1.4-r5",
      "fixedVersion": "3.1.7-r0",
      "title": "openssl: Possible denial of service in X.509 name checks"
    },
    {
      "id": "CVE-2024-6119",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3",
      "installedVersion": "3.1.4-r5",
      "fixedVersion": "3.1.7-r0",
      "title": "openssl: Possible denial of service in X.509 name checks"
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl-utils",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2023-45133",
      "severity": "CRITICAL",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "@babel/traverse",
      "installedVersion": "7.19.6",
      "fixedVersion": "7.23.2, 8.0.0-alpha.4",
      "title": "babel: arbitrary code execution"
    },
    {
      "id": "CVE-2024-47178",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "basic-auth-connect",
      "installedVersion": "1.0.0",
      "fixedVersion": "1.1.0",
      "title": "basic-auth-connect: timing-unsafe equality comparison can leak timing information"
    },
    {
      "id": "CVE-2024-45590",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "body-parser",
      "installedVersion": "1.20.1",
      "fixedVersion": "1.20.3",
      "title": "body-parser: Denial of Service Vulnerability in body-parser"
    },
    {
      "id": "CVE-2024-21538",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cross-spawn",
      "installedVersion": "7.0.3",
      "fixedVersion": "7.0.5, 6.0.6",
      "title": "cross-spawn: regular expression denial of service"
    },
    {
      "id": "CVE-2024-21538",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cross-spawn",
      "installedVersion": "7.0.3",
      "fixedVersion": "7.0.5, 6.0.6",
      "title": "cross-spawn: regular expression denial of service"
    },
    {
      "id": "CVE-2026-33036",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "fast-xml-parser",
      "installedVersion": "4.0.11",
      "fixedVersion": "5.5.6, 4.5.5",
      "title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass"
    },
    {
      "id": "CVE-2025-64756",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "glob",
      "installedVersion": "10.3.12",
      "fixedVersion": "11.1.0, 10.5.0",
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "id": "CVE-2024-29415",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "ip",
      "installedVersion": "2.0.0",
      "fixedVersion": "",
      "title": "node-ip: Incomplete fix for CVE-2023-42282"
    },
    {
      "id": "CVE-2022-46175",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "json5",
      "installedVersion": "2.2.1",
      "fixedVersion": "2.2.2, 1.0.2",
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    },
    {
      "id": "CVE-2026-4800",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "lodash",
      "installedVersion": "4.17.21",
      "fixedVersion": "4.18.0",
      "title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
    },
    {
      "id": "CVE-2026-4800",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "lodash-es",
      "installedVersion": "4.17.21",
      "fixedVersion": "4.18.0",
      "title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
    },
    {
      "id": "CVE-2026-26996",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "3.1.2",
      "fixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
    },
    {
      "id": "CVE-2026-27903",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "3.1.2",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns"
    },
    {
      "id": "CVE-2026-27904",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "3.1.2",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4",
      "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
    },
    {
      "id": "CVE-2026-26996",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "9.0.4",
      "fixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
    },
    {
      "id": "CVE-2026-27903",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "9.0.4",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns"
    },
    {
      "id": "CVE-2026-27904",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "9.0.4",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4",
      "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
    },
    {
      "id": "CVE-2024-45296",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "path-to-regexp",
      "installedVersion": "0.1.7",
      "fixedVersion": "1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0",
      "title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
    },
    {
      "id": "CVE-2024-52798",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "path-to-regexp",
      "installedVersion": "0.1.7",
      "fixedVersion": "0.1.12",
      "title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
    },
    {
      "id": "CVE-2026-4867",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "path-to-regexp",
      "installedVersion": "0.1.7",
      "fixedVersion": "0.1.13",
      "title": "path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters"
    },
    {
      "id": "CVE-2022-25883",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "semver",
      "installedVersion": "6.3.0",
      "fixedVersion": "7.5.2, 6.3.1, 5.7.2",
      "title": "nodejs-semver: Regular expression denial of service"
    },
    {
      "id": "CVE-2026-23745",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.3",
      "title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
    },
    {
      "id": "CVE-2026-23950",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.4",
      "title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
    },
    {
      "id": "CVE-2026-24842",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.7",
      "title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
    },
    {
      "id": "CVE-2026-26960",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.8",
      "title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
    },
    {
      "id": "CVE-2026-29786",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.10",
      "title": "node-tar: hardlink path traversal via drive-relative linkpath"
    },
    {
      "id": "CVE-2026-31802",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.11",
      "title": "tar: tar: File overwrite via drive-relative symlink traversal"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-22874",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.4",
      "title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.0",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39826",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "If a trusted template author were to write a <script> tag containing a ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    }
  ],
  "invalidWaivers": [],
  "expiredWaivers": []
}
